rack 1.2.8 → 1.3.0.beta

data/lib/rack/server.rb

@@ -47,6 +47,12 @@ module Rack
           opts.on("-p", "--port PORT", "use PORT (default: 9292)") { |port|
             options[:Port] = port
           }
+          
+          opts.on("-O", "--option NAME[=VALUE]", "pass VALUE to the server as option NAME. If no VALUE, sets it to true. Run '#{$0} -s SERVER -h' to get a list of options for SERVER") { |name|
+            name, value = name.split('=', 2)
+            value = true if value.nil?
+            options[name.to_sym] = value              
+          }
 
           opts.on("-E", "--env ENVIRONMENT", "use ENVIRONMENT for defaults (default: development)") { |e|
             options[:environment] = e
@@ -57,26 +63,57 @@ module Rack
           }
 
           opts.on("-P", "--pid FILE", "file to store PID (default: rack.pid)") { |f|
-            options[:pid] = f
+            options[:pid] = ::File.expand_path(f)
           }
 
           opts.separator ""
           opts.separator "Common options:"
 
-          opts.on_tail("-h", "--help", "Show this message") do
+          opts.on_tail("-h", "-?", "--help", "Show this message") do
             puts opts
+            puts handler_opts(options)
+            
             exit
           end
 
           opts.on_tail("--version", "Show version") do
-            puts "Rack #{Rack.version}"
+            puts "Rack #{Rack.version} (Release: #{Rack.release})"
             exit
           end
         end
-        opt_parser.parse! args
+
+        begin
+          opt_parser.parse! args
+        rescue OptionParser::InvalidOption => e
+          warn e.message
+          abort opt_parser.to_s
+        end
+
         options[:config] = args.last if args.last
         options
       end
+      
+      def handler_opts(options)
+        begin
+          info = []
+          server = Rack::Handler.get(options[:server]) || Rack::Handler.default(options)
+          if server && server.respond_to?(:valid_options)
+            info << ""
+            info << "Server-specific options for #{server.name}:"
+          
+            has_options = false
+            server.valid_options.each do |name, description|
+              next if name.to_s.match(/^(Host|Port)[^a-zA-Z]/) # ignore handler's host and port options, we do our own.
+              info << "  -O %-21s %s" % [name, description]
+              has_options = true
+            end
+            return "" if !has_options
+          end
+          info.join("\n")
+        rescue NameError
+          return "Warning: Could not find handler specified (#{options[:server] || 'default'}) to determine handler-specific options"
+        end
+      end
     end
 
     # Start a new rack server (like running rackup). This will parse ARGV and
@@ -136,6 +173,7 @@ module Rack
     #     require the given libraries
     def initialize(options = nil)
       @options = options
+      @app = options[:app] if options && options[:app]
     end
 
     def options
@@ -144,7 +182,7 @@ module Rack
 
     def default_options
       {
-        :environment => "development",
+        :environment => ENV['RACK_ENV'] || "development",
         :pid         => nil,
         :Port        => 9292,
         :Host        => "0.0.0.0",
@@ -165,10 +203,20 @@ module Rack
       end
     end
 
+    def self.logging_middleware
+      lambda { |server|
+        server.server.name =~ /CGI/ ? nil : [Rack::CommonLogger, $stderr]
+      }
+    end
+
     def self.middleware
       @middleware ||= begin
         m = Hash.new {|h,k| h[k] = []}
-        m["deployment"].concat  [lambda {|server| server.server.name =~ /CGI/ ? nil : [Rack::CommonLogger, $stderr] }]
+        m["deployment"].concat [
+          [Rack::ContentLength],
+          [Rack::Chunked],
+          logging_middleware
+        ]
         m["development"].concat m["deployment"] + [[Rack::ShowExceptions], [Rack::Lint]]
         m
       end
@@ -229,7 +277,7 @@ module Rack
         # http://hoohoo.ncsa.uiuc.edu/cgi/cl.html
         args.clear if ENV.include?("REQUEST_METHOD")
 
-        options.merge! opt_parser.parse! args
+        options.merge! opt_parser.parse!(args)
         options[:config] = ::File.expand_path(options[:config])
         ENV["RACK_ENV"] = options[:environment]
         options
@@ -259,7 +307,6 @@ module Rack
           Process.setsid
           exit if fork
           Dir.chdir "/"
-          ::File.umask 0000
           STDIN.reopen "/dev/null"
           STDOUT.reopen "/dev/null", "a"
           STDERR.reopen "/dev/null", "a"

data/lib/rack/session/abstract/id.rb

@@ -4,12 +4,135 @@
 require 'time'
 require 'rack/request'
 require 'rack/response'
+begin
+  require 'securerandom'
+rescue LoadError
+  # We just won't get securerandom
+end
 
 module Rack
 
   module Session
 
     module Abstract
+      ENV_SESSION_KEY = 'rack.session'.freeze
+      ENV_SESSION_OPTIONS_KEY = 'rack.session.options'.freeze
+
+      # Thin wrapper around Hash that allows us to lazily load session id into session_options.
+
+      class OptionsHash < Hash #:nodoc:
+        def initialize(by, env, default_options)
+          @by = by
+          @env = env
+          @session_id_loaded = false
+          merge!(default_options)
+        end
+
+        def [](key)
+          load_session_id! if key == :id && session_id_not_loaded?
+          super
+        end
+
+      private
+
+        def session_id_not_loaded?
+          !key?(:id) && !@session_id_loaded
+        end
+
+        def load_session_id!
+          self[:id] = @by.send(:extract_session_id, @env)
+          @session_id_loaded = true
+        end
+      end
+
+      # SessionHash is responsible to lazily load the session from store.
+
+      class SessionHash < Hash
+        def initialize(by, env)
+          super()
+          @by = by
+          @env = env
+          @loaded = false
+        end
+
+        def [](key)
+          load_for_read!
+          super(key.to_s)
+        end
+
+        def has_key?(key)
+          load_for_read!
+          super(key.to_s)
+        end
+        alias :key? :has_key?
+        alias :include? :has_key?
+
+        def []=(key, value)
+          load_for_write!
+          super(key.to_s, value)
+        end
+
+        def clear
+          load_for_write!
+          super
+        end
+
+        def to_hash
+          load_for_read!
+          h = {}.replace(self)
+          h.delete_if { |k,v| v.nil? }
+          h
+        end
+
+        def update(hash)
+          load_for_write!
+          super(stringify_keys(hash))
+        end
+
+        def delete(key)
+          load_for_write!
+          super(key.to_s)
+        end
+
+        def inspect
+          load_for_read!
+          super
+        end
+
+        def exists?
+          return @exists if instance_variable_defined?(:@exists)
+          @exists = @by.send(:session_exists?, @env)
+        end
+
+        def loaded?
+          @loaded
+        end
+
+      private
+
+        def load_for_read!
+          load! if !loaded? && exists?
+        end
+
+        def load_for_write!
+          load! unless loaded?
+        end
+
+        def load!
+          id, session = @by.send(:load_session, @env)
+          @env[ENV_SESSION_OPTIONS_KEY][:id] = id
+          replace(stringify_keys(session))
+          @loaded = true
+        end
+
+        def stringify_keys(other)
+          hash = {}
+          other.each do |key, value|
+            hash[key.to_s] = value
+          end
+          hash
+        end
+      end
 
       # ID sets up a basic framework for implementing an id based sessioning
       # service. Cookies sent to the client for maintaining sessions will only
@@ -34,9 +157,13 @@ module Rack
       # recommended to change its value.
       #
       # Is Rack::Utils::Context compatible.
+      #
+      # Not included by default; you must require 'rack/session/abstract/id'
+      # to use.
 
       class ID
         DEFAULT_OPTIONS = {
+          :key =>           'rack.session',
           :path =>          '/',
           :domain =>        nil,
           :expire_after =>  nil,
@@ -44,14 +171,19 @@ module Rack
           :httponly =>      true,
           :defer =>         false,
           :renew =>         false,
-          :sidbits =>       128
+          :sidbits =>       128,
+          :cookie_only =>   true,
+          :secure_random => begin ::SecureRandom rescue false end
         }
 
         attr_reader :key, :default_options
+
         def initialize(app, options={})
           @app = app
-          @key = options[:key] || "rack.session"
           @default_options = self.class::DEFAULT_OPTIONS.merge(options)
+          @key = options[:key] || "rack.session"
+          @cookie_only = @default_options.delete(:cookie_only)
+          initialize_sid
         end
 
         def call(env)
@@ -59,40 +191,91 @@ module Rack
         end
 
         def context(env, app=@app)
-          load_session(env)
+          prepare_session(env)
           status, headers, body = app.call(env)
           commit_session(env, status, headers, body)
         end
 
         private
 
+        def initialize_sid
+          sidbits = @default_options.delete(:sidbits)
+          @sid_secure = @default_options.delete(:secure_random)
+          @sid_template = "%0#{sidbits / 4}x"
+          @sid_rand_width = (2**sidbits - 1)
+        end
+
         # Generate a new session id using Ruby #rand.  The size of the
         # session id is controlled by the :sidbits option.
         # Monkey patch this to use custom methods for session id generation.
 
         def generate_sid
-          "%0#{@default_options[:sidbits] / 4}x" %
-            rand(2**@default_options[:sidbits] - 1)
+          r = if @sid_secure
+            SecureRandom.random_number(@sid_rand_width)
+          else
+            Kernel.rand(@sid_rand_width)
+          end
+          @sid_template % r
+        end
+
+        # Sets the lazy session at 'rack.session' and places options and session
+        # metadata into 'rack.session.options'.
+
+        def prepare_session(env)
+          env[ENV_SESSION_KEY] = SessionHash.new(self, env)
+          env[ENV_SESSION_OPTIONS_KEY] = OptionsHash.new(self, env, @default_options)
         end
 
         # Extracts the session id from provided cookies and passes it and the
-        # environment to #get_session. It then sets the resulting session into
-        # 'rack.session', and places options and session metadata into
-        # 'rack.session.options'.
+        # environment to #get_session.
 
         def load_session(env)
+          sid = current_session_id(env)
+          sid, session = get_session(env, sid)
+          [sid, session || {}]
+        end
+
+        # Extract session id from request object.
+
+        def extract_session_id(env)
           request = Rack::Request.new(env)
-          session_id = request.cookies[@key]
+          sid = request.cookies[@key]
+          sid ||= request.params[@key] unless @cookie_only
+          sid
+        end
 
-          begin
-            session_id, session = get_session(env, session_id)
-            env['rack.session'] = session
-          rescue
-            env['rack.session'] = Hash.new
-          end
+        # Returns the current session id from the OptionsHash.
+
+        def current_session_id(env)
+          env[ENV_SESSION_OPTIONS_KEY][:id]
+        end
+
+        # Check if the session exists or not.
+
+        def session_exists?(env)
+          value = current_session_id(env)
+          value && !value.empty?
+        end
+
+        # Session should be commited if it was loaded, any of specific options like :renew, :drop
+        # or :expire_after was given and the security permissions match.
+
+        def commit_session?(env, session, options)
+          (loaded_session?(session) || force_options?(options)) && secure_session?(env, options)
+        end
+
+        def loaded_session?(session)
+          !session.is_a?(SessionHash) || session.loaded?
+        end
 
-          env['rack.session.options'] = @default_options.
-            merge(:id => session_id)
+        def force_options?(options)
+          options.values_at(:renew, :drop, :defer, :expire_after).any?
+        end
+
+        def secure_session?(env, options)
+          return true unless options[:secure]
+          request = Rack::Request.new(env)
+          request.ssl?
         end
 
         # Acquires the session from the environment and the session id from
@@ -103,22 +286,42 @@ module Rack
         def commit_session(env, status, headers, body)
           session = env['rack.session']
           options = env['rack.session.options']
-          session_id = options[:id]
 
-          if not session_id = set_session(env, session_id, session, options)
+          if options[:drop] || options[:renew]
+            session_id = destroy_session(env, options[:id] || generate_sid, options)
+            return [status, headers, body] unless session_id
+          end
+
+          return [status, headers, body] unless commit_session?(env, session, options)
+
+          session.send(:load!) unless loaded_session?(session)
+          session = session.to_hash
+          session_id ||= options[:id] || generate_sid
+
+          if not data = set_session(env, session_id, session, options)
             env["rack.errors"].puts("Warning! #{self.class.name} failed to save session. Content dropped.")
           elsif options[:defer] and not options[:renew]
             env["rack.errors"].puts("Defering cookie for #{session_id}") if $VERBOSE
           else
             cookie = Hash.new
-            cookie[:value] = session_id
-            cookie[:expires] = Time.now + options[:expire_after] unless options[:expire_after].nil?
-            Utils.set_cookie_header!(headers, @key, cookie.merge(options))
+            cookie[:value] = data
+            cookie[:expires] = Time.now + options[:expire_after] if options[:expire_after]
+            set_cookie(env, headers, cookie.merge!(options))
           end
 
           [status, headers, body]
         end
 
+        # Sets the cookie back to the client with session id. We skip the cookie
+        # setting if the value didn't change (sid is the same) or expires was given.
+
+        def set_cookie(env, headers, cookie)
+          request = Rack::Request.new(env)
+          if request.cookies[@key] != cookie[:value] || cookie[:expires]
+            Utils.set_cookie_header!(headers, @key, cookie)
+          end
+        end
+
         # All thread safety and session retrival proceedures should occur here.
         # Should return [session_id, session].
         # If nil is provided as the session id, generation of a new valid id
@@ -131,9 +334,17 @@ module Rack
         # All thread safety and session storage proceedures should occur here.
         # Should return true or false dependant on whether or not the session
         # was saved or not.
+
         def set_session(env, sid, session, options)
           raise '#set_session not implemented.'
         end
+
+        # All thread safety and session destroy proceedures should occur here.
+        # Should return a new session id or nil if options[:drop]
+
+        def destroy_session(env, sid, options)
+          raise '#destroy_session not implemented'
+        end
       end
     end
   end