rack 1.4.7 → 2.1.4

data/lib/rack/deflater.rb

@@ -1,32 +1,61 @@
+# frozen_string_literal: true
+
 require "zlib"
-require "stringio"
 require "time"  # for Time.httpdate
 require 'rack/utils'
 
+require_relative 'core_ext/regexp'
+
 module Rack
+  # This middleware enables compression of http responses.
+  #
+  # Currently supported compression algorithms:
+  #
+  #   * gzip
+  #   * identity (no transformation)
+  #
+  # The middleware automatically detects when compression is supported
+  # and allowed. For example no transformation is made when a cache
+  # directive of 'no-transform' is present, or when the response status
+  # code is one that doesn't allow an entity body.
   class Deflater
-    def initialize(app)
+    using ::Rack::RegexpExtensions
+
+    ##
+    # Creates Rack::Deflater middleware.
+    #
+    # [app] rack app instance
+    # [options] hash of deflater options, i.e.
+    #           'if' - a lambda enabling / disabling deflation based on returned boolean value
+    #                  e.g use Rack::Deflater, :if => lambda { |*, body| sum=0; body.each { |i| sum += i.length }; sum > 512 }
+    #           'include' - a list of content types that should be compressed
+    #           'sync' - determines if the stream is going to be flushed after every chunk.
+    #                    Flushing after every chunk reduces latency for
+    #                    time-sensitive streaming applications, but hurts
+    #                    compression and throughput. Defaults to `true'.
+    def initialize(app, options = {})
       @app = app
+
+      @condition = options[:if]
+      @compressible_types = options[:include]
+      @sync = options[:sync] == false ? false : true
     end
 
     def call(env)
       status, headers, body = @app.call(env)
       headers = Utils::HeaderHash.new(headers)
 
-      # Skip compressing empty entity body responses and responses with
-      # no-transform set.
-      if Utils::STATUS_WITH_NO_ENTITY_BODY.include?(status) ||
-          headers['Cache-Control'].to_s =~ /\bno-transform\b/
+      unless should_deflate?(env, status, headers, body)
         return [status, headers, body]
       end
 
       request = Request.new(env)
 
-      encoding = Utils.select_best_encoding(%w(gzip deflate identity),
+      encoding = Utils.select_best_encoding(%w(gzip identity),
                                             request.accept_encoding)
 
       # Set the Vary HTTP header.
-      vary = headers["Vary"].to_s.split(",").map { |v| v.strip }
+      vary = headers["Vary"].to_s.split(",").map(&:strip)
       unless vary.include?("*") || vary.include?("Accept-Encoding")
         headers["Vary"] = vary.push("Accept-Encoding").join(",")
       end
@@ -35,38 +64,35 @@ module Rack
       when "gzip"
         headers['Content-Encoding'] = "gzip"
         headers.delete('Content-Length')
-        mtime = headers.key?("Last-Modified") ?
-          Time.httpdate(headers["Last-Modified"]) : Time.now
-        [status, headers, GzipStream.new(body, mtime)]
-      when "deflate"
-        headers['Content-Encoding'] = "deflate"
-        headers.delete('Content-Length')
-        [status, headers, DeflateStream.new(body)]
+        mtime = headers["Last-Modified"]
+        mtime = Time.httpdate(mtime).to_i if mtime
+        [status, headers, GzipStream.new(body, mtime, @sync)]
       when "identity"
         [status, headers, body]
       when nil
-        body.close if body.respond_to?(:close)
         message = "An acceptable encoding for the requested resource #{request.fullpath} could not be found."
-        [406, {"Content-Type" => "text/plain", "Content-Length" => message.length.to_s}, [message]]
+        bp = Rack::BodyProxy.new([message]) { body.close if body.respond_to?(:close) }
+        [406, { 'Content-Type' => "text/plain", 'Content-Length' => message.length.to_s }, bp]
       end
     end
 
     class GzipStream
-      def initialize(body, mtime)
+      def initialize(body, mtime, sync)
+        @sync = sync
         @body = body
         @mtime = mtime
       end
 
       def each(&block)
         @writer = block
-        gzip  =::Zlib::GzipWriter.new(self)
-        gzip.mtime = @mtime
+        gzip = ::Zlib::GzipWriter.new(self)
+        gzip.mtime = @mtime if @mtime
         @body.each { |part|
-          gzip.write(part)
-          gzip.flush
+          len = gzip.write(part)
+          # Flushing empty parts would raise Zlib::BufError.
+          gzip.flush if @sync && len > 0
         }
       ensure
-        @body.close if @body.respond_to?(:close)
         gzip.close
         @writer = nil
       end
@@ -74,30 +100,35 @@ module Rack
       def write(data)
         @writer.call(data)
       end
+
+      def close
+        @body.close if @body.respond_to?(:close)
+        @body = nil
+      end
     end
 
-    class DeflateStream
-      DEFLATE_ARGS = [
-        Zlib::DEFAULT_COMPRESSION,
-        # drop the zlib header which causes both Safari and IE to choke
-        -Zlib::MAX_WBITS,
-        Zlib::DEF_MEM_LEVEL,
-        Zlib::DEFAULT_STRATEGY
-      ]
+    private
 
-      def initialize(body)
-        @body = body
+    def should_deflate?(env, status, headers, body)
+      # Skip compressing empty entity body responses and responses with
+      # no-transform set.
+      if Utils::STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i) ||
+          /\bno-transform\b/.match?(headers['Cache-Control'].to_s) ||
+         (headers['Content-Encoding'] && headers['Content-Encoding'] !~ /\bidentity\b/)
+        return false
       end
 
-      def each
-        deflater = ::Zlib::Deflate.new(*DEFLATE_ARGS)
-        @body.each { |part| yield deflater.deflate(part, Zlib::SYNC_FLUSH) }
-        yield deflater.finish
-        nil
-      ensure
-        @body.close if @body.respond_to?(:close)
-        deflater.close
-      end
+      # Skip if @compressible_types are given and does not include request's content type
+      return false if @compressible_types && !(headers.has_key?('Content-Type') && @compressible_types.include?(headers['Content-Type'][/[^;]*/]))
+
+      # Skip if @condition lambda is given and evaluates to false
+      return false if @condition && !@condition.call(env, status, headers, body)
+
+      # No point in compressing empty body, also handles usage with
+      # Rack::Sendfile.
+      return false if headers[CONTENT_LENGTH] == '0'
+
+      true
     end
   end
 end

data/lib/rack/directory.rb

@@ -1,6 +1,9 @@
+# frozen_string_literal: true
+
 require 'time'
 require 'rack/utils'
 require 'rack/mime'
+require 'rack/files'
 
 module Rack
   # Rack::Directory serves entries below the +root+ given, according to the
@@ -8,7 +11,7 @@ module Rack
   # will be presented in an html based index. If a file is found, the env will
   # be passed to the specified +app+.
   #
-  # If +app+ is not specified, a Rack::File of the same +root+ will be used.
+  # If +app+ is not specified, a Rack::Files of the same +root+ will be used.
 
   class Directory
     DIR_FILE = "<tr><td class='name'><a href='%s'>%s</a></td><td class='size'>%s</td><td class='type'>%s</td><td class='mtime'>%s</td></tr>"
@@ -39,58 +42,83 @@ table { width:100%%; }
 </body></html>
     PAGE
 
-    attr_reader :files
-    attr_accessor :root, :path
+    class DirectoryBody < Struct.new(:root, :path, :files)
+      def each
+        show_path = Rack::Utils.escape_html(path.sub(/^#{root}/, ''))
+        listings = files.map{|f| DIR_FILE % DIR_FILE_escape(*f) } * "\n"
+        page = DIR_PAGE % [ show_path, show_path, listings ]
+        page.each_line{|l| yield l }
+      end
 
-    def initialize(root, app=nil)
-      @root = F.expand_path(root)
-      @app = app || Rack::File.new(@root)
+      private
+      # Assumes url is already escaped.
+      def DIR_FILE_escape url, *html
+        [url, *html.map { |e| Utils.escape_html(e) }]
+      end
     end
 
-    def call(env)
-      dup._call(env)
+    attr_reader :root, :path
+
+    def initialize(root, app = nil)
+      @root = ::File.expand_path(root)
+      @app = app || Rack::Files.new(@root)
+      @head = Rack::Head.new(lambda { |env| get env })
     end
 
-    F = ::File
+    def call(env)
+      # strip body if this is a HEAD call
+      @head.call env
+    end
 
-    def _call(env)
-      @env = env
-      @script_name = env['SCRIPT_NAME']
-      @path_info = Utils.unescape(env['PATH_INFO'])
+    def get(env)
+      script_name = env[SCRIPT_NAME]
+      path_info = Utils.unescape_path(env[PATH_INFO])
 
-      if forbidden = check_forbidden
+      if bad_request = check_bad_request(path_info)
+        bad_request
+      elsif forbidden = check_forbidden(path_info)
         forbidden
       else
-        @path = F.join(@root, @path_info)
-        list_path
+        path = ::File.join(@root, path_info)
+        list_path(env, path, path_info, script_name)
       end
     end
 
-    def check_forbidden
-      return unless @path_info.include? ".."
+    def check_bad_request(path_info)
+      return if Utils.valid_path?(path_info)
+
+      body = "Bad Request\n"
+      size = body.bytesize
+      return [400, { CONTENT_TYPE => "text/plain",
+        CONTENT_LENGTH => size.to_s,
+        "X-Cascade" => "pass" }, [body]]
+    end
+
+    def check_forbidden(path_info)
+      return unless path_info.include? ".."
 
       body = "Forbidden\n"
-      size = Rack::Utils.bytesize(body)
-      return [403, {"Content-Type" => "text/plain",
-        "Content-Length" => size.to_s,
-        "X-Cascade" => "pass"}, [body]]
+      size = body.bytesize
+      return [403, { CONTENT_TYPE => "text/plain",
+        CONTENT_LENGTH => size.to_s,
+        "X-Cascade" => "pass" }, [body]]
     end
 
-    def list_directory
-      @files = [['../','Parent Directory','','','']]
-      glob = F.join(@path, '*')
+    def list_directory(path_info, path, script_name)
+      files = [['../', 'Parent Directory', '', '', '']]
 
-      url_head = (@script_name.split('/') + @path_info.split('/')).map do |part|
-        Rack::Utils.escape part
+      url_head = (script_name.split('/') + path_info.split('/')).map do |part|
+        Rack::Utils.escape_path part
       end
 
-      Dir[glob].sort.each do |node|
+      Dir.entries(path).reject { |e| e.start_with?('.') }.sort.each do |node|
+        node = ::File.join path, node
         stat = stat(node)
-        next  unless stat
-        basename = F.basename(node)
-        ext = F.extname(node)
+        next unless stat
+        basename = ::File.basename(node)
+        ext = ::File.extname(node)
 
-        url = F.join(*url_head + [Rack::Utils.escape(basename)])
+        url = ::File.join(*url_head + [Rack::Utils.escape_path(basename)])
         size = stat.size
         type = stat.directory? ? 'directory' : Mime.mime_type(ext)
         size = stat.directory? ? '-' : filesize_format(size)
@@ -98,47 +126,40 @@ table { width:100%%; }
         url << '/'  if stat.directory?
         basename << '/'  if stat.directory?
 
-        @files << [ url, basename, size, type, mtime ]
+        files << [ url, basename, size, type, mtime ]
       end
 
-      return [ 200, {'Content-Type'=>'text/html; charset=utf-8'}, self ]
+      return [ 200, { CONTENT_TYPE => 'text/html; charset=utf-8' }, DirectoryBody.new(@root, path, files) ]
     end
 
-    def stat(node, max = 10)
-      F.stat(node)
+    def stat(node)
+      ::File.stat(node)
     rescue Errno::ENOENT, Errno::ELOOP
       return nil
     end
 
     # TODO: add correct response if not readable, not sure if 404 is the best
     #       option
-    def list_path
-      @stat = F.stat(@path)
+    def list_path(env, path, path_info, script_name)
+      stat = ::File.stat(path)
 
-      if @stat.readable?
-        return @app.call(@env) if @stat.file?
-        return list_directory if @stat.directory?
+      if stat.readable?
+        return @app.call(env) if stat.file?
+        return list_directory(path_info, path, script_name) if stat.directory?
       else
         raise Errno::ENOENT, 'No such file or directory'
       end
 
     rescue Errno::ENOENT, Errno::ELOOP
-      return entity_not_found
-    end
-
-    def entity_not_found
-      body = "Entity not found: #{@path_info}\n"
-      size = Rack::Utils.bytesize(body)
-      return [404, {"Content-Type" => "text/plain",
-        "Content-Length" => size.to_s,
-        "X-Cascade" => "pass"}, [body]]
+      return entity_not_found(path_info)
     end
 
-    def each
-      show_path = @path.sub(/^#{@root}/,'')
-      files = @files.map{|f| DIR_FILE % f }*"\n"
-      page  = DIR_PAGE % [ show_path, show_path , files ]
-      page.each_line{|l| yield l }
+    def entity_not_found(path_info)
+      body = "Entity not found: #{path_info}\n"
+      size = body.bytesize
+      return [404, { CONTENT_TYPE => "text/plain",
+        CONTENT_LENGTH => size.to_s,
+        "X-Cascade" => "pass" }, [body]]
     end
 
     # Stolen from Ramaze
@@ -155,7 +176,7 @@ table { width:100%%; }
         return format % (int.to_f / size) if int >= size
       end
 
-      int.to_s + 'B'
+      "#{int}B"
     end
   end
 end

data/lib/rack/etag.rb

@@ -1,4 +1,7 @@
-require 'digest/md5'
+# frozen_string_literal: true
+
+require 'rack'
+require 'digest/sha2'
 
 module Rack
   # Automatically sets the ETag header on all String bodies.
@@ -11,7 +14,8 @@ module Rack
   # used when Etag is absent and a directive when it is present. The first
   # defaults to nil, while the second defaults to "max-age=0, private, must-revalidate"
   class ETag
-    DEFAULT_CACHE_CONTROL = "max-age=0, private, must-revalidate".freeze
+    ETAG_STRING = Rack::ETAG
+    DEFAULT_CACHE_CONTROL = "max-age=0, private, must-revalidate"
 
     def initialize(app, no_cache_control = nil, cache_control = DEFAULT_CACHE_CONTROL)
       @app = app
@@ -23,15 +27,19 @@ module Rack
       status, headers, body = @app.call(env)
 
       if etag_status?(status) && etag_body?(body) && !skip_caching?(headers)
-        digest, body = digest_body(body)
-        headers['ETag'] = %("#{digest}") if digest
+        original_body = body
+        digest, new_body = digest_body(body)
+        body = Rack::BodyProxy.new(new_body) do
+          original_body.close if original_body.respond_to?(:close)
+        end
+        headers[ETAG_STRING] = %(W/"#{digest}") if digest
       end
 
-      unless headers['Cache-Control']
+      unless headers[CACHE_CONTROL]
         if digest
-          headers['Cache-Control'] = @cache_control if @cache_control
+          headers[CACHE_CONTROL] = @cache_control if @cache_control
         else
-          headers['Cache-Control'] = @no_cache_control if @no_cache_control
+          headers[CACHE_CONTROL] = @no_cache_control if @no_cache_control
         end
       end
 
@@ -49,16 +57,20 @@ module Rack
       end
 
       def skip_caching?(headers)
-        (headers['Cache-Control'] && headers['Cache-Control'].include?('no-cache')) ||
-          headers.key?('ETag') || headers.key?('Last-Modified')
+        (headers[CACHE_CONTROL] && headers[CACHE_CONTROL].include?('no-cache')) ||
+          headers.key?(ETAG_STRING) || headers.key?('Last-Modified')
       end
 
       def digest_body(body)
         parts = []
-        body.each { |part| parts << part }
-        string_body = parts.join
-        digest = Digest::MD5.hexdigest(string_body) unless string_body.empty?
-        [digest, parts]
+        digest = nil
+
+        body.each do |part|
+          parts << part
+          (digest ||= Digest::SHA256.new) << part unless part.empty?
+        end
+
+        [digest && digest.hexdigest.byteslice(0, 32), parts]
       end
   end
 end

data/lib/rack/events.rb

@@ -0,0 +1,156 @@
+# frozen_string_literal: true
+
+require 'rack/response'
+require 'rack/body_proxy'
+
+module Rack
+  ### This middleware provides hooks to certain places in the request /
+  # response lifecycle.  This is so that middleware that don't need to filter
+  # the response data can safely leave it alone and not have to send messages
+  # down the traditional "rack stack".
+  #
+  # The events are:
+  #
+  # * on_start(request, response)
+  #
+  #   This event is sent at the start of the request, before the next
+  #   middleware in the chain is called.  This method is called with a request
+  #   object, and a response object.  Right now, the response object is always
+  #   nil, but in the future it may actually be a real response object.
+  #
+  # * on_commit(request, response)
+  #
+  #   The response has been committed.  The application has returned, but the
+  #   response has not been sent to the webserver yet.  This method is always
+  #   called with a request object and the response object.  The response
+  #   object is constructed from the rack triple that the application returned.
+  #   Changes may still be made to the response object at this point.
+  #
+  # * on_send(request, response)
+  #
+  #   The webserver has started iterating over the response body and presumably
+  #   has started sending data over the wire. This method is always called with
+  #   a request object and the response object.  The response object is
+  #   constructed from the rack triple that the application returned.  Changes
+  #   SHOULD NOT be made to the response object as the webserver has already
+  #   started sending data.  Any mutations will likely result in an exception.
+  #
+  # * on_finish(request, response)
+  #
+  #   The webserver has closed the response, and all data has been written to
+  #   the response socket.  The request and response object should both be
+  #   read-only at this point.  The body MAY NOT be available on the response
+  #   object as it may have been flushed to the socket.
+  #
+  # * on_error(request, response, error)
+  #
+  #   An exception has occurred in the application or an `on_commit` event.
+  #   This method will get the request, the response (if available) and the
+  #   exception that was raised.
+  #
+  # ## Order
+  #
+  # `on_start` is called on the handlers in the order that they were passed to
+  # the constructor.  `on_commit`, on_send`, `on_finish`, and `on_error` are
+  # called in the reverse order.  `on_finish` handlers are called inside an
+  # `ensure` block, so they are guaranteed to be called even if something
+  # raises an exception.  If something raises an exception in a `on_finish`
+  # method, then nothing is guaranteed.
+
+  class Events
+    module Abstract
+      def on_start req, res
+      end
+
+      def on_commit req, res
+      end
+
+      def on_send req, res
+      end
+
+      def on_finish req, res
+      end
+
+      def on_error req, res, e
+      end
+    end
+
+    class EventedBodyProxy < Rack::BodyProxy # :nodoc:
+      attr_reader :request, :response
+
+      def initialize body, request, response, handlers, &block
+        super(body, &block)
+        @request  = request
+        @response = response
+        @handlers = handlers
+      end
+
+      def each
+        @handlers.reverse_each { |handler| handler.on_send request, response }
+        super
+      end
+    end
+
+    class BufferedResponse < Rack::Response::Raw # :nodoc:
+      attr_reader :body
+
+      def initialize status, headers, body
+        super(status, headers)
+        @body = body
+      end
+
+      def to_a; [status, headers, body]; end
+    end
+
+    def initialize app, handlers
+      @app      = app
+      @handlers = handlers
+    end
+
+    def call env
+      request = make_request env
+      on_start request, nil
+
+      begin
+        status, headers, body = @app.call request.env
+        response = make_response status, headers, body
+        on_commit request, response
+      rescue StandardError => e
+        on_error request, response, e
+        on_finish request, response
+        raise
+      end
+
+      body = EventedBodyProxy.new(body, request, response, @handlers) do
+        on_finish request, response
+      end
+      [response.status, response.headers, body]
+    end
+
+    private
+
+    def on_error request, response, e
+      @handlers.reverse_each { |handler| handler.on_error request, response, e }
+    end
+
+    def on_commit request, response
+      @handlers.reverse_each { |handler| handler.on_commit request, response }
+    end
+
+    def on_start request, response
+      @handlers.each { |handler| handler.on_start request, nil }
+    end
+
+    def on_finish request, response
+      @handlers.reverse_each { |handler| handler.on_finish request, response }
+    end
+
+    def make_request env
+      Rack::Request.new env
+    end
+
+    def make_response status, headers, body
+      BufferedResponse.new status, headers, body
+    end
+  end
+end