rack 1.6.12 → 2.0.3

data/example/protectedlobster.rb

@@ -4,7 +4,7 @@ require 'rack/lobster'
 lobster = Rack::Lobster.new
 
 protected_lobster = Rack::Auth::Basic.new(lobster) do |username, password|
-  'secret' == password
+  Rack::Utils.secure_compare('secret', password)
 end
 
 protected_lobster.realm = 'Lobster 2.0'

data/example/protectedlobster.ru

@@ -2,7 +2,7 @@ require 'rack/lobster'
 
 use Rack::ShowExceptions
 use Rack::Auth::Basic, "Lobster 2.0" do |username, password|
-  'secret' == password
+  Rack::Utils.secure_compare('secret', password)
 end
 
 run Rack::Lobster.new

data/lib/rack.rb

@@ -7,7 +7,7 @@
 # modules and classes.
 #
 # All modules meant for use in your application are <tt>autoload</tt>ed here,
-# so it should be enough just to <tt>require rack.rb</tt> in your code.
+# so it should be enough just to <tt>require 'rack'</tt> in your code.
 
 module Rack
   # The Rack protocol version number implemented.
@@ -18,27 +18,80 @@ module Rack
     VERSION.join(".")
   end
 
+  RELEASE = "2.0.3"
+
   # Return the Rack release as a dotted string.
   def self.release
-    "1.6.12"
+    RELEASE
   end
-  PATH_INFO      = 'PATH_INFO'.freeze
-  REQUEST_METHOD = 'REQUEST_METHOD'.freeze
-  SCRIPT_NAME    = 'SCRIPT_NAME'.freeze
-  QUERY_STRING   = 'QUERY_STRING'.freeze
-  CACHE_CONTROL  = 'Cache-Control'.freeze
-  CONTENT_LENGTH = 'Content-Length'.freeze
-  CONTENT_TYPE   = 'Content-Type'.freeze
 
-  GET  = 'GET'.freeze
-  HEAD = 'HEAD'.freeze
+  HTTP_HOST         = 'HTTP_HOST'.freeze
+  HTTP_VERSION      = 'HTTP_VERSION'.freeze
+  HTTPS             = 'HTTPS'.freeze
+  PATH_INFO         = 'PATH_INFO'.freeze
+  REQUEST_METHOD    = 'REQUEST_METHOD'.freeze
+  REQUEST_PATH      = 'REQUEST_PATH'.freeze
+  SCRIPT_NAME       = 'SCRIPT_NAME'.freeze
+  QUERY_STRING      = 'QUERY_STRING'.freeze
+  SERVER_PROTOCOL   = 'SERVER_PROTOCOL'.freeze
+  SERVER_NAME       = 'SERVER_NAME'.freeze
+  SERVER_ADDR       = 'SERVER_ADDR'.freeze
+  SERVER_PORT       = 'SERVER_PORT'.freeze
+  CACHE_CONTROL     = 'Cache-Control'.freeze
+  CONTENT_LENGTH    = 'Content-Length'.freeze
+  CONTENT_TYPE      = 'Content-Type'.freeze
+  SET_COOKIE        = 'Set-Cookie'.freeze
+  TRANSFER_ENCODING = 'Transfer-Encoding'.freeze
+  HTTP_COOKIE       = 'HTTP_COOKIE'.freeze
+  ETAG              = 'ETag'.freeze
+
+  # HTTP method verbs
+  GET     = 'GET'.freeze
+  POST    = 'POST'.freeze
+  PUT     = 'PUT'.freeze
+  PATCH   = 'PATCH'.freeze
+  DELETE  = 'DELETE'.freeze
+  HEAD    = 'HEAD'.freeze
+  OPTIONS = 'OPTIONS'.freeze
+  LINK    = 'LINK'.freeze
+  UNLINK  = 'UNLINK'.freeze
+  TRACE   = 'TRACE'.freeze
+
+  # Rack environment variables
+  RACK_VERSION                        = 'rack.version'.freeze
+  RACK_TEMPFILES                      = 'rack.tempfiles'.freeze
+  RACK_ERRORS                         = 'rack.errors'.freeze
+  RACK_LOGGER                         = 'rack.logger'.freeze
+  RACK_INPUT                          = 'rack.input'.freeze
+  RACK_SESSION                        = 'rack.session'.freeze
+  RACK_SESSION_OPTIONS                = 'rack.session.options'.freeze
+  RACK_SHOWSTATUS_DETAIL              = 'rack.showstatus.detail'.freeze
+  RACK_MULTITHREAD                    = 'rack.multithread'.freeze
+  RACK_MULTIPROCESS                   = 'rack.multiprocess'.freeze
+  RACK_RUNONCE                        = 'rack.run_once'.freeze
+  RACK_URL_SCHEME                     = 'rack.url_scheme'.freeze
+  RACK_HIJACK                         = 'rack.hijack'.freeze
+  RACK_IS_HIJACK                      = 'rack.hijack?'.freeze
+  RACK_HIJACK_IO                      = 'rack.hijack_io'.freeze
+  RACK_RECURSIVE_INCLUDE              = 'rack.recursive.include'.freeze
+  RACK_MULTIPART_BUFFER_SIZE          = 'rack.multipart.buffer_size'.freeze
+  RACK_MULTIPART_TEMPFILE_FACTORY     = 'rack.multipart.tempfile_factory'.freeze
+  RACK_REQUEST_FORM_INPUT             = 'rack.request.form_input'.freeze
+  RACK_REQUEST_FORM_HASH              = 'rack.request.form_hash'.freeze
+  RACK_REQUEST_FORM_VARS              = 'rack.request.form_vars'.freeze
+  RACK_REQUEST_COOKIE_HASH            = 'rack.request.cookie_hash'.freeze
+  RACK_REQUEST_COOKIE_STRING          = 'rack.request.cookie_string'.freeze
+  RACK_REQUEST_QUERY_HASH             = 'rack.request.query_hash'.freeze
+  RACK_REQUEST_QUERY_STRING           = 'rack.request.query_string'.freeze
+  RACK_METHODOVERRIDE_ORIGINAL_METHOD = 'rack.methodoverride.original_method'.freeze
+  RACK_SESSION_UNPACKED_COOKIE_DATA   = 'rack.session.unpacked_cookie_data'.freeze
 
   autoload :Builder, "rack/builder"
   autoload :BodyProxy, "rack/body_proxy"
   autoload :Cascade, "rack/cascade"
   autoload :Chunked, "rack/chunked"
-  autoload :CommonLogger, "rack/commonlogger"
-  autoload :ConditionalGet, "rack/conditionalget"
+  autoload :CommonLogger, "rack/common_logger"
+  autoload :ConditionalGet, "rack/conditional_get"
   autoload :Config, "rack/config"
   autoload :ContentLength, "rack/content_length"
   autoload :ContentType, "rack/content_type"
@@ -52,16 +105,16 @@ module Rack
   autoload :Lint, "rack/lint"
   autoload :Lock, "rack/lock"
   autoload :Logger, "rack/logger"
-  autoload :MethodOverride, "rack/methodoverride"
+  autoload :MethodOverride, "rack/method_override"
   autoload :Mime, "rack/mime"
-  autoload :NullLogger, "rack/nulllogger"
+  autoload :NullLogger, "rack/null_logger"
   autoload :Recursive, "rack/recursive"
   autoload :Reloader, "rack/reloader"
   autoload :Runtime, "rack/runtime"
   autoload :Sendfile, "rack/sendfile"
   autoload :Server, "rack/server"
-  autoload :ShowExceptions, "rack/showexceptions"
-  autoload :ShowStatus, "rack/showstatus"
+  autoload :ShowExceptions, "rack/show_exceptions"
+  autoload :ShowStatus, "rack/show_status"
   autoload :Static, "rack/static"
   autoload :TempfileReaper, "rack/tempfile_reaper"
   autoload :URLMap, "rack/urlmap"
@@ -91,8 +144,4 @@ module Rack
     autoload :Pool, "rack/session/pool"
     autoload :Memcache, "rack/session/memcache"
   end
-
-  module Utils
-    autoload :OkJson, "rack/utils/okjson"
-  end
 end

data/lib/rack/auth/abstract/request.rb

@@ -13,7 +13,11 @@ module Rack
       end
 
       def provided?
-        !authorization_key.nil?
+        !authorization_key.nil? && valid?
+      end
+
+      def valid?
+        !@env[authorization_key].nil?
       end
 
       def parts

data/lib/rack/auth/digest/params.rb

@@ -17,7 +17,7 @@ module Rack
         end
 
         def self.split_header_value(str)
-          str.scan( /(\w+\=(?:"[^\"]+"|[^,]+))/n ).collect{ |v| v[0] }
+          str.scan(/\w+\=(?:"[^\"]+"|[^,]+)/n)
         end
 
         def initialize
@@ -38,7 +38,7 @@ module Rack
 
         def to_s
           map do |k, v|
-            "#{k}=" + (UNQUOTED.include?(k) ? v.to_s : quote(v))
+            "#{k}=" << (UNQUOTED.include?(k) ? v.to_s : quote(v))
           end.join(', ')
         end
 
@@ -50,4 +50,3 @@ module Rack
     end
   end
 end
-

data/lib/rack/auth/digest/request.rb

@@ -7,7 +7,7 @@ module Rack
     module Digest
       class Request < Auth::AbstractRequest
         def method
-          @env['rack.methodoverride.original_method'] || @env[REQUEST_METHOD]
+          @env[RACK_METHODOVERRIDE_ORIGINAL_METHOD] || @env[REQUEST_METHOD]
         end
 
         def digest?

data/lib/rack/body_proxy.rb

@@ -1,12 +1,17 @@
 module Rack
   class BodyProxy
     def initialize(body, &block)
-      @body, @block, @closed = body, block, false
+      @body = body
+      @block = block
+      @closed = false
     end
 
-    def respond_to?(*args)
-      return false if args.first.to_s =~ /^to_ary$/
-      super or @body.respond_to?(*args)
+    def respond_to?(method_name, include_all=false)
+      case method_name
+      when :to_ary, 'to_ary'
+        return false
+      end
+      super or @body.respond_to?(method_name, include_all)
     end
 
     def close
@@ -27,13 +32,13 @@ module Rack
     # We are applying this special case for #each only. Future bugs of this
     # class will be handled by requesting users to patch their ruby
     # implementation, to save adding too many methods in this class.
-    def each(*args, &block)
-      @body.each(*args, &block)
+    def each
+      @body.each { |body| yield body }
     end
 
-    def method_missing(*args, &block)
-      super if args.first.to_s =~ /^to_ary$/
-      @body.__send__(*args, &block)
+    def method_missing(method_name, *args, &block)
+      super if :to_ary == method_name
+      @body.__send__(method_name, *args, &block)
     end
   end
 end

data/lib/rack/builder.rb

@@ -40,7 +40,7 @@ module Rack
         app = new_from_string cfgfile, config
       else
         require config
-        app = Object.const_get(::File.basename(config, '.rb').capitalize)
+        app = Object.const_get(::File.basename(config, '.rb').split('_').map(&:capitalize).join(''))
       end
       return app, options
     end
@@ -50,7 +50,7 @@ module Rack
         TOPLEVEL_BINDING, file, 0
     end
 
-    def initialize(default_app = nil,&block)
+    def initialize(default_app = nil, &block)
       @use, @map, @run, @warmup = [], nil, default_app, nil
       instance_eval(&block) if block_given?
     end
@@ -96,7 +96,7 @@ module Rack
     #   class Heartbeat
     #     def self.call(env)
     #      [200, { "Content-Type" => "text/plain" }, ["OK"]]
-    #    end
+    #     end
     #   end
     #
     #   run Heartbeat

data/lib/rack/chunked.rb

@@ -21,10 +21,10 @@ module Rack
       def each
         term = TERM
         @body.each do |chunk|
-          size = bytesize(chunk)
+          size = chunk.bytesize
           next if size == 0
 
-          chunk = chunk.dup.force_encoding(Encoding::BINARY) if chunk.respond_to?(:force_encoding)
+          chunk = chunk.dup.force_encoding(Encoding::BINARY)
           yield [size.to_s(16), term, chunk, term].join
         end
         yield TAIL
@@ -54,14 +54,14 @@ module Rack
       status, headers, body = @app.call(env)
       headers = HeaderHash.new(headers)
 
-      if ! chunkable_version?(env['HTTP_VERSION']) ||
+      if ! chunkable_version?(env[HTTP_VERSION]) ||
          STATUS_WITH_NO_ENTITY_BODY.include?(status) ||
          headers[CONTENT_LENGTH] ||
-         headers['Transfer-Encoding']
+         headers[TRANSFER_ENCODING]
         [status, headers, body]
       else
         headers.delete(CONTENT_LENGTH)
-        headers['Transfer-Encoding'] = 'chunked'
+        headers[TRANSFER_ENCODING] = 'chunked'
         [status, headers, Body.new(body)]
       end
     end

data/lib/rack/{commonlogger.rb → common_logger.rb}

@@ -48,13 +48,13 @@ module Rack
         now.strftime("%d/%b/%Y:%H:%M:%S %z"),
         env[REQUEST_METHOD],
         env[PATH_INFO],
-        env[QUERY_STRING].empty? ? "" : "?"+env[QUERY_STRING],
-        env["HTTP_VERSION"],
+        env[QUERY_STRING].empty? ? "" : "?#{env[QUERY_STRING]}",
+        env[HTTP_VERSION],
         status.to_s[0..3],
         length,
         now - began_at ]
 
-      logger = @logger || env['rack.errors']
+      logger = @logger || env[RACK_ERRORS]
       # Standard library logger doesn't support write but it supports << which actually
       # calls to write on the log device without formatting
       if logger.respond_to?(:write)

data/lib/rack/content_length.rb

@@ -17,12 +17,12 @@ module Rack
 
       if !STATUS_WITH_NO_ENTITY_BODY.include?(status.to_i) &&
          !headers[CONTENT_LENGTH] &&
-         !headers['Transfer-Encoding'] &&
+         !headers[TRANSFER_ENCODING] &&
          body.respond_to?(:to_ary)
 
         obody = body
         body, length = [], 0
-        obody.each { |part| body << part; length += bytesize(part) }
+        obody.each { |part| body << part; length += part.bytesize }
 
         body = BodyProxy.new(body) do
           obody.close if obody.respond_to?(:close)

data/lib/rack/deflater.rb

@@ -8,7 +8,6 @@ module Rack
   # Currently supported compression algorithms:
   #
   #   * gzip
-  #   * deflate
   #   * identity (no transformation)
   #
   # The middleware automatically detects when compression is supported
@@ -22,7 +21,7 @@ module Rack
     # [app] rack app instance
     # [options] hash of deflater options, i.e.
     #           'if' - a lambda enabling / disabling deflation based on returned boolean value
-    #                  e.g use Rack::Deflater, :if => lambda { |env, status, headers, body| body.length > 512 }
+    #                  e.g use Rack::Deflater, :if => lambda { |env, status, headers, body| body.map(&:bytesize).reduce(0, :+) > 512 }
     #           'include' - a list of content types that should be compressed
     def initialize(app, options = {})
       @app = app
@@ -41,11 +40,11 @@ module Rack
 
       request = Request.new(env)
 
-      encoding = Utils.select_best_encoding(%w(gzip deflate identity),
+      encoding = Utils.select_best_encoding(%w(gzip identity),
                                             request.accept_encoding)
 
       # Set the Vary HTTP header.
-      vary = headers["Vary"].to_s.split(",").map { |v| v.strip }
+      vary = headers["Vary"].to_s.split(",").map(&:strip)
       unless vary.include?("*") || vary.include?("Accept-Encoding")
         headers["Vary"] = vary.push("Accept-Encoding").join(",")
       end
@@ -57,10 +56,6 @@ module Rack
         mtime = headers.key?("Last-Modified") ?
           Time.httpdate(headers["Last-Modified"]) : Time.now
         [status, headers, GzipStream.new(body, mtime)]
-      when "deflate"
-        headers['Content-Encoding'] = "deflate"
-        headers.delete(CONTENT_LENGTH)
-        [status, headers, DeflateStream.new(body)]
       when "identity"
         [status, headers, body]
       when nil
@@ -101,36 +96,6 @@ module Rack
       end
     end
 
-    class DeflateStream
-      DEFLATE_ARGS = [
-        Zlib::DEFAULT_COMPRESSION,
-        # drop the zlib header which causes both Safari and IE to choke
-        -Zlib::MAX_WBITS,
-        Zlib::DEF_MEM_LEVEL,
-        Zlib::DEFAULT_STRATEGY
-      ]
-
-      def initialize(body)
-        @body = body
-        @closed = false
-      end
-
-      def each
-        deflator = ::Zlib::Deflate.new(*DEFLATE_ARGS)
-        @body.each { |part| yield deflator.deflate(part, Zlib::SYNC_FLUSH) }
-        yield deflator.finish
-        nil
-      ensure
-        deflator.close
-      end
-
-      def close
-        return if @closed
-        @closed = true
-        @body.close if @body.respond_to?(:close)
-      end
-    end
-
     private
 
     def should_deflate?(env, status, headers, body)
@@ -143,7 +108,7 @@ module Rack
       end
 
       # Skip if @compressible_types are given and does not include request's content type
-      return false if @compressible_types && !(headers.has_key?('Content-Type') && @compressible_types.include?(headers['Content-Type'][/[^;]*/]))
+      return false if @compressible_types && !(headers.has_key?(CONTENT_TYPE) && @compressible_types.include?(headers[CONTENT_TYPE][/[^;]*/]))
 
       # Skip if @condition lambda is given and evaluates to false
       return false if @condition && !@condition.call(env, status, headers, body)

data/lib/rack/directory.rb

@@ -39,58 +39,83 @@ table { width:100%%; }
 </body></html>
     PAGE
 
-    attr_reader :files
-    attr_accessor :root, :path
+    class DirectoryBody < Struct.new(:root, :path, :files)
+      def each
+        show_path = Rack::Utils.escape_html(path.sub(/^#{root}/,''))
+        listings = files.map{|f| DIR_FILE % DIR_FILE_escape(*f) }*"\n"
+        page  = DIR_PAGE % [ show_path, show_path , listings ]
+        page.each_line{|l| yield l }
+      end
+
+      private
+      # Assumes url is already escaped.
+      def DIR_FILE_escape url, *html
+        [url, *html.map { |e| Utils.escape_html(e) }]
+      end
+    end
+
+    attr_reader :root, :path
 
     def initialize(root, app=nil)
-      @root = F.expand_path(root)
+      @root = ::File.expand_path(root)
       @app = app || Rack::File.new(@root)
+      @head = Rack::Head.new(lambda { |env| get env })
     end
 
     def call(env)
-      dup._call(env)
+      # strip body if this is a HEAD call
+      @head.call env
     end
 
-    F = ::File
-
-    def _call(env)
-      @env = env
-      @script_name = env[SCRIPT_NAME]
-      @path_info = Utils.unescape(env[PATH_INFO])
+    def get(env)
+      script_name = env[SCRIPT_NAME]
+      path_info = Utils.unescape_path(env[PATH_INFO])
 
-      if forbidden = check_forbidden
+      if bad_request = check_bad_request(path_info)
+        bad_request
+      elsif forbidden = check_forbidden(path_info)
         forbidden
       else
-        @path = F.join(@root, @path_info)
-        list_path
+        path = ::File.join(@root, path_info)
+        list_path(env, path, path_info, script_name)
       end
     end
 
-    def check_forbidden
-      return unless @path_info.include? ".."
+    def check_bad_request(path_info)
+      return if Utils.valid_path?(path_info)
+
+      body = "Bad Request\n"
+      size = body.bytesize
+      return [400, {CONTENT_TYPE => "text/plain",
+        CONTENT_LENGTH => size.to_s,
+        "X-Cascade" => "pass"}, [body]]
+    end
+
+    def check_forbidden(path_info)
+      return unless path_info.include? ".."
 
       body = "Forbidden\n"
-      size = Rack::Utils.bytesize(body)
-      return [403, {"Content-Type" => "text/plain",
+      size = body.bytesize
+      return [403, {CONTENT_TYPE => "text/plain",
         CONTENT_LENGTH => size.to_s,
         "X-Cascade" => "pass"}, [body]]
     end
 
-    def list_directory
-      @files = [['../','Parent Directory','','','']]
-      glob = F.join(@path, '*')
+    def list_directory(path_info, path, script_name)
+      files = [['../','Parent Directory','','','']]
+      glob = ::File.join(path, '*')
 
-      url_head = (@script_name.split('/') + @path_info.split('/')).map do |part|
-        Rack::Utils.escape part
+      url_head = (script_name.split('/') + path_info.split('/')).map do |part|
+        Rack::Utils.escape_path part
       end
 
       Dir[glob].sort.each do |node|
         stat = stat(node)
-        next  unless stat
-        basename = F.basename(node)
-        ext = F.extname(node)
+        next unless stat
+        basename = ::File.basename(node)
+        ext = ::File.extname(node)
 
-        url = F.join(*url_head + [Rack::Utils.escape(basename)])
+        url = ::File.join(*url_head + [Rack::Utils.escape_path(basename)])
         size = stat.size
         type = stat.directory? ? 'directory' : Mime.mime_type(ext)
         size = stat.directory? ? '-' : filesize_format(size)
@@ -98,49 +123,42 @@ table { width:100%%; }
         url << '/'  if stat.directory?
         basename << '/'  if stat.directory?
 
-        @files << [ url, basename, size, type, mtime ]
+        files << [ url, basename, size, type, mtime ]
       end
 
-      return [ 200, { CONTENT_TYPE =>'text/html; charset=utf-8'}, self ]
+      return [ 200, { CONTENT_TYPE =>'text/html; charset=utf-8'}, DirectoryBody.new(@root, path, files) ]
     end
 
-    def stat(node, max = 10)
-      F.stat(node)
+    def stat(node)
+      ::File.stat(node)
     rescue Errno::ENOENT, Errno::ELOOP
       return nil
     end
 
     # TODO: add correct response if not readable, not sure if 404 is the best
     #       option
-    def list_path
-      @stat = F.stat(@path)
+    def list_path(env, path, path_info, script_name)
+      stat = ::File.stat(path)
 
-      if @stat.readable?
-        return @app.call(@env) if @stat.file?
-        return list_directory if @stat.directory?
+      if stat.readable?
+        return @app.call(env) if stat.file?
+        return list_directory(path_info, path, script_name) if stat.directory?
       else
         raise Errno::ENOENT, 'No such file or directory'
       end
 
     rescue Errno::ENOENT, Errno::ELOOP
-      return entity_not_found
+      return entity_not_found(path_info)
     end
 
-    def entity_not_found
-      body = "Entity not found: #{@path_info}\n"
-      size = Rack::Utils.bytesize(body)
-      return [404, {"Content-Type" => "text/plain",
+    def entity_not_found(path_info)
+      body = "Entity not found: #{path_info}\n"
+      size = body.bytesize
+      return [404, {CONTENT_TYPE => "text/plain",
         CONTENT_LENGTH => size.to_s,
         "X-Cascade" => "pass"}, [body]]
     end
 
-    def each
-      show_path = Rack::Utils.escape_html(@path.sub(/^#{@root}/,''))
-      files = @files.map{|f| DIR_FILE % DIR_FILE_escape(*f) }*"\n"
-      page  = DIR_PAGE % [ show_path, show_path , files ]
-      page.each_line{|l| yield l }
-    end
-
     # Stolen from Ramaze
 
     FILESIZE_FORMAT = [
@@ -155,13 +173,7 @@ table { width:100%%; }
         return format % (int.to_f / size) if int >= size
       end
 
-      int.to_s + 'B'
-    end
-
-    private
-    # Assumes url is already escaped.
-    def DIR_FILE_escape url, *html
-      [url, *html.map { |e| Utils.escape_html(e) }]
+      "#{int}B"
     end
   end
 end