rack 1.6.13 → 2.0.1

data/lib/rack/session/pool.rb

@@ -24,7 +24,7 @@ module Rack
     #   )
     #   Rack::Handler::WEBrick.run sessioned
 
-    class Pool < Abstract::PersistedSecure
+    class Pool < Abstract::Persisted
       attr_reader :mutex, :pool
       DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.merge :drop => false
 
@@ -37,47 +37,40 @@ module Rack
       def generate_sid
         loop do
           sid = super
-          break sid unless @pool.key? sid.private_id
+          break sid unless @pool.key? sid
         end
       end
 
-      def get_session(env, sid)
-        with_lock(env) do
-          unless sid and session = get_session_with_fallback(sid)
+      def find_session(req, sid)
+        with_lock(req) do
+          unless sid and session = @pool[sid]
             sid, session = generate_sid, {}
-            @pool.store sid.private_id, session
+            @pool.store sid, session
           end
           [sid, session]
         end
       end
 
-      def set_session(env, session_id, new_session, options)
-        with_lock(env) do
-          @pool.store session_id.private_id, new_session
+      def write_session(req, session_id, new_session, options)
+        with_lock(req) do
+          @pool.store session_id, new_session
           session_id
         end
       end
 
-      def destroy_session(env, session_id, options)
-        with_lock(env) do
-          @pool.delete(session_id.public_id)
-          @pool.delete(session_id.private_id)
+      def delete_session(req, session_id, options)
+        with_lock(req) do
+          @pool.delete(session_id)
           generate_sid unless options[:drop]
         end
       end
 
-      def with_lock(env)
-        @mutex.lock if env['rack.multithread']
+      def with_lock(req)
+        @mutex.lock if req.multithread?
         yield
       ensure
         @mutex.unlock if @mutex.locked?
       end
-
-      private
-
-      def get_session_with_fallback(sid)
-        @pool[sid.private_id] || @pool[sid.public_id]
-      end
     end
   end
 end

data/lib/rack/show_exceptions.rb

@@ -0,0 +1,386 @@
+require 'ostruct'
+require 'erb'
+require 'rack/request'
+require 'rack/utils'
+
+module Rack
+  # Rack::ShowExceptions catches all exceptions raised from the app it
+  # wraps.  It shows a useful backtrace with the sourcefile and
+  # clickable context, the whole Rack environment and the request
+  # data.
+  #
+  # Be careful when you use this on public-facing sites as it could
+  # reveal information helpful to attackers.
+
+  class ShowExceptions
+    CONTEXT = 7
+
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      @app.call(env)
+    rescue StandardError, LoadError, SyntaxError => e
+      exception_string = dump_exception(e)
+
+      env[RACK_ERRORS].puts(exception_string)
+      env[RACK_ERRORS].flush
+
+      if accepts_html?(env)
+        content_type = "text/html"
+        body = pretty(env, e)
+      else
+        content_type = "text/plain"
+        body = exception_string
+      end
+
+      [
+        500,
+        {
+          CONTENT_TYPE => content_type,
+          CONTENT_LENGTH => body.bytesize.to_s,
+        },
+        [body],
+      ]
+    end
+
+    def prefers_plaintext?(env)
+      !accepts_html(env)
+    end
+
+    def accepts_html?(env)
+      Rack::Utils.best_q_match(env["HTTP_ACCEPT"], %w[text/html])
+    end
+    private :accepts_html?
+
+    def dump_exception(exception)
+      string = "#{exception.class}: #{exception.message}\n"
+      string << exception.backtrace.map { |l| "\t#{l}" }.join("\n")
+      string
+    end
+
+    def pretty(env, exception)
+      req = Rack::Request.new(env)
+
+      # This double assignment is to prevent an "unused variable" warning on
+      # Ruby 1.9.3.  Yes, it is dumb, but I don't like Ruby yelling at me.
+      path = path = (req.script_name + req.path_info).squeeze("/")
+
+      # This double assignment is to prevent an "unused variable" warning on
+      # Ruby 1.9.3.  Yes, it is dumb, but I don't like Ruby yelling at me.
+      frames = frames = exception.backtrace.map { |line|
+        frame = OpenStruct.new
+        if line =~ /(.*?):(\d+)(:in `(.*)')?/
+          frame.filename = $1
+          frame.lineno = $2.to_i
+          frame.function = $4
+
+          begin
+            lineno = frame.lineno-1
+            lines = ::File.readlines(frame.filename)
+            frame.pre_context_lineno = [lineno-CONTEXT, 0].max
+            frame.pre_context = lines[frame.pre_context_lineno...lineno]
+            frame.context_line = lines[lineno].chomp
+            frame.post_context_lineno = [lineno+CONTEXT, lines.size].min
+            frame.post_context = lines[lineno+1..frame.post_context_lineno]
+          rescue
+          end
+
+          frame
+        else
+          nil
+        end
+      }.compact
+
+      TEMPLATE.result(binding)
+    end
+
+    def h(obj)                  # :nodoc:
+      case obj
+      when String
+        Utils.escape_html(obj)
+      else
+        Utils.escape_html(obj.inspect)
+      end
+    end
+
+    # :stopdoc:
+
+    # adapted from Django <djangoproject.com>
+    # Copyright (c) 2005, the Lawrence Journal-World
+    # Used under the modified BSD license:
+    # http://www.xfree86.org/3.3.6/COPYRIGHT2.html#5
+    TEMPLATE = ERB.new(<<-'HTML'.gsub(/^      /, ''))
+      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+      <html lang="en">
+      <head>
+        <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+        <meta name="robots" content="NONE,NOARCHIVE" />
+        <title><%=h exception.class %> at <%=h path %></title>
+        <style type="text/css">
+          html * { padding:0; margin:0; }
+          body * { padding:10px 20px; }
+          body * * { padding:0; }
+          body { font:small sans-serif; }
+          body>div { border-bottom:1px solid #ddd; }
+          h1 { font-weight:normal; }
+          h2 { margin-bottom:.8em; }
+          h2 span { font-size:80%; color:#666; font-weight:normal; }
+          h3 { margin:1em 0 .5em 0; }
+          h4 { margin:0 0 .5em 0; font-weight: normal; }
+          table {
+              border:1px solid #ccc; border-collapse: collapse; background:white; }
+          tbody td, tbody th { vertical-align:top; padding:2px 3px; }
+          thead th {
+              padding:1px 6px 1px 3px; background:#fefefe; text-align:left;
+              font-weight:normal; font-size:11px; border:1px solid #ddd; }
+          tbody th { text-align:right; color:#666; padding-right:.5em; }
+          table.vars { margin:5px 0 2px 40px; }
+          table.vars td, table.req td { font-family:monospace; }
+          table td.code { width:100%;}
+          table td.code div { overflow:hidden; }
+          table.source th { color:#666; }
+          table.source td {
+              font-family:monospace; white-space:pre; border-bottom:1px solid #eee; }
+          ul.traceback { list-style-type:none; }
+          ul.traceback li.frame { margin-bottom:1em; }
+          div.context { margin: 10px 0; }
+          div.context ol {
+              padding-left:30px; margin:0 10px; list-style-position: inside; }
+          div.context ol li {
+              font-family:monospace; white-space:pre; color:#666; cursor:pointer; }
+          div.context ol.context-line li { color:black; background-color:#ccc; }
+          div.context ol.context-line li span { float: right; }
+          div.commands { margin-left: 40px; }
+          div.commands a { color:black; text-decoration:none; }
+          #summary { background: #ffc; }
+          #summary h2 { font-weight: normal; color: #666; }
+          #summary ul#quicklinks { list-style-type: none; margin-bottom: 2em; }
+          #summary ul#quicklinks li { float: left; padding: 0 1em; }
+          #summary ul#quicklinks>li+li { border-left: 1px #666 solid; }
+          #explanation { background:#eee; }
+          #template, #template-not-exist { background:#f6f6f6; }
+          #template-not-exist ul { margin: 0 0 0 20px; }
+          #traceback { background:#eee; }
+          #requestinfo { background:#f6f6f6; padding-left:120px; }
+          #summary table { border:none; background:transparent; }
+          #requestinfo h2, #requestinfo h3 { position:relative; margin-left:-100px; }
+          #requestinfo h3 { margin-bottom:-1em; }
+          .error { background: #ffc; }
+          .specific { color:#cc3300; font-weight:bold; }
+        </style>
+        <script type="text/javascript">
+        //<!--
+          function getElementsByClassName(oElm, strTagName, strClassName){
+              // Written by Jonathan Snook, http://www.snook.ca/jon;
+              // Add-ons by Robert Nyman, http://www.robertnyman.com
+              var arrElements = (strTagName == "*" && document.all)? document.all :
+              oElm.getElementsByTagName(strTagName);
+              var arrReturnElements = new Array();
+              strClassName = strClassName.replace(/\-/g, "\\-");
+              var oRegExp = new RegExp("(^|\\s)" + strClassName + "(\\s|$$)");
+              var oElement;
+              for(var i=0; i<arrElements.length; i++){
+                  oElement = arrElements[i];
+                  if(oRegExp.test(oElement.className)){
+                      arrReturnElements.push(oElement);
+                  }
+              }
+              return (arrReturnElements)
+          }
+          function hideAll(elems) {
+            for (var e = 0; e < elems.length; e++) {
+              elems[e].style.display = 'none';
+            }
+          }
+          window.onload = function() {
+            hideAll(getElementsByClassName(document, 'table', 'vars'));
+            hideAll(getElementsByClassName(document, 'ol', 'pre-context'));
+            hideAll(getElementsByClassName(document, 'ol', 'post-context'));
+          }
+          function toggle() {
+            for (var i = 0; i < arguments.length; i++) {
+              var e = document.getElementById(arguments[i]);
+              if (e) {
+                e.style.display = e.style.display == 'none' ? 'block' : 'none';
+              }
+            }
+            return false;
+          }
+          function varToggle(link, id) {
+            toggle('v' + id);
+            var s = link.getElementsByTagName('span')[0];
+            var uarr = String.fromCharCode(0x25b6);
+            var darr = String.fromCharCode(0x25bc);
+            s.innerHTML = s.innerHTML == uarr ? darr : uarr;
+            return false;
+          }
+          //-->
+        </script>
+      </head>
+      <body>
+
+      <div id="summary">
+        <h1><%=h exception.class %> at <%=h path %></h1>
+        <h2><%=h exception.message %></h2>
+        <table><tr>
+          <th>Ruby</th>
+          <td>
+      <% if first = frames.first %>
+            <code><%=h first.filename %></code>: in <code><%=h first.function %></code>, line <%=h frames.first.lineno %>
+      <% else %>
+            unknown location
+      <% end %>
+          </td>
+        </tr><tr>
+          <th>Web</th>
+          <td><code><%=h req.request_method %> <%=h(req.host + path)%></code></td>
+        </tr></table>
+
+        <h3>Jump to:</h3>
+        <ul id="quicklinks">
+          <li><a href="#get-info">GET</a></li>
+          <li><a href="#post-info">POST</a></li>
+          <li><a href="#cookie-info">Cookies</a></li>
+          <li><a href="#env-info">ENV</a></li>
+        </ul>
+      </div>
+
+      <div id="traceback">
+        <h2>Traceback <span>(innermost first)</span></h2>
+        <ul class="traceback">
+      <% frames.each { |frame| %>
+            <li class="frame">
+              <code><%=h frame.filename %></code>: in <code><%=h frame.function %></code>
+
+                <% if frame.context_line %>
+                <div class="context" id="c<%=h frame.object_id %>">
+                    <% if frame.pre_context %>
+                    <ol start="<%=h frame.pre_context_lineno+1 %>" class="pre-context" id="pre<%=h frame.object_id %>">
+                      <% frame.pre_context.each { |line| %>
+                      <li onclick="toggle('pre<%=h frame.object_id %>', 'post<%=h frame.object_id %>')"><%=h line %></li>
+                      <% } %>
+                    </ol>
+                    <% end %>
+
+                  <ol start="<%=h frame.lineno %>" class="context-line">
+                    <li onclick="toggle('pre<%=h frame.object_id %>', 'post<%=h frame.object_id %>')"><%=h frame.context_line %><span>...</span></li></ol>
+
+                    <% if frame.post_context %>
+                    <ol start='<%=h frame.lineno+1 %>' class="post-context" id="post<%=h frame.object_id %>">
+                      <% frame.post_context.each { |line| %>
+                      <li onclick="toggle('pre<%=h frame.object_id %>', 'post<%=h frame.object_id %>')"><%=h line %></li>
+                      <% } %>
+                    </ol>
+                    <% end %>
+                </div>
+                <% end %>
+            </li>
+      <% } %>
+        </ul>
+      </div>
+
+      <div id="requestinfo">
+        <h2>Request information</h2>
+
+        <h3 id="get-info">GET</h3>
+        <% if req.GET and not req.GET.empty? %>
+          <table class="req">
+            <thead>
+              <tr>
+                <th>Variable</th>
+                <th>Value</th>
+              </tr>
+            </thead>
+            <tbody>
+                <% req.GET.sort_by { |k, v| k.to_s }.each { |key, val| %>
+                <tr>
+                  <td><%=h key %></td>
+                  <td class="code"><div><%=h val.inspect %></div></td>
+                </tr>
+                <% } %>
+            </tbody>
+          </table>
+        <% else %>
+          <p>No GET data.</p>
+        <% end %>
+
+        <h3 id="post-info">POST</h3>
+        <% if req.POST and not req.POST.empty? %>
+          <table class="req">
+            <thead>
+              <tr>
+                <th>Variable</th>
+                <th>Value</th>
+              </tr>
+            </thead>
+            <tbody>
+                <% req.POST.sort_by { |k, v| k.to_s }.each { |key, val| %>
+                <tr>
+                  <td><%=h key %></td>
+                  <td class="code"><div><%=h val.inspect %></div></td>
+                </tr>
+                <% } %>
+            </tbody>
+          </table>
+        <% else %>
+          <p>No POST data.</p>
+        <% end %>
+
+
+        <h3 id="cookie-info">COOKIES</h3>
+        <% unless req.cookies.empty? %>
+          <table class="req">
+            <thead>
+              <tr>
+                <th>Variable</th>
+                <th>Value</th>
+              </tr>
+            </thead>
+            <tbody>
+              <% req.cookies.each { |key, val| %>
+                <tr>
+                  <td><%=h key %></td>
+                  <td class="code"><div><%=h val.inspect %></div></td>
+                </tr>
+              <% } %>
+            </tbody>
+          </table>
+        <% else %>
+          <p>No cookie data.</p>
+        <% end %>
+
+        <h3 id="env-info">Rack ENV</h3>
+          <table class="req">
+            <thead>
+              <tr>
+                <th>Variable</th>
+                <th>Value</th>
+              </tr>
+            </thead>
+            <tbody>
+                <% env.sort_by { |k, v| k.to_s }.each { |key, val| %>
+                <tr>
+                  <td><%=h key %></td>
+                  <td class="code"><div><%=h val %></div></td>
+                </tr>
+                <% } %>
+            </tbody>
+          </table>
+
+      </div>
+
+      <div id="explanation">
+        <p>
+          You're seeing this error because you use <code>Rack::ShowExceptions</code>.
+        </p>
+      </div>
+
+      </body>
+      </html>
+    HTML
+
+    # :startdoc:
+  end
+end

data/lib/rack/{showstatus.rb → show_status.rb}

@@ -22,7 +22,7 @@ module Rack
       empty = headers[CONTENT_LENGTH].to_i <= 0
 
       # client or server error, or explicit message
-      if (status.to_i >= 400 && empty) || env["rack.showstatus.detail"]
+      if (status.to_i >= 400 && empty) || env[RACK_SHOWSTATUS_DETAIL]
         # This double assignment is to prevent an "unused variable" warning on
         # Ruby 1.9.3.  Yes, it is dumb, but I don't like Ruby yelling at me.
         req = req = Rack::Request.new(env)
@@ -31,10 +31,10 @@ module Rack
 
         # This double assignment is to prevent an "unused variable" warning on
         # Ruby 1.9.3.  Yes, it is dumb, but I don't like Ruby yelling at me.
-        detail = detail = env["rack.showstatus.detail"] || message
+        detail = detail = env[RACK_SHOWSTATUS_DETAIL] || message
 
         body = @template.result(binding)
-        size = Rack::Utils.bytesize(body)
+        size = body.bytesize
         [status, headers.merge(CONTENT_TYPE => "text/html", CONTENT_LENGTH => size.to_s), [body]]
       else
         [status, headers, body]

data/lib/rack/static.rb

@@ -1,3 +1,6 @@
+require "rack/file"
+require "rack/utils"
+
 module Rack
 
   # The Rack::Static middleware intercepts requests for static files
@@ -84,18 +87,23 @@ module Rack
       @app = app
       @urls = options[:urls] || ["/favicon.ico"]
       @index = options[:index]
+      @gzip = options[:gzip]
       root = options[:root] || Dir.pwd
 
       # HTTP Headers
       @header_rules = options[:header_rules] || []
       # Allow for legacy :cache_control option while prioritizing global header_rules setting
-      @header_rules.insert(0, [:all, {'Cache-Control' => options[:cache_control]}]) if options[:cache_control]
+      @header_rules.unshift([:all, {CACHE_CONTROL => options[:cache_control]}]) if options[:cache_control]
 
       @file_server = Rack::File.new(root)
     end
 
+    def add_index_root?(path)
+      @index && path =~ /\/$/
+    end
+
     def overwrite_file_path(path)
-      @urls.kind_of?(Hash) && @urls.key?(path) || @index && path =~ /\/$/
+      @urls.kind_of?(Hash) && @urls.key?(path) || add_index_root?(path)
     end
 
     def route_file(path)
@@ -110,9 +118,26 @@ module Rack
       path = env[PATH_INFO]
 
       if can_serve(path)
-        env["PATH_INFO"] = (path =~ /\/$/ ? path + @index : @urls[path]) if overwrite_file_path(path)
-        path = env["PATH_INFO"]
-        response = @file_server.call(env)
+        if overwrite_file_path(path)
+          env[PATH_INFO] = (add_index_root?(path) ? path + @index : @urls[path])
+        elsif @gzip && env['HTTP_ACCEPT_ENCODING'] =~ /\bgzip\b/
+          path = env[PATH_INFO]
+          env[PATH_INFO] += '.gz'
+          response = @file_server.call(env)
+          env[PATH_INFO] = path
+
+          if response[0] == 404
+            response = nil
+          else
+            if mime_type = Mime.mime_type(::File.extname(path), 'text/plain')
+              response[1][CONTENT_TYPE] = mime_type
+            end
+            response[1]['Content-Encoding'] = 'gzip'
+          end
+        end
+
+        path = env[PATH_INFO]
+        response ||= @file_server.call(env)
 
         headers = response[1]
         applicable_rules(path).each do |rule, new_headers|

data/lib/rack/tempfile_reaper.rb

@@ -11,10 +11,10 @@ module Rack
     end
 
     def call(env)
-      env['rack.tempfiles'] ||= []
+      env[RACK_TEMPFILES] ||= []
       status, headers, body = @app.call(env)
       body_proxy = BodyProxy.new(body) do
-        env['rack.tempfiles'].each { |f| f.close! } unless env['rack.tempfiles'].nil?
+        env[RACK_TEMPFILES].each(&:close!) unless env[RACK_TEMPFILES].nil?
       end
       [status, headers, body_proxy]
     end

data/lib/rack/urlmap.rb

@@ -41,17 +41,19 @@ module Rack
     end
 
     def call(env)
-      path = env[PATH_INFO]
-      script_name = env['SCRIPT_NAME']
-      hHost = env['HTTP_HOST']
-      sName = env['SERVER_NAME']
-      sPort = env['SERVER_PORT']
+      path        = env[PATH_INFO]
+      script_name = env[SCRIPT_NAME]
+      http_host   = env[HTTP_HOST]
+      server_name = env[SERVER_NAME]
+      server_port = env[SERVER_PORT]
+
+      is_same_server = casecmp?(http_host, server_name) ||
+                       casecmp?(http_host, "#{server_name}:#{server_port}")
 
       @mapping.each do |host, location, match, app|
-        unless casecmp?(hHost, host) \
-            || casecmp?(sName, host) \
-            || (!host && (casecmp?(hHost, sName) ||
-                          casecmp?(hHost, sName+':'+sPort)))
+        unless casecmp?(http_host, host) \
+            || casecmp?(server_name, host) \
+            || (!host && is_same_server)
           next
         end
 
@@ -60,8 +62,8 @@ module Rack
         rest = m[1]
         next unless !rest || rest.empty? || rest[0] == ?/
 
-        env['SCRIPT_NAME'] = (script_name + location)
-        env['PATH_INFO'] = rest
+        env[SCRIPT_NAME] = (script_name + location)
+        env[PATH_INFO] = rest
 
         return app.call(env)
       end
@@ -69,8 +71,8 @@ module Rack
       [404, {CONTENT_TYPE => "text/plain", "X-Cascade" => "pass"}, ["Not Found: #{path}"]]
 
     ensure
-      env['PATH_INFO'] = path
-      env['SCRIPT_NAME'] = script_name
+      env[PATH_INFO]   = path
+      env[SCRIPT_NAME] = script_name
     end
 
     private
@@ -87,4 +89,3 @@ module Rack
     end
   end
 end
-