rack 1.6.13 → 2.0.1

data/lib/rack/directory.rb

@@ -39,58 +39,83 @@ table { width:100%%; }
 </body></html>
     PAGE
 
-    attr_reader :files
-    attr_accessor :root, :path
+    class DirectoryBody < Struct.new(:root, :path, :files)
+      def each
+        show_path = Rack::Utils.escape_html(path.sub(/^#{root}/,''))
+        listings = files.map{|f| DIR_FILE % DIR_FILE_escape(*f) }*"\n"
+        page  = DIR_PAGE % [ show_path, show_path , listings ]
+        page.each_line{|l| yield l }
+      end
+
+      private
+      # Assumes url is already escaped.
+      def DIR_FILE_escape url, *html
+        [url, *html.map { |e| Utils.escape_html(e) }]
+      end
+    end
+
+    attr_reader :root, :path
 
     def initialize(root, app=nil)
-      @root = F.expand_path(root)
+      @root = ::File.expand_path(root)
       @app = app || Rack::File.new(@root)
+      @head = Rack::Head.new(lambda { |env| get env })
     end
 
     def call(env)
-      dup._call(env)
+      # strip body if this is a HEAD call
+      @head.call env
     end
 
-    F = ::File
-
-    def _call(env)
-      @env = env
-      @script_name = env[SCRIPT_NAME]
-      @path_info = Utils.unescape(env[PATH_INFO])
+    def get(env)
+      script_name = env[SCRIPT_NAME]
+      path_info = Utils.unescape_path(env[PATH_INFO])
 
-      if forbidden = check_forbidden
+      if bad_request = check_bad_request(path_info)
+        bad_request
+      elsif forbidden = check_forbidden(path_info)
         forbidden
       else
-        @path = F.join(@root, @path_info)
-        list_path
+        path = ::File.join(@root, path_info)
+        list_path(env, path, path_info, script_name)
       end
     end
 
-    def check_forbidden
-      return unless @path_info.include? ".."
+    def check_bad_request(path_info)
+      return if Utils.valid_path?(path_info)
+
+      body = "Bad Request\n"
+      size = body.bytesize
+      return [400, {CONTENT_TYPE => "text/plain",
+        CONTENT_LENGTH => size.to_s,
+        "X-Cascade" => "pass"}, [body]]
+    end
+
+    def check_forbidden(path_info)
+      return unless path_info.include? ".."
 
       body = "Forbidden\n"
-      size = Rack::Utils.bytesize(body)
-      return [403, {"Content-Type" => "text/plain",
+      size = body.bytesize
+      return [403, {CONTENT_TYPE => "text/plain",
         CONTENT_LENGTH => size.to_s,
         "X-Cascade" => "pass"}, [body]]
     end
 
-    def list_directory
-      @files = [['../','Parent Directory','','','']]
-      glob = F.join(@path, '*')
+    def list_directory(path_info, path, script_name)
+      files = [['../','Parent Directory','','','']]
+      glob = ::File.join(path, '*')
 
-      url_head = (@script_name.split('/') + @path_info.split('/')).map do |part|
-        Rack::Utils.escape part
+      url_head = (script_name.split('/') + path_info.split('/')).map do |part|
+        Rack::Utils.escape_path part
       end
 
       Dir[glob].sort.each do |node|
         stat = stat(node)
-        next  unless stat
-        basename = F.basename(node)
-        ext = F.extname(node)
+        next unless stat
+        basename = ::File.basename(node)
+        ext = ::File.extname(node)
 
-        url = F.join(*url_head + [Rack::Utils.escape(basename)])
+        url = ::File.join(*url_head + [Rack::Utils.escape_path(basename)])
         size = stat.size
         type = stat.directory? ? 'directory' : Mime.mime_type(ext)
         size = stat.directory? ? '-' : filesize_format(size)
@@ -98,49 +123,42 @@ table { width:100%%; }
         url << '/'  if stat.directory?
         basename << '/'  if stat.directory?
 
-        @files << [ url, basename, size, type, mtime ]
+        files << [ url, basename, size, type, mtime ]
       end
 
-      return [ 200, { CONTENT_TYPE =>'text/html; charset=utf-8'}, self ]
+      return [ 200, { CONTENT_TYPE =>'text/html; charset=utf-8'}, DirectoryBody.new(@root, path, files) ]
     end
 
-    def stat(node, max = 10)
-      F.stat(node)
+    def stat(node)
+      ::File.stat(node)
     rescue Errno::ENOENT, Errno::ELOOP
       return nil
     end
 
     # TODO: add correct response if not readable, not sure if 404 is the best
     #       option
-    def list_path
-      @stat = F.stat(@path)
+    def list_path(env, path, path_info, script_name)
+      stat = ::File.stat(path)
 
-      if @stat.readable?
-        return @app.call(@env) if @stat.file?
-        return list_directory if @stat.directory?
+      if stat.readable?
+        return @app.call(env) if stat.file?
+        return list_directory(path_info, path, script_name) if stat.directory?
       else
         raise Errno::ENOENT, 'No such file or directory'
       end
 
     rescue Errno::ENOENT, Errno::ELOOP
-      return entity_not_found
+      return entity_not_found(path_info)
     end
 
-    def entity_not_found
-      body = "Entity not found: #{@path_info}\n"
-      size = Rack::Utils.bytesize(body)
-      return [404, {"Content-Type" => "text/plain",
+    def entity_not_found(path_info)
+      body = "Entity not found: #{path_info}\n"
+      size = body.bytesize
+      return [404, {CONTENT_TYPE => "text/plain",
         CONTENT_LENGTH => size.to_s,
         "X-Cascade" => "pass"}, [body]]
     end
 
-    def each
-      show_path = Rack::Utils.escape_html(@path.sub(/^#{@root}/,''))
-      files = @files.map{|f| DIR_FILE % DIR_FILE_escape(*f) }*"\n"
-      page  = DIR_PAGE % [ show_path, show_path , files ]
-      page.each_line{|l| yield l }
-    end
-
     # Stolen from Ramaze
 
     FILESIZE_FORMAT = [
@@ -155,13 +173,7 @@ table { width:100%%; }
         return format % (int.to_f / size) if int >= size
       end
 
-      int.to_s + 'B'
-    end
-
-    private
-    # Assumes url is already escaped.
-    def DIR_FILE_escape url, *html
-      [url, *html.map { |e| Utils.escape_html(e) }]
+      "#{int}B"
     end
   end
 end

data/lib/rack/etag.rb

@@ -1,3 +1,4 @@
+require 'rack'
 require 'digest/md5'
 
 module Rack
@@ -11,7 +12,7 @@ module Rack
   # used when Etag is absent and a directive when it is present. The first
   # defaults to nil, while the second defaults to "max-age=0, private, must-revalidate"
   class ETag
-    ETAG_STRING = 'ETag'.freeze
+    ETAG_STRING = Rack::ETAG
     DEFAULT_CACHE_CONTROL = "max-age=0, private, must-revalidate".freeze
 
     def initialize(app, no_cache_control = nil, cache_control = DEFAULT_CACHE_CONTROL)
@@ -64,10 +65,10 @@ module Rack
 
         body.each do |part|
           parts << part
-          (digest ||= Digest::MD5.new) << part unless part.empty?
+          (digest ||= Digest::SHA256.new) << part unless part.empty?
         end
 
-        [digest && digest.hexdigest, parts]
+        [digest && digest.hexdigest.byteslice(0, 32), parts]
       end
   end
 end

data/lib/rack/events.rb

@@ -0,0 +1,154 @@
+require 'rack/response'
+require 'rack/body_proxy'
+
+module Rack
+  ### This middleware provides hooks to certain places in the request /
+  #response lifecycle.  This is so that middleware that don't need to filter
+  #the response data can safely leave it alone and not have to send messages
+  #down the traditional "rack stack".
+  #
+  # The events are:
+  #
+  # * on_start(request, response)
+  #
+  #   This event is sent at the start of the request, before the next
+  #   middleware in the chain is called.  This method is called with a request
+  #   object, and a response object.  Right now, the response object is always
+  #   nil, but in the future it may actually be a real response object.
+  #
+  # * on_commit(request, response)
+  #
+  #   The response has been committed.  The application has returned, but the
+  #   response has not been sent to the webserver yet.  This method is always
+  #   called with a request object and the response object.  The response
+  #   object is constructed from the rack triple that the application returned.
+  #   Changes may still be made to the response object at this point.
+  #
+  # * on_send(request, response)
+  #
+  #   The webserver has started iterating over the response body and presumably
+  #   has started sending data over the wire. This method is always called with
+  #   a request object and the response object.  The response object is
+  #   constructed from the rack triple that the application returned.  Changes
+  #   SHOULD NOT be made to the response object as the webserver has already
+  #   started sending data.  Any mutations will likely result in an exception.
+  #
+  # * on_finish(request, response)
+  #
+  #   The webserver has closed the response, and all data has been written to
+  #   the response socket.  The request and response object should both be
+  #   read-only at this point.  The body MAY NOT be available on the response
+  #   object as it may have been flushed to the socket.
+  #
+  # * on_error(request, response, error)
+  #
+  #   An exception has occurred in the application or an `on_commit` event.
+  #   This method will get the request, the response (if available) and the
+  #   exception that was raised.
+  #
+  # ## Order
+  #
+  # `on_start` is called on the handlers in the order that they were passed to
+  # the constructor.  `on_commit`, on_send`, `on_finish`, and `on_error` are
+  # called in the reverse order.  `on_finish` handlers are called inside an
+  # `ensure` block, so they are guaranteed to be called even if something
+  # raises an exception.  If something raises an exception in a `on_finish`
+  # method, then nothing is guaranteed.
+
+  class Events
+    module Abstract
+      def on_start req, res
+      end
+
+      def on_commit req, res
+      end
+
+      def on_send req, res
+      end
+
+      def on_finish req, res
+      end
+
+      def on_error req, res, e
+      end
+    end
+
+    class EventedBodyProxy < Rack::BodyProxy # :nodoc:
+      attr_reader :request, :response
+
+      def initialize body, request, response, handlers, &block
+        super(body, &block)
+        @request  = request
+        @response = response
+        @handlers = handlers
+      end
+
+      def each
+        @handlers.reverse_each { |handler| handler.on_send request, response }
+        super
+      end
+    end
+
+    class BufferedResponse < Rack::Response::Raw # :nodoc:
+      attr_reader :body
+
+      def initialize status, headers, body
+        super(status, headers)
+        @body = body
+      end
+
+      def to_a; [status, headers, body]; end
+    end
+
+    def initialize app, handlers
+      @app      = app
+      @handlers = handlers
+    end
+
+    def call env
+      request = make_request env
+      on_start request, nil
+
+      begin
+        status, headers, body = @app.call request.env
+        response = make_response status, headers, body
+        on_commit request, response
+      rescue StandardError => e
+        on_error request, response, e
+        on_finish request, response
+        raise
+      end
+
+      body = EventedBodyProxy.new(body, request, response, @handlers) do
+        on_finish request, response
+      end
+      [response.status, response.headers, body]
+    end
+
+    private
+
+    def on_error request, response, e
+      @handlers.reverse_each { |handler| handler.on_error request, response, e }
+    end
+
+    def on_commit request, response
+      @handlers.reverse_each { |handler| handler.on_commit request, response }
+    end
+
+    def on_start request, response
+      @handlers.each { |handler| handler.on_start request, nil }
+    end
+
+    def on_finish request, response
+      @handlers.reverse_each { |handler| handler.on_finish request, response }
+    end
+
+    def make_request env
+      Rack::Request.new env
+    end
+
+    def make_response status, headers, body
+      BufferedResponse.new status, headers, body
+    end
+  end
+end

data/lib/rack/file.rb

@@ -1,6 +1,8 @@
 require 'time'
 require 'rack/utils'
 require 'rack/mime'
+require 'rack/request'
+require 'rack/head'
 
 module Rack
   # Rack::File serves files below the +root+ directory given, according to the
@@ -15,70 +17,70 @@ module Rack
     ALLOWED_VERBS = %w[GET HEAD OPTIONS]
     ALLOW_HEADER = ALLOWED_VERBS.join(', ')
 
-    attr_accessor :root
-    attr_accessor :path
-    attr_accessor :cache_control
-
-    alias :to_path :path
+    attr_reader :root
 
     def initialize(root, headers={}, default_mime = 'text/plain')
       @root = root
       @headers = headers
       @default_mime = default_mime
+      @head = Rack::Head.new(lambda { |env| get env })
     end
 
     def call(env)
-      dup._call(env)
+      # HEAD requests drop the response body, including 4xx error messages.
+      @head.call env
     end
 
-    F = ::File
-
-    def _call(env)
-      unless ALLOWED_VERBS.include? env[REQUEST_METHOD]
+    def get(env)
+      request = Rack::Request.new env
+      unless ALLOWED_VERBS.include? request.request_method
         return fail(405, "Method Not Allowed", {'Allow' => ALLOW_HEADER})
       end
 
-      path_info = Utils.unescape(env[PATH_INFO])
-      clean_path_info = Utils.clean_path_info(path_info)
+      path_info = Utils.unescape_path request.path_info
+      return fail(400, "Bad Request") unless Utils.valid_path?(path_info)
 
-      @path = F.join(@root, clean_path_info)
+      clean_path_info = Utils.clean_path_info(path_info)
+      path = ::File.join(@root, clean_path_info)
 
       available = begin
-        F.file?(@path) && F.readable?(@path)
+        ::File.file?(path) && ::File.readable?(path)
       rescue SystemCallError
         false
       end
 
       if available
-        serving(env)
+        serving(request, path)
       else
         fail(404, "File not found: #{path_info}")
       end
     end
 
-    def serving(env)
-      if env["REQUEST_METHOD"] == "OPTIONS"
+    def serving(request, path)
+      if request.options?
         return [200, {'Allow' => ALLOW_HEADER, CONTENT_LENGTH => '0'}, []]
       end
-      last_modified = F.mtime(@path).httpdate
-      return [304, {}, []] if env['HTTP_IF_MODIFIED_SINCE'] == last_modified
+      last_modified = ::File.mtime(path).httpdate
+      return [304, {}, []] if request.get_header('HTTP_IF_MODIFIED_SINCE') == last_modified
 
       headers = { "Last-Modified" => last_modified }
+      mime_type = mime_type path, @default_mime
       headers[CONTENT_TYPE] = mime_type if mime_type
 
       # Set custom headers
       @headers.each { |field, content| headers[field] = content } if @headers
 
-      response = [ 200, headers, env[REQUEST_METHOD] == "HEAD" ? [] : self ]
+      response = [ 200, headers ]
 
-      size = filesize
+      size = filesize path
 
-      ranges = Rack::Utils.byte_ranges(env, size)
+      range = nil
+      ranges = Rack::Utils.get_byte_ranges(request.get_header('HTTP_RANGE'), size)
       if ranges.nil? || ranges.length > 1
         # No ranges, or multiple ranges (which we don't support):
         # TODO: Support multiple byte-ranges
         response[0] = 200
-        @range = 0..size-1
+        range = 0..size-1
       elsif ranges.empty?
         # Unsatisfiable. Return error, and file size:
         response = fail(416, "Byte range unsatisfiable")
@@ -86,36 +88,58 @@ module Rack
         return response
       else
         # Partial content:
-        @range = ranges[0]
+        range = ranges[0]
         response[0] = 206
-        response[1]["Content-Range"] = "bytes #{@range.begin}-#{@range.end}/#{size}"
-        size = @range.end - @range.begin + 1
+        response[1]["Content-Range"] = "bytes #{range.begin}-#{range.end}/#{size}"
+        size = range.end - range.begin + 1
       end
 
       response[2] = [response_body] unless response_body.nil?
 
       response[1][CONTENT_LENGTH] = size.to_s
+      response[2] = make_body request, path, range
       response
     end
 
-    def each
-      F.open(@path, "rb") do |file|
-        file.seek(@range.begin)
-        remaining_len = @range.end-@range.begin+1
-        while remaining_len > 0
-          part = file.read([8192, remaining_len].min)
-          break unless part
-          remaining_len -= part.length
+    class Iterator
+      attr_reader :path, :range
+      alias :to_path :path
+
+      def initialize path, range
+        @path  = path
+        @range = range
+      end
 
-          yield part
+      def each
+        ::File.open(path, "rb") do |file|
+          file.seek(range.begin)
+          remaining_len = range.end-range.begin+1
+          while remaining_len > 0
+            part = file.read([8192, remaining_len].min)
+            break unless part
+            remaining_len -= part.length
+
+            yield part
+          end
         end
       end
+
+      def close; end
     end
 
     private
 
+    def make_body request, path, range
+      if request.head?
+        []
+      else
+        Iterator.new path, range
+      end
+    end
+
     def fail(status, body, headers = {})
       body += "\n"
+
       [
         status,
         {
@@ -128,18 +152,18 @@ module Rack
     end
 
     # The MIME type for the contents of the file located at @path
-    def mime_type
-      Mime.mime_type(F.extname(@path), @default_mime)
+    def mime_type path, default_mime
+      Mime.mime_type(::File.extname(path), default_mime)
     end
 
-    def filesize
+    def filesize path
       # If response_body is present, use its size.
       return Rack::Utils.bytesize(response_body) if response_body
 
       #   We check via File::size? whether this file provides size info
       #   via stat (e.g. /proc files often don't), otherwise we have to
       #   figure it out by reading the whole file into memory.
-      F.size?(@path) || Utils.bytesize(F.read(@path))
+      ::File.size?(path) || ::File.read(path).bytesize
     end
 
     # By default, the response body for file requests is nil.

data/lib/rack/handler/cgi.rb

@@ -13,22 +13,21 @@ module Rack
         env = ENV.to_hash
         env.delete "HTTP_CONTENT_LENGTH"
 
-        env["SCRIPT_NAME"] = ""  if env["SCRIPT_NAME"] == "/"
-
-        env.update({"rack.version" => Rack::VERSION,
-                     "rack.input" => Rack::RewindableInput.new($stdin),
-                     "rack.errors" => $stderr,
-
-                     "rack.multithread" => false,
-                     "rack.multiprocess" => true,
-                     "rack.run_once" => true,
-
-                     "rack.url_scheme" => ["yes", "on", "1"].include?(ENV["HTTPS"]) ? "https" : "http"
-                   })
-
-        env[QUERY_STRING]   ||= ""
-        env["HTTP_VERSION"] ||= env["SERVER_PROTOCOL"]
-        env["REQUEST_PATH"] ||= "/"
+        env[SCRIPT_NAME] = ""  if env[SCRIPT_NAME] == "/"
+
+        env.update(
+          RACK_VERSION      => Rack::VERSION,
+          RACK_INPUT        => Rack::RewindableInput.new($stdin),
+          RACK_ERRORS       => $stderr,
+          RACK_MULTITHREAD  => false,
+          RACK_MULTIPROCESS => true,
+          RACK_RUNONCE      => true,
+          RACK_URL_SCHEME   => ["yes", "on", "1"].include?(ENV[HTTPS]) ? "https" : "http"
+        )
+
+        env[QUERY_STRING] ||= ""
+        env[HTTP_VERSION] ||= env[SERVER_PROTOCOL]
+        env[REQUEST_PATH] ||= "/"
 
         status, headers, body = app.call(env)
         begin

data/lib/rack/handler/fastcgi.rb

@@ -44,24 +44,23 @@ module Rack
         env = request.env
         env.delete "HTTP_CONTENT_LENGTH"
 
-        env["SCRIPT_NAME"] = ""  if env["SCRIPT_NAME"] == "/"
+        env[SCRIPT_NAME] = ""  if env[SCRIPT_NAME] == "/"
 
         rack_input = RewindableInput.new(request.in)
 
-        env.update({"rack.version" => Rack::VERSION,
-                     "rack.input" => rack_input,
-                     "rack.errors" => request.err,
+        env.update(
+          RACK_VERSION      => Rack::VERSION,
+          RACK_INPUT        => rack_input,
+          RACK_ERRORS       => request.err,
+          RACK_MULTITHREAD  => false,
+          RACK_MULTIPROCESS => true,
+          RACK_RUNONCE      => false,
+          RACK_URL_SCHEME   => ["yes", "on", "1"].include?(env[HTTPS]) ? "https" : "http"
+        )
 
-                     "rack.multithread" => false,
-                     "rack.multiprocess" => true,
-                     "rack.run_once" => false,
-
-                     "rack.url_scheme" => ["yes", "on", "1"].include?(env["HTTPS"]) ? "https" : "http"
-                   })
-
-        env[QUERY_STRING]   ||= ""
-        env["HTTP_VERSION"] ||= env["SERVER_PROTOCOL"]
-        env["REQUEST_PATH"] ||= "/"
+        env[QUERY_STRING] ||= ""
+        env[HTTP_VERSION] ||= env[SERVER_PROTOCOL]
+        env[REQUEST_PATH] ||= "/"
         env.delete "CONTENT_TYPE"  if env["CONTENT_TYPE"] == ""
         env.delete "CONTENT_LENGTH"  if env["CONTENT_LENGTH"] == ""
 

data/lib/rack/handler/lsws.rb

@@ -13,23 +13,23 @@ module Rack
       def self.serve(app)
         env = ENV.to_hash
         env.delete "HTTP_CONTENT_LENGTH"
-        env["SCRIPT_NAME"] = "" if env["SCRIPT_NAME"] == "/"
+        env[SCRIPT_NAME] = "" if env[SCRIPT_NAME] == "/"
 
         rack_input = RewindableInput.new($stdin.read.to_s)
 
         env.update(
-          "rack.version" => Rack::VERSION,
-          "rack.input" => rack_input,
-          "rack.errors" => $stderr,
-          "rack.multithread" => false,
-          "rack.multiprocess" => true,
-          "rack.run_once" => false,
-          "rack.url_scheme" => ["yes", "on", "1"].include?(ENV["HTTPS"]) ? "https" : "http"
+          RACK_VERSION      => Rack::VERSION,
+          RACK_INPUT        => rack_input,
+          RACK_ERRORS       => $stderr,
+          RACK_MULTITHREAD  => false,
+          RACK_MULTIPROCESS => true,
+          RACK_RUNONCE      => false,
+          RACK_URL_SCHEME   => ["yes", "on", "1"].include?(ENV[HTTPS]) ? "https" : "http"
         )
 
-        env[QUERY_STRING]   ||= ""
-        env["HTTP_VERSION"] ||= env["SERVER_PROTOCOL"]
-        env["REQUEST_PATH"] ||= "/"
+        env[QUERY_STRING] ||= ""
+        env[HTTP_VERSION] ||= env[SERVER_PROTOCOL]
+        env[REQUEST_PATH] ||= "/"
         status, headers, body = app.call(env)
         begin
           send_headers status, headers