rack 2.0.8 → 2.2.2

data/lib/rack/auth/abstract/handler.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   module Auth
     # Rack::Auth::AbstractHandler implements common authentication functionality.
@@ -8,7 +10,7 @@ module Rack
 
       attr_accessor :realm
 
-      def initialize(app, realm=nil, &authenticator)
+      def initialize(app, realm = nil, &authenticator)
         @app, @realm, @authenticator = app, realm, authenticator
       end
 

data/lib/rack/auth/abstract/request.rb

@@ -1,4 +1,4 @@
-require 'rack/request'
+# frozen_string_literal: true
 
 module Rack
   module Auth

data/lib/rack/auth/basic.rb

@@ -1,5 +1,8 @@
-require 'rack/auth/abstract/handler'
-require 'rack/auth/abstract/request'
+# frozen_string_literal: true
+
+require_relative 'abstract/handler'
+require_relative 'abstract/request'
+require 'base64'
 
 module Rack
   module Auth
@@ -41,11 +44,11 @@ module Rack
 
       class Request < Auth::AbstractRequest
         def basic?
-          "basic" == scheme
+          "basic" == scheme && credentials.length == 2
         end
 
         def credentials
-          @credentials ||= params.unpack("m*").first.split(/:/, 2)
+          @credentials ||= Base64.decode64(params).split(':', 2)
         end
 
         def username

data/lib/rack/auth/digest/md5.rb

@@ -1,7 +1,9 @@
-require 'rack/auth/abstract/handler'
-require 'rack/auth/digest/request'
-require 'rack/auth/digest/params'
-require 'rack/auth/digest/nonce'
+# frozen_string_literal: true
+
+require_relative '../abstract/handler'
+require_relative 'request'
+require_relative 'params'
+require_relative 'nonce'
 require 'digest/md5'
 
 module Rack
@@ -21,7 +23,7 @@ module Rack
 
         attr_writer :passwords_hashed
 
-        def initialize(app, realm=nil, opaque=nil, &authenticator)
+        def initialize(app, realm = nil, opaque = nil, &authenticator)
           @passwords_hashed = nil
           if opaque.nil? and realm.respond_to? :values_at
             realm, opaque, @passwords_hashed = realm.values_at :realm, :opaque, :passwords_hashed
@@ -47,7 +49,7 @@ module Rack
 
           if valid?(auth)
             if auth.nonce.stale?
-              return unauthorized(challenge(:stale => true))
+              return unauthorized(challenge(stale: true))
             else
               env['REMOTE_USER'] = auth.username
 
@@ -61,7 +63,7 @@ module Rack
 
         private
 
-        QOP = 'auth'.freeze
+        QOP = 'auth'
 
         def params(hash = {})
           Params.new do |params|
@@ -106,21 +108,21 @@ module Rack
         alias :H :md5
 
         def KD(secret, data)
-          H([secret, data] * ':')
+          H "#{secret}:#{data}"
         end
 
         def A1(auth, password)
-          [ auth.username, auth.realm, password ] * ':'
+          "#{auth.username}:#{auth.realm}:#{password}"
         end
 
         def A2(auth)
-          [ auth.method, auth.uri ] * ':'
+          "#{auth.method}:#{auth.uri}"
         end
 
         def digest(auth, password)
           password_hash = passwords_hashed? ? password : H(A1(auth, password))
 
-          KD(password_hash, [ auth.nonce, auth.nc, auth.cnonce, QOP, H(A2(auth)) ] * ':')
+          KD password_hash, "#{auth.nonce}:#{auth.nc}:#{auth.cnonce}:#{QOP}:#{H A2(auth)}"
         end
 
       end

data/lib/rack/auth/digest/nonce.rb

@@ -1,4 +1,7 @@
+# frozen_string_literal: true
+
 require 'digest/md5'
+require 'base64'
 
 module Rack
   module Auth
@@ -18,7 +21,7 @@ module Rack
         end
 
         def self.parse(string)
-          new(*string.unpack("m*").first.split(' ', 2))
+          new(*Base64.decode64(string).split(' ', 2))
         end
 
         def initialize(timestamp = Time.now, given_digest = nil)
@@ -26,11 +29,11 @@ module Rack
         end
 
         def to_s
-          [([ @timestamp, digest ] * ' ')].pack("m*").strip
+          Base64.encode64("#{@timestamp} #{digest}").strip
         end
 
         def digest
-          ::Digest::MD5.hexdigest([ @timestamp, self.class.private_key ] * ':')
+          ::Digest::MD5.hexdigest("#{@timestamp}:#{self.class.private_key}")
         end
 
         def valid?

data/lib/rack/auth/digest/params.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   module Auth
     module Digest
@@ -38,12 +40,12 @@ module Rack
 
         def to_s
           map do |k, v|
-            "#{k}=" << (UNQUOTED.include?(k) ? v.to_s : quote(v))
+            "#{k}=#{(UNQUOTED.include?(k) ? v.to_s : quote(v))}"
           end.join(', ')
         end
 
         def quote(str) # From WEBrick::HTTPUtils
-          '"' << str.gsub(/[\\\"]/o, "\\\1") << '"'
+          '"' + str.gsub(/[\\\"]/o, "\\\1") + '"'
         end
 
       end

data/lib/rack/auth/digest/request.rb

@@ -1,6 +1,8 @@
-require 'rack/auth/abstract/request'
-require 'rack/auth/digest/params'
-require 'rack/auth/digest/nonce'
+# frozen_string_literal: true
+
+require_relative '../abstract/request'
+require_relative 'params'
+require_relative 'nonce'
 
 module Rack
   module Auth

data/lib/rack/body_proxy.rb

@@ -1,19 +1,25 @@
+# frozen_string_literal: true
+
 module Rack
+  # Proxy for response bodies allowing calling a block when
+  # the response body is closed (after the response has been fully
+  # sent to the client).
   class BodyProxy
+    # Set the response body to wrap, and the block to call when the
+    # response has been fully sent.
     def initialize(body, &block)
       @body = body
       @block = block
       @closed = false
     end
 
-    def respond_to?(method_name, include_all=false)
-      case method_name
-      when :to_ary, 'to_ary'
-        return false
-      end
+    # Return whether the wrapped body responds to the method.
+    def respond_to_missing?(method_name, include_all = false)
       super or @body.respond_to?(method_name, include_all)
     end
 
+    # If not already closed, close the wrapped body and
+    # then call the block the proxy was initialized with.
     def close
       return if @closed
       @closed = true
@@ -24,21 +30,16 @@ module Rack
       end
     end
 
+    # Whether the proxy is closed.  The proxy starts as not closed,
+    # and becomes closed on the first call to close.
     def closed?
       @closed
     end
 
-    # N.B. This method is a special case to address the bug described by #434.
-    # We are applying this special case for #each only. Future bugs of this
-    # class will be handled by requesting users to patch their ruby
-    # implementation, to save adding too many methods in this class.
-    def each
-      @body.each { |body| yield body }
-    end
-
+    # Delegate missing methods to the wrapped body.
     def method_missing(method_name, *args, &block)
-      super if :to_ary == method_name
       @body.__send__(method_name, *args, &block)
     end
+    ruby2_keywords(:method_missing) if respond_to?(:ruby2_keywords, true)
   end
 end

data/lib/rack/builder.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   # Rack::Builder implements a small DSL to iteratively construct Rack
   # applications.
@@ -29,32 +31,102 @@ module Rack
   # You can use +map+ to construct a Rack::URLMap in a convenient way.
 
   class Builder
+
+    # https://stackoverflow.com/questions/2223882/whats-the-difference-between-utf-8-and-utf-8-without-bom
+    UTF_8_BOM = '\xef\xbb\xbf'
+
+    # Parse the given config file to get a Rack application.
+    #
+    # If the config file ends in +.ru+, it is treated as a
+    # rackup file and the contents will be treated as if
+    # specified inside a Rack::Builder block, using the given
+    # options.
+    #
+    # If the config file does not end in +.ru+, it is
+    # required and Rack will use the basename of the file
+    # to guess which constant will be the Rack application to run.
+    # The options given will be ignored in this case.
+    #
+    # Examples:
+    #
+    #   Rack::Builder.parse_file('config.ru')
+    #   # Rack application built using Rack::Builder.new
+    #
+    #   Rack::Builder.parse_file('app.rb')
+    #   # requires app.rb, which can be anywhere in Ruby's
+    #   # load path. After requiring, assumes App constant
+    #   # contains Rack application
+    #
+    #   Rack::Builder.parse_file('./my_app.rb')
+    #   # requires ./my_app.rb, which should be in the
+    #   # process's current directory.  After requiring,
+    #   # assumes MyApp constant contains Rack application
     def self.parse_file(config, opts = Server::Options.new)
-      options = {}
-      if config =~ /\.ru$/
-        cfgfile = ::File.read(config)
-        if cfgfile[/^#\\(.*)/] && opts
-          options = opts.parse! $1.split(/\s+/)
-        end
-        cfgfile.sub!(/^__END__\n.*\Z/m, '')
-        app = new_from_string cfgfile, config
+      if config.end_with?('.ru')
+        return self.load_file(config, opts)
       else
         require config
         app = Object.const_get(::File.basename(config, '.rb').split('_').map(&:capitalize).join(''))
+        return app, {}
+      end
+    end
+
+    # Load the given file as a rackup file, treating the
+    # contents as if specified inside a Rack::Builder block.
+    #
+    # Treats the first comment at the beginning of a line
+    # that starts with a backslash as options similar to
+    # options passed on a rackup command line.
+    #
+    # Ignores content in the file after +__END__+, so that
+    # use of +__END__+ will not result in a syntax error.
+    #
+    # Example config.ru file:
+    #
+    #   $ cat config.ru
+    #
+    #   #\ -p 9393
+    #
+    #   use Rack::ContentLength
+    #   require './app.rb'
+    #   run App
+    def self.load_file(path, opts = Server::Options.new)
+      options = {}
+
+      cfgfile = ::File.read(path)
+      cfgfile.slice!(/\A#{UTF_8_BOM}/) if cfgfile.encoding == Encoding::UTF_8
+
+      if cfgfile[/^#\\(.*)/] && opts
+        warn "Parsing options from the first comment line is deprecated!"
+        options = opts.parse! $1.split(/\s+/)
       end
+
+      cfgfile.sub!(/^__END__\n.*\Z/m, '')
+      app = new_from_string cfgfile, path
+
       return app, options
     end
 
-    def self.new_from_string(builder_script, file="(rackup)")
-      eval "Rack::Builder.new {\n" + builder_script + "\n}.to_app",
-        TOPLEVEL_BINDING, file, 0
+    # Evaluate the given +builder_script+ string in the context of
+    # a Rack::Builder block, returning a Rack application.
+    def self.new_from_string(builder_script, file = "(rackup)")
+      # We want to build a variant of TOPLEVEL_BINDING with self as a Rack::Builder instance.
+      # We cannot use instance_eval(String) as that would resolve constants differently.
+      binding, builder = TOPLEVEL_BINDING.eval('Rack::Builder.new.instance_eval { [binding, self] }')
+      eval builder_script, binding, file
+      builder.to_app
     end
 
+    # Initialize a new Rack::Builder instance.  +default_app+ specifies the
+    # default application if +run+ is not called later.  If a block
+    # is given, it is evaluted in the context of the instance.
     def initialize(default_app = nil, &block)
-      @use, @map, @run, @warmup = [], nil, default_app, nil
+      @use, @map, @run, @warmup, @freeze_app = [], nil, default_app, nil, false
       instance_eval(&block) if block_given?
     end
 
+    # Create a new Rack::Builder instance and return the Rack application
+    # generated from it.
     def self.app(default_app = nil, &block)
       self.new(default_app, &block).to_app
     end
@@ -81,10 +153,11 @@ module Rack
     def use(middleware, *args, &block)
       if @map
         mapping, @map = @map, nil
-        @use << proc { |app| generate_map app, mapping }
+        @use << proc { |app| generate_map(app, mapping) }
       end
       @use << proc { |app| middleware.new(app, *args, &block) }
     end
+    ruby2_keywords(:use) if respond_to?(:ruby2_keywords, true)
 
     # Takes an argument that is an object that responds to #call and returns a Rack response.
     # The simplest form of this is a lambda object:
@@ -104,7 +177,8 @@ module Rack
       @run = app
     end
 
-    # Takes a lambda or block that is used to warm-up the application.
+    # Takes a lambda or block that is used to warm-up the application. This block is called
+    # before the Rack application is returned by to_app.
     #
     #   warmup do |app|
     #     client = Rack::MockRequest.new(app)
@@ -113,51 +187,70 @@ module Rack
     #
     #   use SomeMiddleware
     #   run MyApp
-    def warmup(prc=nil, &block)
+    def warmup(prc = nil, &block)
       @warmup = prc || block
     end
 
-    # Creates a route within the application.
+    # Creates a route within the application.  Routes under the mapped path will be sent to
+    # the Rack application specified by run inside the block.  Other requests will be sent to the
+    # default application specified by run outside the block.
     #
     #   Rack::Builder.app do
-    #     map '/' do
+    #     map '/heartbeat' do
     #       run Heartbeat
     #     end
+    #     run App
     #   end
     #
-    # The +use+ method can also be used here to specify middleware to run under a specific path:
+    # The +use+ method can also be used inside the block to specify middleware to run under a specific path:
     #
     #   Rack::Builder.app do
-    #     map '/' do
+    #     map '/heartbeat' do
     #       use Middleware
     #       run Heartbeat
     #     end
+    #     run App
     #   end
     #
-    # This example includes a piece of middleware which will run before requests hit +Heartbeat+.
+    # This example includes a piece of middleware which will run before +/heartbeat+ requests hit +Heartbeat+.
     #
+    # Note that providing a +path+ of +/+ will ignore any default application given in a +run+ statement
+    # outside the block.
     def map(path, &block)
       @map ||= {}
       @map[path] = block
     end
 
+    # Freeze the app (set using run) and all middleware instances when building the application
+    # in to_app.
+    def freeze_app
+      @freeze_app = true
+    end
+
+    # Return the Rack application generated by this instance.
     def to_app
       app = @map ? generate_map(@run, @map) : @run
       fail "missing run or map statement" unless app
-      app = @use.reverse.inject(app) { |a,e| e[a] }
+      app.freeze if @freeze_app
+      app = @use.reverse.inject(app) { |a, e| e[a].tap { |x| x.freeze if @freeze_app } }
       @warmup.call(app) if @warmup
       app
     end
 
+    # Call the Rack application generated by this builder instance. Note that
+    # this rebuilds the Rack application and runs the warmup code (if any)
+    # every time it is called, so it should not be used if performance is important.
     def call(env)
       to_app.call(env)
     end
 
     private
 
+    # Generate a URLMap instance by generating new Rack applications for each
+    # map block in this instance.
     def generate_map(default_app, mapping)
-      mapped = default_app ? {'/' => default_app} : {}
-      mapping.each { |r,b| mapped[r] = self.class.new(default_app, &b).to_app }
+      mapped = default_app ? { '/' => default_app } : {}
+      mapping.each { |r, b| mapped[r] = self.class.new(default_app, &b).to_app }
       URLMap.new(mapped)
     end
   end