rack 2.0.9.3 → 2.2.0

data/lib/rack/rewindable_input.rb

@@ -1,6 +1,7 @@
 # -*- encoding: binary -*-
+# frozen_string_literal: true
+
 require 'tempfile'
-require 'rack/utils'
 
 module Rack
   # Class which can make any IO object rewindable, including non-rewindable ones. It does
@@ -40,7 +41,7 @@ module Rack
     end
 
     # Closes this RewindableInput object without closing the originally
-    # wrapped IO oject. Cleans up any temporary resources that this RewindableInput
+    # wrapped IO object. Cleans up any temporary resources that this RewindableInput
     # has created.
     #
     # This method may be called multiple times. It does nothing on subsequent calls.
@@ -72,7 +73,7 @@ module Rack
         @unlinked = true
       end
 
-      buffer = ""
+      buffer = "".dup
       while @io.read(1024 * 4, buffer)
         entire_buffer_written_out = false
         while !entire_buffer_written_out

data/lib/rack/runtime.rb

@@ -1,4 +1,4 @@
-require 'rack/utils'
+# frozen_string_literal: true
 
 module Rack
   # Sets an "X-Runtime" response header, indicating the response
@@ -8,8 +8,8 @@ module Rack
   # time, or before all the other middlewares to include time for them,
   # too.
   class Runtime
-    FORMAT_STRING = "%0.6f".freeze # :nodoc:
-    HEADER_NAME = "X-Runtime".freeze # :nodoc:
+    FORMAT_STRING = "%0.6f" # :nodoc:
+    HEADER_NAME = "X-Runtime" # :nodoc:
 
     def initialize(app, name = nil)
       @app = app
@@ -20,9 +20,11 @@ module Rack
     def call(env)
       start_time = Utils.clock_time
       status, headers, body = @app.call(env)
+      headers = Utils::HeaderHash[headers]
+
       request_time = Utils.clock_time - start_time
 
-      unless headers.has_key?(@header_name)
+      unless headers.key?(@header_name)
         headers[@header_name] = FORMAT_STRING % request_time
       end
 

data/lib/rack/sendfile.rb

@@ -1,5 +1,4 @@
-require 'rack/file'
-require 'rack/body_proxy'
+# frozen_string_literal: true
 
 module Rack
 
@@ -14,7 +13,7 @@ module Rack
   #
   # In order to take advantage of this middleware, the response body must
   # respond to +to_path+ and the request must include an X-Sendfile-Type
-  # header. Rack::File and other components implement +to_path+ so there's
+  # header. Rack::Files and other components implement +to_path+ so there's
   # rarely anything you need to do in your application. The X-Sendfile-Type
   # header is typically set in your web servers configuration. The following
   # sections attempt to document
@@ -53,7 +52,7 @@ module Rack
   # that it maps to. The middleware performs a simple substitution on the
   # resulting path.
   #
-  # See Also: http://wiki.codemongers.com/NginxXSendfile
+  # See Also: https://www.nginx.com/resources/wiki/start/topics/examples/xsendfile
   #
   # === lighttpd
   #
@@ -99,7 +98,7 @@ module Rack
   # will be matched with case indifference.
 
   class Sendfile
-    def initialize(app, variation=nil, mappings=[])
+    def initialize(app, variation = nil, mappings = [])
       @app = app
       @variation = variation
       @mappings = mappings.map do |internal, external|
@@ -115,7 +114,8 @@ module Rack
           path = ::File.expand_path(body.to_path)
           if url = map_accel_path(env, path)
             headers[CONTENT_LENGTH] = '0'
-            headers[type] = url
+            # '?' must be percent-encoded because it is not query string but a part of path
+            headers[type] = ::Rack::Utils.escape_path(url).gsub('?', '%3F')
             obody = body
             body = Rack::BodyProxy.new([]) do
               obody.close if obody.respond_to?(:close)
@@ -147,11 +147,15 @@ module Rack
     end
 
     def map_accel_path(env, path)
-      if mapping = @mappings.find { |internal,_| internal =~ path }
+      if mapping = @mappings.find { |internal, _| internal =~ path }
         path.sub(*mapping)
       elsif mapping = env['HTTP_X_ACCEL_MAPPING']
-        internal, external = mapping.split('=', 2).map(&:strip)
-        path.sub(/^#{internal}/i, external)
+        mapping.split(',').map(&:strip).each do |m|
+          internal, external = m.split('=', 2).map(&:strip)
+          new_path = path.sub(/^#{internal}/i, external)
+          return new_path unless path == new_path
+        end
+        path
       end
     end
   end

data/lib/rack/server.rb

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
 require 'optparse'
 require 'fileutils'
 
-
 module Rack
 
   class Server
+    (require_relative 'core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
 
     class Options
       def parse!(args)
@@ -21,10 +23,6 @@ module Rack
             lineno += 1
           }
 
-          opts.on("-b", "--builder BUILDER_LINE", "evaluate a BUILDER_LINE of code as a builder script") { |line|
-            options[:builder] = line
-          }
-
           opts.on("-d", "--debug", "set debugging flags (set $DEBUG to true)") {
             options[:debug] = true
           }
@@ -42,12 +40,16 @@ module Rack
 
           opts.on("-r", "--require LIBRARY",
                   "require the library, before executing your script") { |library|
-            options[:require] = library
+            (options[:require] ||= []) << library
           }
 
           opts.separator ""
           opts.separator "Rack options:"
-          opts.on("-s", "--server SERVER", "serve using SERVER (thin/puma/webrick/mongrel)") { |s|
+          opts.on("-b", "--builder BUILDER_LINE", "evaluate a BUILDER_LINE of code as a builder script") { |line|
+            options[:builder] = line
+          }
+
+          opts.on("-s", "--server SERVER", "serve using SERVER (thin/puma/webrick)") { |s|
             options[:server] = s
           }
 
@@ -77,6 +79,24 @@ module Rack
             options[:pid] = ::File.expand_path(f)
           }
 
+          opts.separator ""
+          opts.separator "Profiling options:"
+
+          opts.on("--heap HEAPFILE", "Build the application, then dump the heap to HEAPFILE") do |e|
+            options[:heapfile] = e
+          end
+
+          opts.on("--profile PROFILE", "Dump CPU or Memory profile to PROFILE (defaults to a tempfile)") do |e|
+            options[:profile_file] = e
+          end
+
+          opts.on("--profile-mode MODE", "Profile mode (cpu|wall|object)") do |e|
+            { cpu: true, wall: true, object: true }.fetch(e.to_sym) do
+              raise OptionParser::InvalidOption, "unknown profile mode: #{e}"
+            end
+            options[:profile_mode] = e.to_sym
+          end
+
           opts.separator ""
           opts.separator "Common options:"
 
@@ -114,14 +134,14 @@ module Rack
 
             has_options = false
             server.valid_options.each do |name, description|
-              next if name.to_s.match(/^(Host|Port)[^a-zA-Z]/) # ignore handler's host and port options, we do our own.
+              next if /^(Host|Port)[^a-zA-Z]/.match?(name.to_s) # ignore handler's host and port options, we do our own.
               info << "  -O %-21s %s" % [name, description]
               has_options = true
             end
             return "" if !has_options
           end
           info.join("\n")
-        rescue NameError
+        rescue NameError, LoadError
           return "Warning: Could not find handler specified (#{options[:server] || 'default'}) to determine handler-specific options"
         end
       end
@@ -152,7 +172,9 @@ module Rack
 
     # Options may include:
     # * :app
-    #     a rack application to run (overrides :config)
+    #     a rack application to run (overrides :config and :builder)
+    # * :builder
+    #     a string to evaluate a Rack::Builder from
     # * :config
     #     a rackup configuration file path to load (.ru)
     # * :environment
@@ -182,6 +204,14 @@ module Rack
     #     add given paths to $LOAD_PATH
     # * :require
     #     require the given libraries
+    #
+    # Additional options for profiling app initialization include:
+    # * :heapfile
+    #     location for ObjectSpace.dump_all to write the output to
+    # * :profile_file
+    #     location for CPU/Memory (StackProf) profile output (defaults to a tempfile)
+    # * :profile_mode
+    #     StackProf profile mode (cpu|wall|object)
     def initialize(options = nil)
       @ignore_options = []
 
@@ -206,12 +236,12 @@ module Rack
       default_host = environment == 'development' ? 'localhost' : '0.0.0.0'
 
       {
-        :environment => environment,
-        :pid         => nil,
-        :Port        => 9292,
-        :Host        => default_host,
-        :AccessLog   => [],
-        :config      => "config.ru"
+        environment: environment,
+        pid: nil,
+        Port: 9292,
+        Host: default_host,
+        AccessLog: [],
+        config: "config.ru"
       }
     end
 
@@ -222,21 +252,19 @@ module Rack
     class << self
       def logging_middleware
         lambda { |server|
-          server.server.name =~ /CGI/ || server.options[:quiet] ? nil : [Rack::CommonLogger, $stderr]
+          /CGI/.match?(server.server.name) || server.options[:quiet] ? nil : [Rack::CommonLogger, $stderr]
         }
       end
 
       def default_middleware_by_environment
-        m = Hash.new {|h,k| h[k] = []}
+        m = Hash.new {|h, k| h[k] = []}
         m["deployment"] = [
           [Rack::ContentLength],
-          [Rack::Chunked],
           logging_middleware,
           [Rack::TempfileReaper]
         ]
         m["development"] = [
           [Rack::ContentLength],
-          [Rack::Chunked],
           logging_middleware,
           [Rack::ShowExceptions],
           [Rack::Lint],
@@ -255,7 +283,7 @@ module Rack
       self.class.middleware
     end
 
-    def start &blk
+    def start(&block)
       if options[:warn]
         $-w = true
       end
@@ -264,7 +292,7 @@ module Rack
         $LOAD_PATH.unshift(*includes)
       end
 
-      if library = options[:require]
+      Array(options[:require]).each do |library|
         require library
       end
 
@@ -280,7 +308,9 @@ module Rack
 
       # Touch the wrapped app, so that the config.ru is loaded before
       # daemonization (i.e. before chdir, etc).
-      wrapped_app
+      handle_profiling(options[:heapfile], options[:profile_mode], options[:profile_file]) do
+        wrapped_app
+      end
 
       daemonize_app if options[:daemonize]
 
@@ -294,7 +324,7 @@ module Rack
         end
       end
 
-      server.run wrapped_app, options, &blk
+      server.run(wrapped_app, **options, &block)
     end
 
     def server
@@ -321,6 +351,44 @@ module Rack
         app
       end
 
+      def handle_profiling(heapfile, profile_mode, filename)
+        if heapfile
+          require "objspace"
+          ObjectSpace.trace_object_allocations_start
+          yield
+          GC.start
+          ::File.open(heapfile, "w") { |f| ObjectSpace.dump_all(output: f) }
+          exit
+        end
+
+        if profile_mode
+          require "stackprof"
+          require "tempfile"
+
+          make_profile_name(filename) do |filename|
+            ::File.open(filename, "w") do |f|
+              StackProf.run(mode: profile_mode, out: f) do
+                yield
+              end
+              puts "Profile written to: #{filename}"
+            end
+          end
+          exit
+        end
+
+        yield
+      end
+
+      def make_profile_name(filename)
+        if filename
+          yield filename
+        else
+          ::Dir::Tmpname.create("profile.dump") do |tmpname, _, _|
+            yield tmpname
+          end
+        end
+      end
+
       def build_app_from_string
         Rack::Builder.new_from_string(self.options[:builder])
       end
@@ -355,7 +423,10 @@ module Rack
       end
 
       def daemonize_app
+        # Cannot be covered as it forks
+        # :nocov:
         Process.daemon
+        # :nocov:
       end
 
       def write_pid

data/lib/rack/session/abstract/id.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # AUTHOR: blink <blinketje@gmail.com>; blink#ruby-lang@irc.freenode.net
 # bugrep: Andreas Zehnder
 
-require 'rack'
+require_relative '../../../rack'
 require 'time'
-require 'rack/request'
-require 'rack/response'
 require 'securerandom'
 require 'digest/sha2'
 
@@ -84,7 +84,12 @@ module Rack
           @data[key.to_s]
         end
 
-        def fetch(key, default=Unspecified, &block)
+        def dig(key, *keys)
+          load_for_read!
+          @data.dig(key.to_s, *keys)
+        end
+
+        def fetch(key, default = Unspecified, &block)
           load_for_read!
           if default == Unspecified
             @data.fetch(key.to_s, &block)
@@ -187,8 +192,9 @@ module Rack
         end
 
         def stringify_keys(other)
+          # Use transform_keys after dropping Ruby 2.4 support
           hash = {}
-          other.each do |key, value|
+          other.to_hash.each do |key, value|
             hash[key.to_s] = value
           end
           hash
@@ -197,8 +203,8 @@ module Rack
 
       # ID sets up a basic framework for implementing an id based sessioning
       # service. Cookies sent to the client for maintaining sessions will only
-      # contain an id reference. Only #find_session and #write_session are
-      # required to be overwritten.
+      # contain an id reference. Only #find_session, #write_session and
+      # #delete_session are required to be overwritten.
       #
       # All parameters are optional.
       # * :key determines the name of the cookie, by default it is
@@ -226,22 +232,22 @@ module Rack
 
       class Persisted
         DEFAULT_OPTIONS = {
-          :key =>           RACK_SESSION,
-          :path =>          '/',
-          :domain =>        nil,
-          :expire_after =>  nil,
-          :secure =>        false,
-          :httponly =>      true,
-          :defer =>         false,
-          :renew =>         false,
-          :sidbits =>       128,
-          :cookie_only =>   true,
-          :secure_random => ::SecureRandom
+          key: RACK_SESSION,
+          path: '/',
+          domain: nil,
+          expire_after: nil,
+          secure: false,
+          httponly: true,
+          defer: false,
+          renew: false,
+          sidbits: 128,
+          cookie_only: true,
+          secure_random: ::SecureRandom
         }.freeze
 
         attr_reader :key, :default_options, :sid_secure
 
-        def initialize(app, options={})
+        def initialize(app, options = {})
           @app = app
           @default_options = self.class::DEFAULT_OPTIONS.merge(options)
           @key = @default_options.delete(:key)
@@ -253,7 +259,7 @@ module Rack
           context(env)
         end
 
-        def context(env, app=@app)
+        def context(env, app = @app)
           req = make_request env
           prepare_session(req)
           status, headers, body = app.call(req.env)
@@ -376,7 +382,7 @@ module Rack
 
           session.send(:load!) unless loaded_session?(session)
           session_id ||= session.id
-          session_data = session.to_hash.delete_if { |k,v| v.nil? }
+          session_data = session.to_hash.delete_if { |k, v| v.nil? }
 
           if not data = write_session(req, session_id, session_data, options)
             req.get_header(RACK_ERRORS).puts("Warning! #{self.class.name} failed to save session. Content dropped.")
@@ -387,6 +393,12 @@ module Rack
             cookie[:value] = cookie_value(data)
             cookie[:expires] = Time.now + options[:expire_after] if options[:expire_after]
             cookie[:expires] = Time.now + options[:max_age] if options[:max_age]
+
+            if @same_site.respond_to? :call
+              cookie[:same_site] = @same_site.call(req, res)
+            else
+              cookie[:same_site] = @same_site
+            end
             set_cookie(req, res, cookie.merge!(options))
           end
         end

data/lib/rack/session/cookie.rb

@@ -1,9 +1,10 @@
+# frozen_string_literal: true
+
 require 'openssl'
 require 'zlib'
-require 'rack/request'
-require 'rack/response'
-require 'rack/session/abstract/id'
+require_relative 'abstract/id'
 require 'json'
+require 'base64'
 
 module Rack
 
@@ -49,11 +50,11 @@ module Rack
       # Encode session cookies as Base64
       class Base64
         def encode(str)
-          [str].pack('m')
+          ::Base64.strict_encode64(str)
         end
 
         def decode(str)
-          str.unpack('m').first
+          ::Base64.decode64(str)
         end
 
         # Encode session cookies as Marshaled Base64 data
@@ -103,7 +104,7 @@ module Rack
 
       attr_reader :coder
 
-      def initialize(app, options={})
+      def initialize(app, options = {})
         @secrets = options.values_at(:secret, :old_secret).compact
         @hmac = options.fetch(:hmac, OpenSSL::Digest::SHA1)
 
@@ -116,8 +117,9 @@ module Rack
 
         Called from: #{caller[0]}.
         MSG
-        @coder  = options[:coder] ||= Base64::Marshal.new
-        super(app, options.merge!(:cookie_only => true))
+        @coder = options[:coder] ||= Base64::Marshal.new
+        @same_site = options.delete :same_site
+        super(app, options.merge!(cookie_only: true))
       end
 
       private
@@ -137,9 +139,7 @@ module Rack
           session_data = request.cookies[@key]
 
           if @secrets.size > 0 && session_data
-            digest, session_data = session_data.reverse.split("--", 2)
-            digest.reverse! if digest
-            session_data.reverse! if session_data
+            session_data, _, digest = session_data.rpartition('--')
             session_data = nil unless digest_match?(session_data, digest)
           end
 
@@ -147,7 +147,7 @@ module Rack
         end
       end
 
-      def persistent_session_id!(data, sid=nil)
+      def persistent_session_id!(data, sid = nil)
         data ||= {}
         data["session_id"] ||= sid || generate_sid
         data

data/lib/rack/session/memcache.rb

@@ -1,99 +1,10 @@
-# AUTHOR: blink <blinketje@gmail.com>; blink#ruby-lang@irc.freenode.net
+# frozen_string_literal: true
 
-require 'rack/session/abstract/id'
-require 'memcache'
+require 'rack/session/dalli'
 
 module Rack
   module Session
-    # Rack::Session::Memcache provides simple cookie based session management.
-    # Session data is stored in memcached. The corresponding session key is
-    # maintained in the cookie.
-    # You may treat Session::Memcache as you would Session::Pool with the
-    # following caveats.
-    #
-    # * Setting :expire_after to 0 would note to the Memcache server to hang
-    #   onto the session data until it would drop it according to it's own
-    #   specifications. However, the cookie sent to the client would expire
-    #   immediately.
-    #
-    # Note that memcache does drop data before it may be listed to expire. For
-    # a full description of behaviour, please see memcache's documentation.
-
-    class Memcache < Abstract::PersistedSecure
-      attr_reader :mutex, :pool
-
-      DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.merge \
-        :namespace => 'rack:session',
-        :memcache_server => 'localhost:11211'
-
-      def initialize(app, options={})
-        super
-
-        @mutex = Mutex.new
-        mserv = @default_options[:memcache_server]
-        mopts = @default_options.reject{|k,v| !MemCache::DEFAULT_OPTIONS.include? k }
-
-        @pool = options[:cache] || MemCache.new(mserv, mopts)
-        unless @pool.active? and @pool.servers.any?(&:alive?)
-          raise 'No memcache servers'
-        end
-      end
-
-      def generate_sid
-        loop do
-          sid = super
-          break sid unless @pool.get(sid.private_id, true)
-        end
-      end
-
-      def find_session(req, sid)
-        with_lock(req) do
-          unless sid and session = get_session_with_fallback(sid)
-            sid, session = generate_sid, {}
-            unless /^STORED/ =~ @pool.add(sid.private_id, session)
-              raise "Session collision on '#{sid.inspect}'"
-            end
-          end
-          [sid, session]
-        end
-      end
-
-      def write_session(req, session_id, new_session, options)
-        expiry = options[:expire_after]
-        expiry = expiry.nil? ? 0 : expiry + 1
-
-        with_lock(req) do
-          @pool.set session_id.private_id, new_session, expiry
-          session_id
-        end
-      end
-
-      def delete_session(req, session_id, options)
-        with_lock(req) do
-          @pool.delete(session_id.public_id)
-          @pool.delete(session_id.private_id)
-          generate_sid unless options[:drop]
-        end
-      end
-
-      def with_lock(req)
-        @mutex.lock if req.multithread?
-        yield
-      rescue MemCache::MemCacheError, Errno::ECONNREFUSED
-        if $VERBOSE
-          warn "#{self} is unable to find memcached server."
-          warn $!.inspect
-        end
-        raise
-      ensure
-        @mutex.unlock if @mutex.locked?
-      end
-
-      private
-
-      def get_session_with_fallback(sid)
-        @pool.get(sid.private_id) || @pool.get(sid.public_id)
-      end
-    end
+    warn "Rack::Session::Memcache is deprecated, please use Rack::Session::Dalli from 'dalli' gem instead."
+    Memcache = Dalli
   end
 end

data/lib/rack/session/pool.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 # AUTHOR: blink <blinketje@gmail.com>; blink#ruby-lang@irc.freenode.net
 # THANKS:
 #   apeiros, for session id generation, expiry setup, and threadiness
 #   sergio, threadiness and bugreps
 
-require 'rack/session/abstract/id'
+require_relative 'abstract/id'
 require 'thread'
 
 module Rack
@@ -26,9 +28,9 @@ module Rack
 
     class Pool < Abstract::PersistedSecure
       attr_reader :mutex, :pool
-      DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.merge :drop => false
+      DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.merge drop: false
 
-      def initialize(app, options={})
+      def initialize(app, options = {})
         super
         @pool = Hash.new
         @mutex = Mutex.new