rack 2.0.9.3 → 3.0.0

data/lib/rack/sendfile.rb

@@ -1,33 +1,36 @@
-require 'rack/file'
-require 'rack/body_proxy'
+# frozen_string_literal: true
+
+require_relative 'constants'
+require_relative 'utils'
+require_relative 'body_proxy'
 
 module Rack
 
   # = Sendfile
   #
   # The Sendfile middleware intercepts responses whose body is being
-  # served from a file and replaces it with a server specific X-Sendfile
+  # served from a file and replaces it with a server specific x-sendfile
   # header. The web server is then responsible for writing the file contents
   # to the client. This can dramatically reduce the amount of work required
   # by the Ruby backend and takes advantage of the web server's optimized file
   # delivery code.
   #
   # In order to take advantage of this middleware, the response body must
-  # respond to +to_path+ and the request must include an X-Sendfile-Type
-  # header. Rack::File and other components implement +to_path+ so there's
-  # rarely anything you need to do in your application. The X-Sendfile-Type
+  # respond to +to_path+ and the request must include an x-sendfile-type
+  # header. Rack::Files and other components implement +to_path+ so there's
+  # rarely anything you need to do in your application. The x-sendfile-type
   # header is typically set in your web servers configuration. The following
   # sections attempt to document
   #
   # === Nginx
   #
-  # Nginx supports the X-Accel-Redirect header. This is similar to X-Sendfile
+  # Nginx supports the x-accel-redirect header. This is similar to x-sendfile
   # but requires parts of the filesystem to be mapped into a private URL
   # hierarchy.
   #
   # The following example shows the Nginx configuration required to create
-  # a private "/files/" area, enable X-Accel-Redirect, and pass the special
-  # X-Sendfile-Type and X-Accel-Mapping headers to the backend:
+  # a private "/files/" area, enable x-accel-redirect, and pass the special
+  # x-sendfile-type and x-accel-mapping headers to the backend:
   #
   #   location ~ /files/(.*) {
   #     internal;
@@ -41,24 +44,24 @@ module Rack
   #     proxy_set_header   X-Real-IP           $remote_addr;
   #     proxy_set_header   X-Forwarded-For     $proxy_add_x_forwarded_for;
   #
-  #     proxy_set_header   X-Sendfile-Type     X-Accel-Redirect;
-  #     proxy_set_header   X-Accel-Mapping     /var/www/=/files/;
+  #     proxy_set_header   x-sendfile-type     x-accel-redirect;
+  #     proxy_set_header   x-accel-mapping     /var/www/=/files/;
   #
   #     proxy_pass         http://127.0.0.1:8080/;
   #   }
   #
-  # Note that the X-Sendfile-Type header must be set exactly as shown above.
-  # The X-Accel-Mapping header should specify the location on the file system,
+  # Note that the x-sendfile-type header must be set exactly as shown above.
+  # The x-accel-mapping header should specify the location on the file system,
   # followed by an equals sign (=), followed name of the private URL pattern
   # that it maps to. The middleware performs a simple substitution on the
   # resulting path.
   #
-  # See Also: http://wiki.codemongers.com/NginxXSendfile
+  # See Also: https://www.nginx.com/resources/wiki/start/topics/examples/xsendfile
   #
   # === lighttpd
   #
-  # Lighttpd has supported some variation of the X-Sendfile header for some
-  # time, although only recent version support X-Sendfile in a reverse proxy
+  # Lighttpd has supported some variation of the x-sendfile header for some
+  # time, although only recent version support x-sendfile in a reverse proxy
   # configuration.
   #
   #   $HTTP["host"] == "example.com" {
@@ -72,7 +75,7 @@ module Rack
   #
   #      proxy-core.allow-x-sendfile = "enable"
   #      proxy-core.rewrite-request = (
-  #        "X-Sendfile-Type" => (".*" => "X-Sendfile")
+  #        "x-sendfile-type" => (".*" => "x-sendfile")
   #      )
   #    }
   #
@@ -80,26 +83,26 @@ module Rack
   #
   # === Apache
   #
-  # X-Sendfile is supported under Apache 2.x using a separate module:
+  # x-sendfile is supported under Apache 2.x using a separate module:
   #
   # https://tn123.org/mod_xsendfile/
   #
   # Once the module is compiled and installed, you can enable it using
   # XSendFile config directive:
   #
-  #   RequestHeader Set X-Sendfile-Type X-Sendfile
+  #   RequestHeader Set x-sendfile-type x-sendfile
   #   ProxyPassReverse / http://localhost:8001/
   #   XSendFile on
   #
   # === Mapping parameter
   #
   # The third parameter allows for an overriding extension of the
-  # X-Accel-Mapping header. Mappings should be provided in tuples of internal to
+  # x-accel-mapping header. Mappings should be provided in tuples of internal to
   # external. The internal values may contain regular expression syntax, they
   # will be matched with case indifference.
 
   class Sendfile
-    def initialize(app, variation=nil, mappings=[])
+    def initialize(app, variation = nil, mappings = [])
       @app = app
       @variation = variation
       @mappings = mappings.map do |internal, external|
@@ -108,27 +111,29 @@ module Rack
     end
 
     def call(env)
-      status, headers, body = @app.call(env)
+      status, headers, body = response = @app.call(env)
+
       if body.respond_to?(:to_path)
         case type = variation(env)
-        when 'X-Accel-Redirect'
+        when /x-accel-redirect/i
           path = ::File.expand_path(body.to_path)
           if url = map_accel_path(env, path)
             headers[CONTENT_LENGTH] = '0'
-            headers[type] = url
+            # '?' must be percent-encoded because it is not query string but a part of path
+            headers[type.downcase] = ::Rack::Utils.escape_path(url).gsub('?', '%3F')
             obody = body
-            body = Rack::BodyProxy.new([]) do
+            response[2] = Rack::BodyProxy.new([]) do
               obody.close if obody.respond_to?(:close)
             end
           else
-            env[RACK_ERRORS].puts "X-Accel-Mapping header missing"
+            env[RACK_ERRORS].puts "x-accel-mapping header missing"
           end
-        when 'X-Sendfile', 'X-Lighttpd-Send-File'
+        when /x-sendfile|x-lighttpd-send-file/i
           path = ::File.expand_path(body.to_path)
           headers[CONTENT_LENGTH] = '0'
-          headers[type] = path
+          headers[type.downcase] = path
           obody = body
-          body = Rack::BodyProxy.new([]) do
+          response[2] = Rack::BodyProxy.new([]) do
             obody.close if obody.respond_to?(:close)
           end
         when '', nil
@@ -136,7 +141,7 @@ module Rack
           env[RACK_ERRORS].puts "Unknown x-sendfile variation: '#{type}'.\n"
         end
       end
-      [status, headers, body]
+      response
     end
 
     private
@@ -147,11 +152,15 @@ module Rack
     end
 
     def map_accel_path(env, path)
-      if mapping = @mappings.find { |internal,_| internal =~ path }
+      if mapping = @mappings.find { |internal, _| internal =~ path }
         path.sub(*mapping)
       elsif mapping = env['HTTP_X_ACCEL_MAPPING']
-        internal, external = mapping.split('=', 2).map(&:strip)
-        path.sub(/^#{internal}/i, external)
+        mapping.split(',').map(&:strip).each do |m|
+          internal, external = m.split('=', 2).map(&:strip)
+          new_path = path.sub(/^#{internal}/i, external)
+          return new_path unless path == new_path
+        end
+        path
       end
     end
   end

data/lib/rack/show_exceptions.rb

@@ -1,7 +1,11 @@
+# frozen_string_literal: true
+
 require 'ostruct'
 require 'erb'
-require 'rack/request'
-require 'rack/utils'
+
+require_relative 'constants'
+require_relative 'utils'
+require_relative 'request'
 
 module Rack
   # Rack::ShowExceptions catches all exceptions raised from the app it
@@ -55,7 +59,12 @@ module Rack
     private :accepts_html?
 
     def dump_exception(exception)
-      string = "#{exception.class}: #{exception.message}\n"
+      if exception.respond_to?(:detailed_message)
+        message = exception.detailed_message(highlight: false)
+      else
+        message = exception.message
+      end
+      string = "#{exception.class}: #{message}\n".dup
       string << exception.backtrace.map { |l| "\t#{l}" }.join("\n")
       string
     end
@@ -63,12 +72,12 @@ module Rack
     def pretty(env, exception)
       req = Rack::Request.new(env)
 
-      # This double assignment is to prevent an "unused variable" warning on
-      # Ruby 1.9.3.  Yes, it is dumb, but I don't like Ruby yelling at me.
+      # This double assignment is to prevent an "unused variable" warning.
+      # Yes, it is dumb, but I don't like Ruby yelling at me.
       path = path = (req.script_name + req.path_info).squeeze("/")
 
-      # This double assignment is to prevent an "unused variable" warning on
-      # Ruby 1.9.3.  Yes, it is dumb, but I don't like Ruby yelling at me.
+      # This double assignment is to prevent an "unused variable" warning.
+      # Yes, it is dumb, but I don't like Ruby yelling at me.
       frames = frames = exception.backtrace.map { |line|
         frame = OpenStruct.new
         if line =~ /(.*?):(\d+)(:in `(.*)')?/
@@ -77,13 +86,13 @@ module Rack
           frame.function = $4
 
           begin
-            lineno = frame.lineno-1
+            lineno = frame.lineno - 1
             lines = ::File.readlines(frame.filename)
-            frame.pre_context_lineno = [lineno-CONTEXT, 0].max
+            frame.pre_context_lineno = [lineno - CONTEXT, 0].max
             frame.pre_context = lines[frame.pre_context_lineno...lineno]
             frame.context_line = lines[lineno].chomp
-            frame.post_context_lineno = [lineno+CONTEXT, lines.size].min
-            frame.post_context = lines[lineno+1..frame.post_context_lineno]
+            frame.post_context_lineno = [lineno + CONTEXT, lines.size].min
+            frame.post_context = lines[lineno + 1..frame.post_context_lineno]
           rescue
           end
 
@@ -93,7 +102,11 @@ module Rack
         end
       }.compact
 
-      TEMPLATE.result(binding)
+      template.result(binding)
+    end
+
+    def template
+      TEMPLATE
     end
 
     def h(obj)                  # :nodoc:
@@ -107,8 +120,8 @@ module Rack
 
     # :stopdoc:
 
-    # adapted from Django <djangoproject.com>
-    # Copyright (c) 2005, the Lawrence Journal-World
+    # adapted from Django <www.djangoproject.com>
+    # Copyright (c) Django Software Foundation and individual contributors.
     # Used under the modified BSD license:
     # http://www.xfree86.org/3.3.6/COPYRIGHT2.html#5
     TEMPLATE = ERB.new(<<-'HTML'.gsub(/^      /, ''))
@@ -155,7 +168,7 @@ module Rack
           div.commands { margin-left: 40px; }
           div.commands a { color:black; text-decoration:none; }
           #summary { background: #ffc; }
-          #summary h2 { font-weight: normal; color: #666; }
+          #summary h2 { font-family: monospace; font-weight: normal; color: #666; white-space: pre-wrap; }
           #summary ul#quicklinks { list-style-type: none; margin-bottom: 2em; }
           #summary ul#quicklinks li { float: left; padding: 0 1em; }
           #summary ul#quicklinks>li+li { border-left: 1px #666 solid; }
@@ -223,7 +236,11 @@ module Rack
 
       <div id="summary">
         <h1><%=h exception.class %> at <%=h path %></h1>
+      <% if exception.respond_to?(:detailed_message) %>
+        <h2><%=h exception.detailed_message(highlight: false) %></h2>
+      <% else %>
         <h2><%=h exception.message %></h2>
+      <% end %>
         <table><tr>
           <th>Ruby</th>
           <td>
@@ -307,7 +324,7 @@ module Rack
         <% end %>
 
         <h3 id="post-info">POST</h3>
-        <% if req.POST and not req.POST.empty? %>
+        <% if ((req.POST and not req.POST.empty?) rescue (no_post_data = "Invalid POST data"; nil)) %>
           <table class="req">
             <thead>
               <tr>
@@ -325,7 +342,7 @@ module Rack
             </tbody>
           </table>
         <% else %>
-          <p>No POST data.</p>
+          <p><%= no_post_data || "No POST data" %>.</p>
         <% end %>
 
 
@@ -363,7 +380,7 @@ module Rack
                 <% env.sort_by { |k, v| k.to_s }.each { |key, val| %>
                 <tr>
                   <td><%=h key %></td>
-                  <td class="code"><div><%=h val %></div></td>
+                  <td class="code"><div><%=h val.inspect %></div></td>
                 </tr>
                 <% } %>
             </tbody>

data/lib/rack/show_status.rb

@@ -1,6 +1,11 @@
+# frozen_string_literal: true
+
 require 'erb'
-require 'rack/request'
-require 'rack/utils'
+
+require_relative 'constants'
+require_relative 'utils'
+require_relative 'request'
+require_relative 'body_proxy'
 
 module Rack
   # Rack::ShowStatus catches all empty responses and replaces them
@@ -17,28 +22,33 @@ module Rack
     end
 
     def call(env)
-      status, headers, body = @app.call(env)
-      headers = Utils::HeaderHash.new(headers)
+      status, headers, body = response = @app.call(env)
       empty = headers[CONTENT_LENGTH].to_i <= 0
 
       # client or server error, or explicit message
       if (status.to_i >= 400 && empty) || env[RACK_SHOWSTATUS_DETAIL]
-        # This double assignment is to prevent an "unused variable" warning on
-        # Ruby 1.9.3.  Yes, it is dumb, but I don't like Ruby yelling at me.
+        # This double assignment is to prevent an "unused variable" warning.
+        # Yes, it is dumb, but I don't like Ruby yelling at me.
         req = req = Rack::Request.new(env)
 
         message = Rack::Utils::HTTP_STATUS_CODES[status.to_i] || status.to_s
 
-        # This double assignment is to prevent an "unused variable" warning on
-        # Ruby 1.9.3.  Yes, it is dumb, but I don't like Ruby yelling at me.
+        # This double assignment is to prevent an "unused variable" warning.
+        # Yes, it is dumb, but I don't like Ruby yelling at me.
         detail = detail = env[RACK_SHOWSTATUS_DETAIL] || message
 
-        body = @template.result(binding)
-        size = body.bytesize
-        [status, headers.merge(CONTENT_TYPE => "text/html", CONTENT_LENGTH => size.to_s), [body]]
-      else
-        [status, headers, body]
+        html = @template.result(binding)
+        size = html.bytesize
+
+        response[2] = Rack::BodyProxy.new([html]) do
+          body.close if body.respond_to?(:close)
+        end
+
+        headers[CONTENT_TYPE] = "text/html"
+        headers[CONTENT_LENGTH] = size.to_s
       end
+
+      response
     end
 
     def h(obj)                  # :nodoc:
@@ -52,8 +62,8 @@ module Rack
 
     # :stopdoc:
 
-# adapted from Django <djangoproject.com>
-# Copyright (c) 2005, the Lawrence Journal-World
+# adapted from Django <www.djangoproject.com>
+# Copyright (c) Django Software Foundation and individual contributors.
 # Used under the modified BSD license:
 # http://www.xfree86.org/3.3.6/COPYRIGHT2.html#5
 TEMPLATE = <<'HTML'

data/lib/rack/static.rb

@@ -1,11 +1,14 @@
-require "rack/file"
-require "rack/utils"
+# frozen_string_literal: true
+
+require_relative 'constants'
+require_relative 'files'
+require_relative 'mime'
 
 module Rack
 
   # The Rack::Static middleware intercepts requests for static files
   # (javascript files, images, stylesheets, etc) based on the url prefixes or
-  # route mappings passed in the options, and serves them using a Rack::File
+  # route mappings passed in the options, and serves them using a Rack::Files
   # object. This allows a Rack stack to serve both static and dynamic content.
   #
   # Examples:
@@ -15,6 +18,11 @@ module Rack
   #
   #     use Rack::Static, :urls => ["/media"]
   #
+  # Same as previous, but instead of returning 404 for missing files under
+  # /media, call the next middleware:
+  #
+  #     use Rack::Static, :urls => ["/media"], :cascade => true
+  #
   # Serve all requests beginning with /css or /images from the folder "public"
   # in the current directory (ie public/css/* and public/images/*):
   #
@@ -74,32 +82,32 @@ module Rack
   #         :header_rules => [
   #           # Cache all static files in public caches (e.g. Rack::Cache)
   #           #  as well as in the browser
-  #           [:all, {'Cache-Control' => 'public, max-age=31536000'}],
+  #           [:all, {'cache-control' => 'public, max-age=31536000'}],
   #
   #           # Provide web fonts with cross-origin access-control-headers
   #           #  Firefox requires this when serving assets using a Content Delivery Network
-  #           [:fonts, {'Access-Control-Allow-Origin' => '*'}]
+  #           [:fonts, {'access-control-allow-origin' => '*'}]
   #         ]
   #
   class Static
-
-    def initialize(app, options={})
+    def initialize(app, options = {})
       @app = app
       @urls = options[:urls] || ["/favicon.ico"]
       @index = options[:index]
       @gzip = options[:gzip]
+      @cascade = options[:cascade]
       root = options[:root] || Dir.pwd
 
       # HTTP Headers
       @header_rules = options[:header_rules] || []
       # Allow for legacy :cache_control option while prioritizing global header_rules setting
-      @header_rules.unshift([:all, {CACHE_CONTROL => options[:cache_control]}]) if options[:cache_control]
+      @header_rules.unshift([:all, { CACHE_CONTROL => options[:cache_control] }]) if options[:cache_control]
 
-      @file_server = Rack::File.new(root)
+      @file_server = Rack::Files.new(root)
     end
 
     def add_index_root?(path)
-      @index && path =~ /\/$/
+      @index && route_file(path) && path.end_with?('/')
     end
 
     def overwrite_file_path(path)
@@ -120,7 +128,7 @@ module Rack
       if can_serve(path)
         if overwrite_file_path(path)
           env[PATH_INFO] = (add_index_root?(path) ? path + @index : @urls[path])
-        elsif @gzip && env['HTTP_ACCEPT_ENCODING'] =~ /\bgzip\b/
+        elsif @gzip && env['HTTP_ACCEPT_ENCODING'] && /\bgzip\b/.match?(env['HTTP_ACCEPT_ENCODING'])
           path = env[PATH_INFO]
           env[PATH_INFO] += '.gz'
           response = @file_server.call(env)
@@ -128,17 +136,21 @@ module Rack
 
           if response[0] == 404
             response = nil
+          elsif response[0] == 304
+            # Do nothing, leave headers as is
           else
-            if mime_type = Mime.mime_type(::File.extname(path), 'text/plain')
-              response[1][CONTENT_TYPE] = mime_type
-            end
-            response[1]['Content-Encoding'] = 'gzip'
+            response[1][CONTENT_TYPE] = Mime.mime_type(::File.extname(path), 'text/plain')
+            response[1]['content-encoding'] = 'gzip'
           end
         end
 
         path = env[PATH_INFO]
         response ||= @file_server.call(env)
 
+        if @cascade && response[0] == 404
+          return @app.call(env)
+        end
+
         headers = response[1]
         applicable_rules(path).each do |rule, new_headers|
           new_headers.each { |field, content| headers[field] = content }
@@ -157,14 +169,14 @@ module Rack
         when :all
           true
         when :fonts
-          path =~ /\.(?:ttf|otf|eot|woff2|woff|svg)\z/
+          /\.(?:ttf|otf|eot|woff2|woff|svg)\z/.match?(path)
         when String
           path = ::Rack::Utils.unescape(path)
           path.start_with?(rule) || path.start_with?('/' + rule)
         when Array
-          path =~ /\.(#{rule.join('|')})\z/
+          /\.(#{rule.join('|')})\z/.match?(path)
         when Regexp
-          path =~ rule
+          rule.match?(path)
         else
           false
         end

data/lib/rack/tempfile_reaper.rb

@@ -1,4 +1,7 @@
-require 'rack/body_proxy'
+# frozen_string_literal: true
+
+require_relative 'constants'
+require_relative 'body_proxy'
 
 module Rack
 
@@ -12,11 +15,19 @@ module Rack
 
     def call(env)
       env[RACK_TEMPFILES] ||= []
-      status, headers, body = @app.call(env)
-      body_proxy = BodyProxy.new(body) do
-        env[RACK_TEMPFILES].each(&:close!) unless env[RACK_TEMPFILES].nil?
+
+      begin
+        _, _, body = response = @app.call(env)
+      rescue Exception
+        env[RACK_TEMPFILES]&.each(&:close!)
+        raise
       end
-      [status, headers, body_proxy]
+
+      response[2] = BodyProxy.new(body) do
+        env[RACK_TEMPFILES]&.each(&:close!)
+      end
+
+      response
     end
   end
 end

data/lib/rack/urlmap.rb

@@ -1,3 +1,9 @@
+# frozen_string_literal: true
+
+require 'set'
+
+require_relative 'constants'
+
 module Rack
   # Rack::URLMap takes a hash mapping urls or paths to apps, and
   # dispatches accordingly.  Support for HTTP/1.1 host names exists if
@@ -12,17 +18,16 @@ module Rack
   # first, since they are most specific.
 
   class URLMap
-    NEGATIVE_INFINITY = -1.0 / 0.0
-    INFINITY = 1.0 / 0.0
-
     def initialize(map = {})
       remap(map)
     end
 
     def remap(map)
+      @known_hosts = Set[]
       @mapping = map.map { |location, app|
         if location =~ %r{\Ahttps?://(.*?)(/.*)}
           host, location = $1, $2
+          @known_hosts << host
         else
           host = nil
         end
@@ -36,7 +41,7 @@ module Rack
 
         [host, location, match, app]
       }.sort_by do |(host, location, _, _)|
-        [host ? -host.size : INFINITY, -location.size]
+        [host ? -host.size : Float::INFINITY, -location.size]
       end
     end
 
@@ -50,10 +55,13 @@ module Rack
       is_same_server = casecmp?(http_host, server_name) ||
                        casecmp?(http_host, "#{server_name}:#{server_port}")
 
+      is_host_known = @known_hosts.include? http_host
+
       @mapping.each do |host, location, match, app|
         unless casecmp?(http_host, host) \
             || casecmp?(server_name, host) \
-            || (!host && is_same_server)
+            || (!host && is_same_server) \
+            || (!host && !is_host_known) # If we don't have a matching host, default to the first without a specified host
           next
         end
 
@@ -68,7 +76,7 @@ module Rack
         return app.call(env)
       end
 
-      [404, {CONTENT_TYPE => "text/plain", "X-Cascade" => "pass"}, ["Not Found: #{path}"]]
+      [404, { CONTENT_TYPE => "text/plain", "x-cascade" => "pass" }, ["Not Found: #{path}"]]
 
     ensure
       env[PATH_INFO]   = path