rack 2.1.0 → 2.2.2

data/lib/rack/directory.rb

@@ -1,9 +1,6 @@
 # frozen_string_literal: true
 
 require 'time'
-require 'rack/utils'
-require 'rack/mime'
-require 'rack/files'
 
 module Rack
   # Rack::Directory serves entries below the +root+ given, according to the
@@ -14,8 +11,8 @@ module Rack
   # If +app+ is not specified, a Rack::Files of the same +root+ will be used.
 
   class Directory
-    DIR_FILE = "<tr><td class='name'><a href='%s'>%s</a></td><td class='size'>%s</td><td class='type'>%s</td><td class='mtime'>%s</td></tr>"
-    DIR_PAGE = <<-PAGE
+    DIR_FILE = "<tr><td class='name'><a href='%s'>%s</a></td><td class='size'>%s</td><td class='type'>%s</td><td class='mtime'>%s</td></tr>\n"
+    DIR_PAGE_HEADER = <<-PAGE
 <html><head>
   <title>%s</title>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
@@ -36,33 +33,51 @@ table { width:100%%; }
     <th class='type'>Type</th>
     <th class='mtime'>Last Modified</th>
   </tr>
-%s
+    PAGE
+    DIR_PAGE_FOOTER = <<-PAGE
 </table>
 <hr />
 </body></html>
     PAGE
 
+    # Body class for directory entries, showing an index page with links
+    # to each file.
     class DirectoryBody < Struct.new(:root, :path, :files)
+      # Yield strings for each part of the directory entry
       def each
-        show_path = Rack::Utils.escape_html(path.sub(/^#{root}/, ''))
-        listings = files.map{|f| DIR_FILE % DIR_FILE_escape(*f) } * "\n"
-        page = DIR_PAGE % [ show_path, show_path, listings ]
-        page.each_line{|l| yield l }
+        show_path = Utils.escape_html(path.sub(/^#{root}/, ''))
+        yield(DIR_PAGE_HEADER % [ show_path, show_path ])
+
+        unless path.chomp('/') == root
+          yield(DIR_FILE % DIR_FILE_escape(files.call('..')))
+        end
+
+        Dir.foreach(path) do |basename|
+          next if basename.start_with?('.')
+          next unless f = files.call(basename)
+          yield(DIR_FILE % DIR_FILE_escape(f))
+        end
+
+        yield(DIR_PAGE_FOOTER)
       end
 
       private
-      # Assumes url is already escaped.
-      def DIR_FILE_escape url, *html
-        [url, *html.map { |e| Utils.escape_html(e) }]
+
+      # Escape each element in the array of html strings.
+      def DIR_FILE_escape(htmls)
+        htmls.map { |e| Utils.escape_html(e) }
       end
     end
 
-    attr_reader :root, :path
+    # The root of the directory hierarchy.  Only requests for files and
+    # directories inside of the root directory are supported.
+    attr_reader :root
 
+    # Set the root directory and application for serving files.
     def initialize(root, app = nil)
       @root = ::File.expand_path(root)
-      @app = app || Rack::Files.new(@root)
-      @head = Rack::Head.new(lambda { |env| get env })
+      @app = app || Files.new(@root)
+      @head = Head.new(method(:get))
     end
 
     def call(env)
@@ -70,100 +85,101 @@ table { width:100%%; }
       @head.call env
     end
 
+    # Internals of request handling.  Similar to call but does
+    # not remove body for HEAD requests.
     def get(env)
       script_name = env[SCRIPT_NAME]
       path_info = Utils.unescape_path(env[PATH_INFO])
 
-      if bad_request = check_bad_request(path_info)
-        bad_request
-      elsif forbidden = check_forbidden(path_info)
-        forbidden
+      if client_error_response = check_bad_request(path_info) || check_forbidden(path_info)
+        client_error_response
       else
         path = ::File.join(@root, path_info)
         list_path(env, path, path_info, script_name)
       end
     end
 
+    # Rack response to use for requests with invalid paths, or nil if path is valid.
     def check_bad_request(path_info)
       return if Utils.valid_path?(path_info)
 
       body = "Bad Request\n"
-      size = body.bytesize
-      return [400, { CONTENT_TYPE => "text/plain",
-        CONTENT_LENGTH => size.to_s,
+      [400, { CONTENT_TYPE => "text/plain",
+        CONTENT_LENGTH => body.bytesize.to_s,
         "X-Cascade" => "pass" }, [body]]
     end
 
+    # Rack response to use for requests with paths outside the root, or nil if path is inside the root.
     def check_forbidden(path_info)
       return unless path_info.include? ".."
+      return if ::File.expand_path(::File.join(@root, path_info)).start_with?(@root)
 
       body = "Forbidden\n"
-      size = body.bytesize
-      return [403, { CONTENT_TYPE => "text/plain",
-        CONTENT_LENGTH => size.to_s,
+      [403, { CONTENT_TYPE => "text/plain",
+        CONTENT_LENGTH => body.bytesize.to_s,
         "X-Cascade" => "pass" }, [body]]
     end
 
+    # Rack response to use for directories under the root.
     def list_directory(path_info, path, script_name)
-      files = [['../', 'Parent Directory', '', '', '']]
-      glob = ::File.join(path, '*')
-
       url_head = (script_name.split('/') + path_info.split('/')).map do |part|
-        Rack::Utils.escape_path part
+        Utils.escape_path part
       end
 
-      Dir[glob].sort.each do |node|
-        stat = stat(node)
+      # Globbing not safe as path could contain glob metacharacters
+      body = DirectoryBody.new(@root, path, ->(basename) do
+        stat = stat(::File.join(path, basename))
         next unless stat
-        basename = ::File.basename(node)
-        ext = ::File.extname(node)
 
-        url = ::File.join(*url_head + [Rack::Utils.escape_path(basename)])
-        size = stat.size
-        type = stat.directory? ? 'directory' : Mime.mime_type(ext)
-        size = stat.directory? ? '-' : filesize_format(size)
+        url = ::File.join(*url_head + [Utils.escape_path(basename)])
         mtime = stat.mtime.httpdate
-        url << '/'  if stat.directory?
-        basename << '/'  if stat.directory?
-
-        files << [ url, basename, size, type, mtime ]
-      end
-
-      return [ 200, { CONTENT_TYPE => 'text/html; charset=utf-8' }, DirectoryBody.new(@root, path, files) ]
+        if stat.directory?
+          type = 'directory'
+          size = '-'
+          url << '/'
+          if basename == '..'
+            basename = 'Parent Directory'
+          else
+            basename << '/'
+          end
+        else
+          type = Mime.mime_type(::File.extname(basename))
+          size = filesize_format(stat.size)
+        end
+
+        [ url, basename, size, type, mtime ]
+      end)
+
+      [ 200, { CONTENT_TYPE => 'text/html; charset=utf-8' }, body ]
     end
 
-    def stat(node)
-      ::File.stat(node)
+    # File::Stat for the given path, but return nil for missing/bad entries.
+    def stat(path)
+      ::File.stat(path)
     rescue Errno::ENOENT, Errno::ELOOP
       return nil
     end
 
-    # TODO: add correct response if not readable, not sure if 404 is the best
-    #       option
+    # Rack response to use for files and directories under the root.
+    # Unreadable and non-file, non-directory entries will get a 404 response.
     def list_path(env, path, path_info, script_name)
-      stat = ::File.stat(path)
-
-      if stat.readable?
+      if (stat = stat(path)) && stat.readable?
         return @app.call(env) if stat.file?
         return list_directory(path_info, path, script_name) if stat.directory?
-      else
-        raise Errno::ENOENT, 'No such file or directory'
       end
 
-    rescue Errno::ENOENT, Errno::ELOOP
-      return entity_not_found(path_info)
+      entity_not_found(path_info)
     end
 
+    # Rack response to use for unreadable and non-file, non-directory entries.
     def entity_not_found(path_info)
       body = "Entity not found: #{path_info}\n"
-      size = body.bytesize
-      return [404, { CONTENT_TYPE => "text/plain",
-        CONTENT_LENGTH => size.to_s,
+      [404, { CONTENT_TYPE => "text/plain",
+        CONTENT_LENGTH => body.bytesize.to_s,
         "X-Cascade" => "pass" }, [body]]
     end
 
     # Stolen from Ramaze
-
     FILESIZE_FORMAT = [
       ['%.1fT', 1 << 40],
       ['%.1fG', 1 << 30],
@@ -171,6 +187,7 @@ table { width:100%%; }
       ['%.1fK', 1 << 10],
     ]
 
+    # Provide human readable file sizes
     def filesize_format(int)
       FILESIZE_FORMAT.each do |format, size|
         return format % (int.to_f / size) if int >= size

data/lib/rack/etag.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'rack'
+require_relative '../rack'
 require 'digest/sha2'
 
 module Rack
@@ -57,8 +57,7 @@ module Rack
       end
 
       def skip_caching?(headers)
-        (headers[CACHE_CONTROL] && headers[CACHE_CONTROL].include?('no-cache')) ||
-          headers.key?(ETAG_STRING) || headers.key?('Last-Modified')
+        headers.key?(ETAG_STRING) || headers.key?('Last-Modified')
       end
 
       def digest_body(body)

data/lib/rack/events.rb

@@ -1,8 +1,5 @@
 # frozen_string_literal: true
 
-require 'rack/response'
-require 'rack/body_proxy'
-
 module Rack
   ### This middleware provides hooks to certain places in the request /
   # response lifecycle.  This is so that middleware that don't need to filter
@@ -59,26 +56,26 @@ module Rack
 
   class Events
     module Abstract
-      def on_start req, res
+      def on_start(req, res)
       end
 
-      def on_commit req, res
+      def on_commit(req, res)
       end
 
-      def on_send req, res
+      def on_send(req, res)
       end
 
-      def on_finish req, res
+      def on_finish(req, res)
       end
 
-      def on_error req, res, e
+      def on_error(req, res, e)
       end
     end
 
     class EventedBodyProxy < Rack::BodyProxy # :nodoc:
       attr_reader :request, :response
 
-      def initialize body, request, response, handlers, &block
+      def initialize(body, request, response, handlers, &block)
         super(body, &block)
         @request  = request
         @response = response
@@ -94,7 +91,7 @@ module Rack
     class BufferedResponse < Rack::Response::Raw # :nodoc:
       attr_reader :body
 
-      def initialize status, headers, body
+      def initialize(status, headers, body)
         super(status, headers)
         @body = body
       end
@@ -102,12 +99,12 @@ module Rack
       def to_a; [status, headers, body]; end
     end
 
-    def initialize app, handlers
+    def initialize(app, handlers)
       @app      = app
       @handlers = handlers
     end
 
-    def call env
+    def call(env)
       request = make_request env
       on_start request, nil
 
@@ -129,27 +126,27 @@ module Rack
 
     private
 
-    def on_error request, response, e
+    def on_error(request, response, e)
       @handlers.reverse_each { |handler| handler.on_error request, response, e }
     end
 
-    def on_commit request, response
+    def on_commit(request, response)
       @handlers.reverse_each { |handler| handler.on_commit request, response }
     end
 
-    def on_start request, response
+    def on_start(request, response)
       @handlers.each { |handler| handler.on_start request, nil }
     end
 
-    def on_finish request, response
+    def on_finish(request, response)
       @handlers.reverse_each { |handler| handler.on_finish request, response }
     end
 
-    def make_request env
+    def make_request(env)
       Rack::Request.new env
     end
 
-    def make_response status, headers, body
+    def make_response(status, headers, body)
       BufferedResponse.new status, headers, body
     end
   end

data/lib/rack/file.rb

@@ -1,8 +1,7 @@
 # frozen_string_literal: true
 
-require 'rack/files'
+require_relative 'files'
 
 module Rack
-  warn "Rack::File is deprecated, please use Rack::Files instead."
   File = Files
 end

data/lib/rack/files.rb

@@ -1,10 +1,6 @@
 # frozen_string_literal: true
 
 require 'time'
-require 'rack/utils'
-require 'rack/mime'
-require 'rack/request'
-require 'rack/head'
 
 module Rack
   # Rack::Files serves files below the +root+ directory given, according to the
@@ -18,11 +14,20 @@ module Rack
   class Files
     ALLOWED_VERBS = %w[GET HEAD OPTIONS]
     ALLOW_HEADER = ALLOWED_VERBS.join(', ')
+    MULTIPART_BOUNDARY = 'AaB03x'
+
+    # @todo remove in 3.0
+    def self.method_added(name)
+      if name == :response_body
+        raise "#{self.class}\#response_body is no longer supported."
+      end
+      super
+    end
 
     attr_reader :root
 
     def initialize(root, headers = {}, default_mime = 'text/plain')
-      @root = ::File.expand_path root
+      @root = (::File.expand_path(root) if root)
       @headers = headers
       @default_mime = default_mime
       @head = Rack::Head.new(lambda { |env| get env })
@@ -48,7 +53,11 @@ module Rack
       available = begin
         ::File.file?(path) && ::File.readable?(path)
       rescue SystemCallError
+        # Not sure in what conditions this exception can occur, but this
+        # is a safe way to handle such an error.
+        # :nocov:
         false
+        # :nocov:
       end
 
       if available
@@ -70,75 +79,116 @@ module Rack
       headers[CONTENT_TYPE] = mime_type if mime_type
 
       # Set custom headers
-      @headers.each { |field, content| headers[field] = content } if @headers
-
-      response = [ 200, headers ]
+      headers.merge!(@headers) if @headers
 
+      status = 200
       size = filesize path
 
-      range = nil
       ranges = Rack::Utils.get_byte_ranges(request.get_header('HTTP_RANGE'), size)
-      if ranges.nil? || ranges.length > 1
-        # No ranges, or multiple ranges (which we don't support):
-        # TODO: Support multiple byte-ranges
-        response[0] = 200
-        range = 0..size - 1
+      if ranges.nil?
+        # No ranges:
+        ranges = [0..size - 1]
       elsif ranges.empty?
         # Unsatisfiable. Return error, and file size:
         response = fail(416, "Byte range unsatisfiable")
         response[1]["Content-Range"] = "bytes */#{size}"
         return response
-      else
-        # Partial content:
-        range = ranges[0]
-        response[0] = 206
-        response[1]["Content-Range"] = "bytes #{range.begin}-#{range.end}/#{size}"
-        size = range.end - range.begin + 1
+      elsif ranges.size >= 1
+        # Partial content
+        partial_content = true
+
+        if ranges.size == 1
+          range = ranges[0]
+          headers["Content-Range"] = "bytes #{range.begin}-#{range.end}/#{size}"
+        else
+          headers[CONTENT_TYPE] = "multipart/byteranges; boundary=#{MULTIPART_BOUNDARY}"
+        end
+
+        status = 206
+        body = BaseIterator.new(path, ranges, mime_type: mime_type, size: size)
+        size = body.bytesize
       end
 
-      response[2] = [response_body] unless response_body.nil?
+      headers[CONTENT_LENGTH] = size.to_s
 
-      response[1][CONTENT_LENGTH] = size.to_s
-      response[2] = make_body request, path, range
-      response
+      if request.head?
+        body = []
+      elsif !partial_content
+        body = Iterator.new(path, ranges, mime_type: mime_type, size: size)
+      end
+
+      [status, headers, body]
     end
 
-    class Iterator
-      attr_reader :path, :range
-      alias :to_path :path
+    class BaseIterator
+      attr_reader :path, :ranges, :options
 
-      def initialize path, range
-        @path  = path
-        @range = range
+      def initialize(path, ranges, options)
+        @path = path
+        @ranges = ranges
+        @options = options
       end
 
       def each
         ::File.open(path, "rb") do |file|
-          file.seek(range.begin)
-          remaining_len = range.end - range.begin + 1
-          while remaining_len > 0
-            part = file.read([8192, remaining_len].min)
-            break unless part
-            remaining_len -= part.length
-
-            yield part
+          ranges.each do |range|
+            yield multipart_heading(range) if multipart?
+
+            each_range_part(file, range) do |part|
+              yield part
+            end
           end
+
+          yield "\r\n--#{MULTIPART_BOUNDARY}--\r\n" if multipart?
         end
       end
 
+      def bytesize
+        size = ranges.inject(0) do |sum, range|
+          sum += multipart_heading(range).bytesize if multipart?
+          sum += range.size
+        end
+        size += "\r\n--#{MULTIPART_BOUNDARY}--\r\n".bytesize if multipart?
+        size
+      end
+
       def close; end
-    end
 
-    private
+      private
 
-    def make_body request, path, range
-      if request.head?
-        []
-      else
-        Iterator.new path, range
+      def multipart?
+        ranges.size > 1
+      end
+
+      def multipart_heading(range)
+<<-EOF
+\r
+--#{MULTIPART_BOUNDARY}\r
+Content-Type: #{options[:mime_type]}\r
+Content-Range: bytes #{range.begin}-#{range.end}/#{options[:size]}\r
+\r
+EOF
+      end
+
+      def each_range_part(file, range)
+        file.seek(range.begin)
+        remaining_len = range.end - range.begin + 1
+        while remaining_len > 0
+          part = file.read([8192, remaining_len].min)
+          break unless part
+          remaining_len -= part.length
+
+          yield part
+        end
       end
     end
 
+    class Iterator < BaseIterator
+      alias :to_path :path
+    end
+
+    private
+
     def fail(status, body, headers = {})
       body += "\n"
 
@@ -154,25 +204,15 @@ module Rack
     end
 
     # The MIME type for the contents of the file located at @path
-    def mime_type path, default_mime
+    def mime_type(path, default_mime)
       Mime.mime_type(::File.extname(path), default_mime)
     end
 
-    def filesize path
-      # If response_body is present, use its size.
-      return response_body.bytesize if response_body
-
+    def filesize(path)
       #   We check via File::size? whether this file provides size info
       #   via stat (e.g. /proc files often don't), otherwise we have to
       #   figure it out by reading the whole file into memory.
       ::File.size?(path) || ::File.read(path).bytesize
     end
-
-    # By default, the response body for file requests is nil.
-    # In this case, the response body will be generated later
-    # from the file at @path
-    def response_body
-      nil
-    end
   end
 end