rack 2.1.0 → 3.1.0

data/lib/rack/conditional_get.rb

@@ -1,12 +1,14 @@
 # frozen_string_literal: true
 
-require 'rack/utils'
+require_relative 'constants'
+require_relative 'utils'
+require_relative 'body_proxy'
 
 module Rack
 
-  # Middleware that enables conditional GET using If-None-Match and
-  # If-Modified-Since. The application should set either or both of the
-  # Last-Modified or Etag response headers according to RFC 2616. When
+  # Middleware that enables conditional GET using if-none-match and
+  # if-modified-since. The application should set either or both of the
+  # last-modified or etag response headers according to RFC 2616. When
   # either of the conditions is met, the response body is set to be zero
   # length and the response status is set to 304 Not Modified.
   #
@@ -21,21 +23,22 @@ module Rack
       @app = app
     end
 
+    # Return empty 304 response if the response has not been
+    # modified since the last request.
     def call(env)
       case env[REQUEST_METHOD]
       when "GET", "HEAD"
-        status, headers, body = @app.call(env)
-        headers = Utils::HeaderHash.new(headers)
+        status, headers, body = response = @app.call(env)
+
         if status == 200 && fresh?(env, headers)
-          status = 304
+          response[0] = 304
           headers.delete(CONTENT_TYPE)
           headers.delete(CONTENT_LENGTH)
-          original_body = body
-          body = Rack::BodyProxy.new([]) do
-            original_body.close if original_body.respond_to?(:close)
+          response[2] = Rack::BodyProxy.new([]) do
+            body.close if body.respond_to?(:close)
           end
         end
-        [status, headers, body]
+        response
       else
         @app.call(env)
       end
@@ -43,28 +46,32 @@ module Rack
 
   private
 
+    # Return whether the response has not been modified since the
+    # last request.
     def fresh?(env, headers)
-      modified_since = env['HTTP_IF_MODIFIED_SINCE']
-      none_match     = env['HTTP_IF_NONE_MATCH']
-
-      return false unless modified_since || none_match
-
-      success = true
-      success &&= modified_since?(to_rfc2822(modified_since), headers) if modified_since
-      success &&= etag_matches?(none_match, headers) if none_match
-      success
+      # if-none-match has priority over if-modified-since per RFC 7232
+      if none_match = env['HTTP_IF_NONE_MATCH']
+        etag_matches?(none_match, headers)
+      elsif (modified_since = env['HTTP_IF_MODIFIED_SINCE']) && (modified_since = to_rfc2822(modified_since))
+        modified_since?(modified_since, headers)
+      end
     end
 
+    # Whether the etag response header matches the if-none-match request header.
+    # If so, the request has not been modified.
     def etag_matches?(none_match, headers)
-      etag = headers['ETag'] and etag == none_match
+      headers[ETAG] == none_match
     end
 
+    # Whether the last-modified response header matches the if-modified-since
+    # request header.  If so, the request has not been modified.
     def modified_since?(modified_since, headers)
-      last_modified = to_rfc2822(headers['Last-Modified']) and
-        modified_since and
+      last_modified = to_rfc2822(headers['last-modified']) and
         modified_since >= last_modified
     end
 
+    # Return a Time object for the given string (which should be in RFC2822
+    # format), or nil if the string cannot be parsed.
     def to_rfc2822(since)
       # shortest possible valid date is the obsolete: 1 Nov 97 09:55 A
       # anything shorter is invalid, this avoids exceptions for common cases
@@ -73,8 +80,6 @@ module Rack
         # NOTE: there is no trivial way to write this in a non exception way
         #   _rfc2822 returns a hash but is not that usable
         Time.rfc2822(since) rescue nil
-      else
-        nil
       end
     end
   end

data/lib/rack/constants.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module Rack
+  # Request env keys
+  HTTP_HOST         = 'HTTP_HOST'
+  HTTP_PORT         = 'HTTP_PORT'
+  HTTPS             = 'HTTPS'
+  PATH_INFO         = 'PATH_INFO'
+  REQUEST_METHOD    = 'REQUEST_METHOD'
+  REQUEST_PATH      = 'REQUEST_PATH'
+  SCRIPT_NAME       = 'SCRIPT_NAME'
+  QUERY_STRING      = 'QUERY_STRING'
+  SERVER_PROTOCOL   = 'SERVER_PROTOCOL'
+  SERVER_NAME       = 'SERVER_NAME'
+  SERVER_PORT       = 'SERVER_PORT'
+  HTTP_COOKIE       = 'HTTP_COOKIE'
+
+  # Response Header Keys
+  CACHE_CONTROL     = 'cache-control'
+  CONTENT_LENGTH    = 'content-length'
+  CONTENT_TYPE      = 'content-type'
+  ETAG              = 'etag'
+  EXPIRES           = 'expires'
+  SET_COOKIE        = 'set-cookie'
+
+  # HTTP method verbs
+  GET     = 'GET'
+  POST    = 'POST'
+  PUT     = 'PUT'
+  PATCH   = 'PATCH'
+  DELETE  = 'DELETE'
+  HEAD    = 'HEAD'
+  OPTIONS = 'OPTIONS'
+  CONNECT = 'CONNECT'
+  LINK    = 'LINK'
+  UNLINK  = 'UNLINK'
+  TRACE   = 'TRACE'
+
+  # Rack environment variables
+  RACK_VERSION                        = 'rack.version'
+  RACK_TEMPFILES                      = 'rack.tempfiles'
+  RACK_EARLY_HINTS                    = 'rack.early_hints'
+  RACK_ERRORS                         = 'rack.errors'
+  RACK_LOGGER                         = 'rack.logger'
+  RACK_INPUT                          = 'rack.input'
+  RACK_SESSION                        = 'rack.session'
+  RACK_SESSION_OPTIONS                = 'rack.session.options'
+  RACK_SHOWSTATUS_DETAIL              = 'rack.showstatus.detail'
+  RACK_URL_SCHEME                     = 'rack.url_scheme'
+  RACK_HIJACK                         = 'rack.hijack'
+  RACK_IS_HIJACK                      = 'rack.hijack?'
+  RACK_RECURSIVE_INCLUDE              = 'rack.recursive.include'
+  RACK_MULTIPART_BUFFER_SIZE          = 'rack.multipart.buffer_size'
+  RACK_MULTIPART_TEMPFILE_FACTORY     = 'rack.multipart.tempfile_factory'
+  RACK_RESPONSE_FINISHED              = 'rack.response_finished'
+  RACK_REQUEST_FORM_INPUT             = 'rack.request.form_input'
+  RACK_REQUEST_FORM_HASH              = 'rack.request.form_hash'
+  RACK_REQUEST_FORM_PAIRS             = 'rack.request.form_pairs'
+  RACK_REQUEST_FORM_VARS              = 'rack.request.form_vars'
+  RACK_REQUEST_FORM_ERROR             = 'rack.request.form_error'
+  RACK_REQUEST_COOKIE_HASH            = 'rack.request.cookie_hash'
+  RACK_REQUEST_COOKIE_STRING          = 'rack.request.cookie_string'
+  RACK_REQUEST_QUERY_HASH             = 'rack.request.query_hash'
+  RACK_REQUEST_QUERY_STRING           = 'rack.request.query_string'
+  RACK_METHODOVERRIDE_ORIGINAL_METHOD = 'rack.methodoverride.original_method'
+end

data/lib/rack/content_length.rb

@@ -1,11 +1,14 @@
 # frozen_string_literal: true
 
-require 'rack/utils'
-require 'rack/body_proxy'
+require_relative 'constants'
+require_relative 'utils'
 
 module Rack
 
-  # Sets the Content-Length header on responses with fixed-length bodies.
+  # Sets the content-length header on responses that do not specify
+  # a content-length or transfer-encoding header.  Note that this
+  # does not fix responses that have an invalid content-length
+  # header specified.
   class ContentLength
     include Rack::Utils
 
@@ -14,26 +17,17 @@ module Rack
     end
 
     def call(env)
-      status, headers, body = @app.call(env)
-      headers = HeaderHash.new(headers)
+      status, headers, body = response = @app.call(env)
 
       if !STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i) &&
          !headers[CONTENT_LENGTH] &&
-         !headers[TRANSFER_ENCODING] &&
          body.respond_to?(:to_ary)
 
-        obody = body
-        body, length = [], 0
-        obody.each { |part| body << part; length += part.bytesize }
-
-        body = BodyProxy.new(body) do
-          obody.close if obody.respond_to?(:close)
-        end
-
-        headers[CONTENT_LENGTH] = length.to_s
+        response[2] = body = body.to_ary
+        headers[CONTENT_LENGTH] = body.sum(&:bytesize).to_s
       end
 
-      [status, headers, body]
+      response
     end
   end
 end

data/lib/rack/content_type.rb

@@ -1,31 +1,33 @@
 # frozen_string_literal: true
 
-require 'rack/utils'
+require_relative 'constants'
+require_relative 'utils'
 
 module Rack
 
-  # Sets the Content-Type header on responses which don't have one.
+  # Sets the content-type header on responses which don't have one.
   #
   # Builder Usage:
   #   use Rack::ContentType, "text/plain"
   #
-  # When no content type argument is provided, "text/html" is assumed.
+  # When no content type argument is provided, "text/html" is the
+  # default.
   class ContentType
     include Rack::Utils
 
     def initialize(app, content_type = "text/html")
-      @app, @content_type = app, content_type
+      @app = app
+      @content_type = content_type
     end
 
     def call(env)
-      status, headers, body = @app.call(env)
-      headers = Utils::HeaderHash.new(headers)
+      status, headers, _ = response = @app.call(env)
 
       unless STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i)
         headers[CONTENT_TYPE] ||= @content_type
       end
 
-      [status, headers, body]
+      response
     end
   end
 end

data/lib/rack/deflater.rb

@@ -2,51 +2,52 @@
 
 require "zlib"
 require "time"  # for Time.httpdate
-require 'rack/utils'
 
-require_relative 'core_ext/regexp'
+require_relative 'constants'
+require_relative 'utils'
+require_relative 'request'
+require_relative 'body_proxy'
 
 module Rack
-  # This middleware enables compression of http responses.
+  # This middleware enables content encoding of http responses,
+  # usually for purposes of compression.
   #
-  # Currently supported compression algorithms:
+  # Currently supported encodings:
   #
-  #   * gzip
-  #   * identity (no transformation)
+  # * gzip
+  # * identity (no transformation)
   #
-  # The middleware automatically detects when compression is supported
-  # and allowed. For example no transformation is made when a cache
-  # directive of 'no-transform' is present, or when the response status
-  # code is one that doesn't allow an entity body.
+  # This middleware automatically detects when encoding is supported
+  # and allowed. For example no encoding is made when a cache
+  # directive of 'no-transform' is present, when the response status
+  # code is one that doesn't allow an entity body, or when the body
+  # is empty.
+  #
+  # Note that despite the name, Deflater does not support the +deflate+
+  # encoding.
   class Deflater
-    using ::Rack::RegexpExtensions
-
-    ##
-    # Creates Rack::Deflater middleware.
+    # Creates Rack::Deflater middleware. Options:
     #
-    # [app] rack app instance
-    # [options] hash of deflater options, i.e.
-    #           'if' - a lambda enabling / disabling deflation based on returned boolean value
-    #                  e.g use Rack::Deflater, :if => lambda { |*, body| sum=0; body.each { |i| sum += i.length }; sum > 512 }
-    #           'include' - a list of content types that should be compressed
-    #           'sync' - determines if the stream is going to be flushed after every chunk.
-    #                    Flushing after every chunk reduces latency for
-    #                    time-sensitive streaming applications, but hurts
-    #                    compression and throughput. Defaults to `true'.
+    # :if :: a lambda enabling / disabling deflation based on returned boolean value
+    #        (e.g <tt>use Rack::Deflater, :if => lambda { |*, body| sum=0; body.each { |i| sum += i.length }; sum > 512 }</tt>).
+    #        However, be aware that calling `body.each` inside the block will break cases where `body.each` is not idempotent,
+    #        such as when it is an +IO+ instance.
+    # :include :: a list of content types that should be compressed. By default, all content types are compressed.
+    # :sync :: determines if the stream is going to be flushed after every chunk.  Flushing after every chunk reduces
+    #          latency for time-sensitive streaming applications, but hurts compression and throughput.
+    #          Defaults to +true+.
     def initialize(app, options = {})
       @app = app
-
       @condition = options[:if]
       @compressible_types = options[:include]
-      @sync = options[:sync] == false ? false : true
+      @sync = options.fetch(:sync, true)
     end
 
     def call(env)
-      status, headers, body = @app.call(env)
-      headers = Utils::HeaderHash.new(headers)
+      status, headers, body = response = @app.call(env)
 
       unless should_deflate?(env, status, headers, body)
-        return [status, headers, body]
+        return response
       end
 
       request = Request.new(env)
@@ -55,75 +56,102 @@ module Rack
                                             request.accept_encoding)
 
       # Set the Vary HTTP header.
-      vary = headers["Vary"].to_s.split(",").map(&:strip)
-      unless vary.include?("*") || vary.include?("Accept-Encoding")
-        headers["Vary"] = vary.push("Accept-Encoding").join(",")
+      vary = headers["vary"].to_s.split(",").map(&:strip)
+      unless vary.include?("*") || vary.any?{|v| v.downcase == 'accept-encoding'}
+        headers["vary"] = vary.push("Accept-Encoding").join(",")
       end
 
       case encoding
       when "gzip"
-        headers['Content-Encoding'] = "gzip"
-        headers.delete('Content-Length')
-        mtime = headers["Last-Modified"]
+        headers['content-encoding'] = "gzip"
+        headers.delete(CONTENT_LENGTH)
+        mtime = headers["last-modified"]
         mtime = Time.httpdate(mtime).to_i if mtime
-        [status, headers, GzipStream.new(body, mtime, @sync)]
+        response[2] = GzipStream.new(body, mtime, @sync)
+        response
       when "identity"
-        [status, headers, body]
-      when nil
+        response
+      else # when nil
+        # Only possible encoding values here are 'gzip', 'identity', and nil
         message = "An acceptable encoding for the requested resource #{request.fullpath} could not be found."
         bp = Rack::BodyProxy.new([message]) { body.close if body.respond_to?(:close) }
-        [406, { 'Content-Type' => "text/plain", 'Content-Length' => message.length.to_s }, bp]
+        [406, { CONTENT_TYPE => "text/plain", CONTENT_LENGTH => message.length.to_s }, bp]
       end
     end
 
+    # Body class used for gzip encoded responses.
     class GzipStream
+
+      BUFFER_LENGTH = 128 * 1_024
+
+      # Initialize the gzip stream.  Arguments:
+      # body :: Response body to compress with gzip
+      # mtime :: The modification time of the body, used to set the
+      #          modification time in the gzip header.
+      # sync :: Whether to flush each gzip chunk as soon as it is ready.
       def initialize(body, mtime, sync)
-        @sync = sync
         @body = body
         @mtime = mtime
+        @sync = sync
       end
 
+      # Yield gzip compressed strings to the given block.
       def each(&block)
         @writer = block
         gzip = ::Zlib::GzipWriter.new(self)
         gzip.mtime = @mtime if @mtime
-        @body.each { |part|
-          len = gzip.write(part)
-          # Flushing empty parts would raise Zlib::BufError.
-          gzip.flush if @sync && len > 0
-        }
+        # @body.each is equivalent to @body.gets (slow)
+        if @body.is_a? ::File # XXX: Should probably be ::IO
+          while part = @body.read(BUFFER_LENGTH)
+            gzip.write(part)
+            gzip.flush if @sync
+          end
+        else
+          @body.each { |part|
+            # Skip empty strings, as they would result in no output,
+            # and flushing empty parts would raise Zlib::BufError.
+            next if part.empty?
+            gzip.write(part)
+            gzip.flush if @sync
+          }
+        end
       ensure
-        gzip.close
-        @writer = nil
+        gzip.finish
       end
 
+      # Call the block passed to #each with the gzipped data.
       def write(data)
         @writer.call(data)
       end
 
+      # Close the original body if possible.
       def close
         @body.close if @body.respond_to?(:close)
-        @body = nil
       end
     end
 
     private
 
+    # Whether the body should be compressed.
     def should_deflate?(env, status, headers, body)
       # Skip compressing empty entity body responses and responses with
       # no-transform set.
       if Utils::STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i) ||
-          /\bno-transform\b/.match?(headers['Cache-Control'].to_s) ||
-         (headers['Content-Encoding'] && headers['Content-Encoding'] !~ /\bidentity\b/)
+          /\bno-transform\b/.match?(headers[CACHE_CONTROL].to_s) ||
+          headers['content-encoding']&.!~(/\bidentity\b/)
         return false
       end
 
       # Skip if @compressible_types are given and does not include request's content type
-      return false if @compressible_types && !(headers.has_key?('Content-Type') && @compressible_types.include?(headers['Content-Type'][/[^;]*/]))
+      return false if @compressible_types && !(headers.has_key?(CONTENT_TYPE) && @compressible_types.include?(headers[CONTENT_TYPE][/[^;]*/]))
 
       # Skip if @condition lambda is given and evaluates to false
       return false if @condition && !@condition.call(env, status, headers, body)
 
+      # No point in compressing empty body, also handles usage with
+      # Rack::Sendfile.
+      return false if headers[CONTENT_LENGTH] == '0'
+
       true
     end
   end