rack 2.1.0 → 3.1.0

data/lib/rack/directory.rb

@@ -1,9 +1,12 @@
 # frozen_string_literal: true
 
 require 'time'
-require 'rack/utils'
-require 'rack/mime'
-require 'rack/files'
+
+require_relative 'constants'
+require_relative 'utils'
+require_relative 'head'
+require_relative 'mime'
+require_relative 'files'
 
 module Rack
   # Rack::Directory serves entries below the +root+ given, according to the
@@ -14,8 +17,8 @@ module Rack
   # If +app+ is not specified, a Rack::Files of the same +root+ will be used.
 
   class Directory
-    DIR_FILE = "<tr><td class='name'><a href='%s'>%s</a></td><td class='size'>%s</td><td class='type'>%s</td><td class='mtime'>%s</td></tr>"
-    DIR_PAGE = <<-PAGE
+    DIR_FILE = "<tr><td class='name'><a href='%s'>%s</a></td><td class='size'>%s</td><td class='type'>%s</td><td class='mtime'>%s</td></tr>\n"
+    DIR_PAGE_HEADER = <<-PAGE
 <html><head>
   <title>%s</title>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
@@ -36,33 +39,51 @@ table { width:100%%; }
     <th class='type'>Type</th>
     <th class='mtime'>Last Modified</th>
   </tr>
-%s
+    PAGE
+    DIR_PAGE_FOOTER = <<-PAGE
 </table>
 <hr />
 </body></html>
     PAGE
 
+    # Body class for directory entries, showing an index page with links
+    # to each file.
     class DirectoryBody < Struct.new(:root, :path, :files)
+      # Yield strings for each part of the directory entry
       def each
-        show_path = Rack::Utils.escape_html(path.sub(/^#{root}/, ''))
-        listings = files.map{|f| DIR_FILE % DIR_FILE_escape(*f) } * "\n"
-        page = DIR_PAGE % [ show_path, show_path, listings ]
-        page.each_line{|l| yield l }
+        show_path = Utils.escape_html(path.sub(/^#{root}/, ''))
+        yield(DIR_PAGE_HEADER % [ show_path, show_path ])
+
+        unless path.chomp('/') == root
+          yield(DIR_FILE % DIR_FILE_escape(files.call('..')))
+        end
+
+        Dir.foreach(path) do |basename|
+          next if basename.start_with?('.')
+          next unless f = files.call(basename)
+          yield(DIR_FILE % DIR_FILE_escape(f))
+        end
+
+        yield(DIR_PAGE_FOOTER)
       end
 
       private
-      # Assumes url is already escaped.
-      def DIR_FILE_escape url, *html
-        [url, *html.map { |e| Utils.escape_html(e) }]
+
+      # Escape each element in the array of html strings.
+      def DIR_FILE_escape(htmls)
+        htmls.map { |e| Utils.escape_html(e) }
       end
     end
 
-    attr_reader :root, :path
+    # The root of the directory hierarchy.  Only requests for files and
+    # directories inside of the root directory are supported.
+    attr_reader :root
 
+    # Set the root directory and application for serving files.
     def initialize(root, app = nil)
       @root = ::File.expand_path(root)
-      @app = app || Rack::Files.new(@root)
-      @head = Rack::Head.new(lambda { |env| get env })
+      @app = app || Files.new(@root)
+      @head = Head.new(method(:get))
     end
 
     def call(env)
@@ -70,100 +91,101 @@ table { width:100%%; }
       @head.call env
     end
 
+    # Internals of request handling.  Similar to call but does
+    # not remove body for HEAD requests.
     def get(env)
       script_name = env[SCRIPT_NAME]
       path_info = Utils.unescape_path(env[PATH_INFO])
 
-      if bad_request = check_bad_request(path_info)
-        bad_request
-      elsif forbidden = check_forbidden(path_info)
-        forbidden
+      if client_error_response = check_bad_request(path_info) || check_forbidden(path_info)
+        client_error_response
       else
         path = ::File.join(@root, path_info)
         list_path(env, path, path_info, script_name)
       end
     end
 
+    # Rack response to use for requests with invalid paths, or nil if path is valid.
     def check_bad_request(path_info)
       return if Utils.valid_path?(path_info)
 
       body = "Bad Request\n"
-      size = body.bytesize
-      return [400, { CONTENT_TYPE => "text/plain",
-        CONTENT_LENGTH => size.to_s,
-        "X-Cascade" => "pass" }, [body]]
+      [400, { CONTENT_TYPE => "text/plain",
+        CONTENT_LENGTH => body.bytesize.to_s,
+        "x-cascade" => "pass" }, [body]]
     end
 
+    # Rack response to use for requests with paths outside the root, or nil if path is inside the root.
     def check_forbidden(path_info)
       return unless path_info.include? ".."
+      return if ::File.expand_path(::File.join(@root, path_info)).start_with?(@root)
 
       body = "Forbidden\n"
-      size = body.bytesize
-      return [403, { CONTENT_TYPE => "text/plain",
-        CONTENT_LENGTH => size.to_s,
-        "X-Cascade" => "pass" }, [body]]
+      [403, { CONTENT_TYPE => "text/plain",
+        CONTENT_LENGTH => body.bytesize.to_s,
+        "x-cascade" => "pass" }, [body]]
     end
 
+    # Rack response to use for directories under the root.
     def list_directory(path_info, path, script_name)
-      files = [['../', 'Parent Directory', '', '', '']]
-      glob = ::File.join(path, '*')
-
       url_head = (script_name.split('/') + path_info.split('/')).map do |part|
-        Rack::Utils.escape_path part
+        Utils.escape_path part
       end
 
-      Dir[glob].sort.each do |node|
-        stat = stat(node)
+      # Globbing not safe as path could contain glob metacharacters
+      body = DirectoryBody.new(@root, path, ->(basename) do
+        stat = stat(::File.join(path, basename))
         next unless stat
-        basename = ::File.basename(node)
-        ext = ::File.extname(node)
 
-        url = ::File.join(*url_head + [Rack::Utils.escape_path(basename)])
-        size = stat.size
-        type = stat.directory? ? 'directory' : Mime.mime_type(ext)
-        size = stat.directory? ? '-' : filesize_format(size)
+        url = ::File.join(*url_head + [Utils.escape_path(basename)])
         mtime = stat.mtime.httpdate
-        url << '/'  if stat.directory?
-        basename << '/'  if stat.directory?
-
-        files << [ url, basename, size, type, mtime ]
-      end
-
-      return [ 200, { CONTENT_TYPE => 'text/html; charset=utf-8' }, DirectoryBody.new(@root, path, files) ]
+        if stat.directory?
+          type = 'directory'
+          size = '-'
+          url << '/'
+          if basename == '..'
+            basename = 'Parent Directory'
+          else
+            basename << '/'
+          end
+        else
+          type = Mime.mime_type(::File.extname(basename))
+          size = filesize_format(stat.size)
+        end
+
+        [ url, basename, size, type, mtime ]
+      end)
+
+      [ 200, { CONTENT_TYPE => 'text/html; charset=utf-8' }, body ]
     end
 
-    def stat(node)
-      ::File.stat(node)
+    # File::Stat for the given path, but return nil for missing/bad entries.
+    def stat(path)
+      ::File.stat(path)
     rescue Errno::ENOENT, Errno::ELOOP
       return nil
     end
 
-    # TODO: add correct response if not readable, not sure if 404 is the best
-    #       option
+    # Rack response to use for files and directories under the root.
+    # Unreadable and non-file, non-directory entries will get a 404 response.
     def list_path(env, path, path_info, script_name)
-      stat = ::File.stat(path)
-
-      if stat.readable?
+      if (stat = stat(path)) && stat.readable?
         return @app.call(env) if stat.file?
         return list_directory(path_info, path, script_name) if stat.directory?
-      else
-        raise Errno::ENOENT, 'No such file or directory'
       end
 
-    rescue Errno::ENOENT, Errno::ELOOP
-      return entity_not_found(path_info)
+      entity_not_found(path_info)
     end
 
+    # Rack response to use for unreadable and non-file, non-directory entries.
     def entity_not_found(path_info)
       body = "Entity not found: #{path_info}\n"
-      size = body.bytesize
-      return [404, { CONTENT_TYPE => "text/plain",
-        CONTENT_LENGTH => size.to_s,
-        "X-Cascade" => "pass" }, [body]]
+      [404, { CONTENT_TYPE => "text/plain",
+        CONTENT_LENGTH => body.bytesize.to_s,
+        "x-cascade" => "pass" }, [body]]
     end
 
     # Stolen from Ramaze
-
     FILESIZE_FORMAT = [
       ['%.1fT', 1 << 40],
       ['%.1fG', 1 << 30],
@@ -171,6 +193,7 @@ table { width:100%%; }
       ['%.1fK', 1 << 10],
     ]
 
+    # Provide human readable file sizes
     def filesize_format(int)
       FILESIZE_FORMAT.each do |format, size|
         return format % (int.to_f / size) if int >= size

data/lib/rack/etag.rb

@@ -1,17 +1,19 @@
 # frozen_string_literal: true
 
-require 'rack'
 require 'digest/sha2'
 
+require_relative 'constants'
+require_relative 'utils'
+
 module Rack
-  # Automatically sets the ETag header on all String bodies.
+  # Automatically sets the etag header on all String bodies.
   #
-  # The ETag header is skipped if ETag or Last-Modified headers are sent or if
+  # The etag header is skipped if etag or last-modified headers are sent or if
   # a sendfile body (body.responds_to :to_path) is given (since such cases
   # should be handled by apache/nginx).
   #
-  # On initialization, you can pass two parameters: a Cache-Control directive
-  # used when Etag is absent and a directive when it is present. The first
+  # On initialization, you can pass two parameters: a cache-control directive
+  # used when etag is absent and a directive when it is present. The first
   # defaults to nil, while the second defaults to "max-age=0, private, must-revalidate"
   class ETag
     ETAG_STRING = Rack::ETAG
@@ -24,14 +26,11 @@ module Rack
     end
 
     def call(env)
-      status, headers, body = @app.call(env)
+      status, headers, body = response = @app.call(env)
 
-      if etag_status?(status) && etag_body?(body) && !skip_caching?(headers)
-        original_body = body
-        digest, new_body = digest_body(body)
-        body = Rack::BodyProxy.new(new_body) do
-          original_body.close if original_body.respond_to?(:close)
-        end
+      if etag_status?(status) && body.respond_to?(:to_ary) && !skip_caching?(headers)
+        body = body.to_ary
+        digest = digest_body(body)
         headers[ETAG_STRING] = %(W/"#{digest}") if digest
       end
 
@@ -43,7 +42,7 @@ module Rack
         end
       end
 
-      [status, headers, body]
+      response
     end
 
     private
@@ -52,25 +51,18 @@ module Rack
         status == 200 || status == 201
       end
 
-      def etag_body?(body)
-        !body.respond_to?(:to_path)
-      end
-
       def skip_caching?(headers)
-        (headers[CACHE_CONTROL] && headers[CACHE_CONTROL].include?('no-cache')) ||
-          headers.key?(ETAG_STRING) || headers.key?('Last-Modified')
+        headers.key?(ETAG_STRING) || headers.key?('last-modified')
       end
 
       def digest_body(body)
-        parts = []
         digest = nil
 
         body.each do |part|
-          parts << part
           (digest ||= Digest::SHA256.new) << part unless part.empty?
         end
 
-        [digest && digest.hexdigest.byteslice(0, 32), parts]
+        digest && digest.hexdigest.byteslice(0,32)
       end
   end
 end

data/lib/rack/events.rb

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
 
-require 'rack/response'
-require 'rack/body_proxy'
+require_relative 'body_proxy'
+require_relative 'request'
+require_relative 'response'
 
 module Rack
   ### This middleware provides hooks to certain places in the request /
@@ -59,26 +60,26 @@ module Rack
 
   class Events
     module Abstract
-      def on_start req, res
+      def on_start(req, res)
       end
 
-      def on_commit req, res
+      def on_commit(req, res)
       end
 
-      def on_send req, res
+      def on_send(req, res)
       end
 
-      def on_finish req, res
+      def on_finish(req, res)
       end
 
-      def on_error req, res, e
+      def on_error(req, res, e)
       end
     end
 
     class EventedBodyProxy < Rack::BodyProxy # :nodoc:
       attr_reader :request, :response
 
-      def initialize body, request, response, handlers, &block
+      def initialize(body, request, response, handlers, &block)
         super(body, &block)
         @request  = request
         @response = response
@@ -94,7 +95,7 @@ module Rack
     class BufferedResponse < Rack::Response::Raw # :nodoc:
       attr_reader :body
 
-      def initialize status, headers, body
+      def initialize(status, headers, body)
         super(status, headers)
         @body = body
       end
@@ -102,12 +103,12 @@ module Rack
       def to_a; [status, headers, body]; end
     end
 
-    def initialize app, handlers
+    def initialize(app, handlers)
       @app      = app
       @handlers = handlers
     end
 
-    def call env
+    def call(env)
       request = make_request env
       on_start request, nil
 
@@ -129,27 +130,27 @@ module Rack
 
     private
 
-    def on_error request, response, e
+    def on_error(request, response, e)
       @handlers.reverse_each { |handler| handler.on_error request, response, e }
     end
 
-    def on_commit request, response
+    def on_commit(request, response)
       @handlers.reverse_each { |handler| handler.on_commit request, response }
     end
 
-    def on_start request, response
+    def on_start(request, response)
       @handlers.each { |handler| handler.on_start request, nil }
     end
 
-    def on_finish request, response
+    def on_finish(request, response)
       @handlers.reverse_each { |handler| handler.on_finish request, response }
     end
 
-    def make_request env
+    def make_request(env)
       Rack::Request.new env
     end
 
-    def make_response status, headers, body
+    def make_response(status, headers, body)
       BufferedResponse.new status, headers, body
     end
   end

data/lib/rack/files.rb

@@ -1,10 +1,12 @@
 # frozen_string_literal: true
 
 require 'time'
-require 'rack/utils'
-require 'rack/mime'
-require 'rack/request'
-require 'rack/head'
+
+require_relative 'constants'
+require_relative 'head'
+require_relative 'utils'
+require_relative 'request'
+require_relative 'mime'
 
 module Rack
   # Rack::Files serves files below the +root+ directory given, according to the
@@ -18,11 +20,12 @@ module Rack
   class Files
     ALLOWED_VERBS = %w[GET HEAD OPTIONS]
     ALLOW_HEADER = ALLOWED_VERBS.join(', ')
+    MULTIPART_BOUNDARY = 'AaB03x'
 
     attr_reader :root
 
     def initialize(root, headers = {}, default_mime = 'text/plain')
-      @root = ::File.expand_path root
+      @root = (::File.expand_path(root) if root)
       @headers = headers
       @default_mime = default_mime
       @head = Rack::Head.new(lambda { |env| get env })
@@ -36,7 +39,7 @@ module Rack
     def get(env)
       request = Rack::Request.new env
       unless ALLOWED_VERBS.include? request.request_method
-        return fail(405, "Method Not Allowed", { 'Allow' => ALLOW_HEADER })
+        return fail(405, "Method Not Allowed", { 'allow' => ALLOW_HEADER })
       end
 
       path_info = Utils.unescape_path request.path_info
@@ -48,7 +51,11 @@ module Rack
       available = begin
         ::File.file?(path) && ::File.readable?(path)
       rescue SystemCallError
+        # Not sure in what conditions this exception can occur, but this
+        # is a safe way to handle such an error.
+        # :nocov:
         false
+        # :nocov:
       end
 
       if available
@@ -60,85 +67,126 @@ module Rack
 
     def serving(request, path)
       if request.options?
-        return [200, { 'Allow' => ALLOW_HEADER, CONTENT_LENGTH => '0' }, []]
+        return [200, { 'allow' => ALLOW_HEADER, CONTENT_LENGTH => '0' }, []]
       end
       last_modified = ::File.mtime(path).httpdate
       return [304, {}, []] if request.get_header('HTTP_IF_MODIFIED_SINCE') == last_modified
 
-      headers = { "Last-Modified" => last_modified }
+      headers = { "last-modified" => last_modified }
       mime_type = mime_type path, @default_mime
       headers[CONTENT_TYPE] = mime_type if mime_type
 
       # Set custom headers
-      @headers.each { |field, content| headers[field] = content } if @headers
-
-      response = [ 200, headers ]
+      headers.merge!(@headers) if @headers
 
+      status = 200
       size = filesize path
 
-      range = nil
       ranges = Rack::Utils.get_byte_ranges(request.get_header('HTTP_RANGE'), size)
-      if ranges.nil? || ranges.length > 1
-        # No ranges, or multiple ranges (which we don't support):
-        # TODO: Support multiple byte-ranges
-        response[0] = 200
-        range = 0..size - 1
+      if ranges.nil?
+        # No ranges:
+        ranges = [0..size - 1]
       elsif ranges.empty?
         # Unsatisfiable. Return error, and file size:
         response = fail(416, "Byte range unsatisfiable")
-        response[1]["Content-Range"] = "bytes */#{size}"
+        response[1]["content-range"] = "bytes */#{size}"
         return response
       else
-        # Partial content:
-        range = ranges[0]
-        response[0] = 206
-        response[1]["Content-Range"] = "bytes #{range.begin}-#{range.end}/#{size}"
-        size = range.end - range.begin + 1
+        # Partial content
+        partial_content = true
+
+        if ranges.size == 1
+          range = ranges[0]
+          headers["content-range"] = "bytes #{range.begin}-#{range.end}/#{size}"
+        else
+          headers[CONTENT_TYPE] = "multipart/byteranges; boundary=#{MULTIPART_BOUNDARY}"
+        end
+
+        status = 206
+        body = BaseIterator.new(path, ranges, mime_type: mime_type, size: size)
+        size = body.bytesize
       end
 
-      response[2] = [response_body] unless response_body.nil?
+      headers[CONTENT_LENGTH] = size.to_s
 
-      response[1][CONTENT_LENGTH] = size.to_s
-      response[2] = make_body request, path, range
-      response
+      if request.head?
+        body = []
+      elsif !partial_content
+        body = Iterator.new(path, ranges, mime_type: mime_type, size: size)
+      end
+
+      [status, headers, body]
     end
 
-    class Iterator
-      attr_reader :path, :range
-      alias :to_path :path
+    class BaseIterator
+      attr_reader :path, :ranges, :options
 
-      def initialize path, range
-        @path  = path
-        @range = range
+      def initialize(path, ranges, options)
+        @path = path
+        @ranges = ranges
+        @options = options
       end
 
       def each
         ::File.open(path, "rb") do |file|
-          file.seek(range.begin)
-          remaining_len = range.end - range.begin + 1
-          while remaining_len > 0
-            part = file.read([8192, remaining_len].min)
-            break unless part
-            remaining_len -= part.length
-
-            yield part
+          ranges.each do |range|
+            yield multipart_heading(range) if multipart?
+
+            each_range_part(file, range) do |part|
+              yield part
+            end
           end
+
+          yield "\r\n--#{MULTIPART_BOUNDARY}--\r\n" if multipart?
+        end
+      end
+
+      def bytesize
+        size = ranges.inject(0) do |sum, range|
+          sum += multipart_heading(range).bytesize if multipart?
+          sum += range.size
         end
+        size += "\r\n--#{MULTIPART_BOUNDARY}--\r\n".bytesize if multipart?
+        size
       end
 
       def close; end
-    end
 
-    private
+      private
 
-    def make_body request, path, range
-      if request.head?
-        []
-      else
-        Iterator.new path, range
+      def multipart?
+        ranges.size > 1
+      end
+
+      def multipart_heading(range)
+<<-EOF
+\r
+--#{MULTIPART_BOUNDARY}\r
+content-type: #{options[:mime_type]}\r
+content-range: bytes #{range.begin}-#{range.end}/#{options[:size]}\r
+\r
+EOF
+      end
+
+      def each_range_part(file, range)
+        file.seek(range.begin)
+        remaining_len = range.end - range.begin + 1
+        while remaining_len > 0
+          part = file.read([8192, remaining_len].min)
+          break unless part
+          remaining_len -= part.length
+
+          yield part
+        end
       end
     end
 
+    class Iterator < BaseIterator
+      alias :to_path :path
+    end
+
+    private
+
     def fail(status, body, headers = {})
       body += "\n"
 
@@ -147,32 +195,22 @@ module Rack
         {
           CONTENT_TYPE   => "text/plain",
           CONTENT_LENGTH => body.size.to_s,
-          "X-Cascade" => "pass"
+          "x-cascade" => "pass"
         }.merge!(headers),
         [body]
       ]
     end
 
     # The MIME type for the contents of the file located at @path
-    def mime_type path, default_mime
+    def mime_type(path, default_mime)
       Mime.mime_type(::File.extname(path), default_mime)
     end
 
-    def filesize path
-      # If response_body is present, use its size.
-      return response_body.bytesize if response_body
-
+    def filesize(path)
       #   We check via File::size? whether this file provides size info
       #   via stat (e.g. /proc files often don't), otherwise we have to
       #   figure it out by reading the whole file into memory.
       ::File.size?(path) || ::File.read(path).bytesize
     end
-
-    # By default, the response body for file requests is nil.
-    # In this case, the response body will be generated later
-    # from the file at @path
-    def response_body
-      nil
-    end
   end
 end