rack 2.1.2 → 2.2.2

data/lib/rack/common_logger.rb

@@ -1,45 +1,49 @@
 # frozen_string_literal: true
 
-require 'rack/body_proxy'
-
 module Rack
   # Rack::CommonLogger forwards every request to the given +app+, and
   # logs a line in the
   # {Apache common log format}[http://httpd.apache.org/docs/1.3/logs.html#common]
-  # to the +logger+.
-  #
-  # If +logger+ is nil, CommonLogger will fall back +rack.errors+, which is
-  # an instance of Rack::NullLogger.
-  #
-  # +logger+ can be any class, including the standard library Logger, and is
-  # expected to have either +write+ or +<<+ method, which accepts the CommonLogger::FORMAT.
-  # According to the SPEC, the error stream must also respond to +puts+
-  # (which takes a single argument that responds to +to_s+), and +flush+
-  # (which is called without arguments in order to make the error appear for
-  # sure)
+  # to the configured logger.
   class CommonLogger
     # Common Log Format: http://httpd.apache.org/docs/1.3/logs.html#common
     #
     #   lilith.local - - [07/Aug/2006 23:58:02 -0400] "GET / HTTP/1.1" 500 -
     #
     #   %{%s - %s [%s] "%s %s%s %s" %d %s\n} %
-    FORMAT = %{%s - %s [%s] "%s %s%s %s" %d %s %0.4f\n}
+    #
+    # The actual format is slightly different than the above due to the
+    # separation of SCRIPT_NAME and PATH_INFO, and because the elapsed
+    # time in seconds is included at the end.
+    FORMAT = %{%s - %s [%s] "%s %s%s%s %s" %d %s %0.4f\n}
 
+    # +logger+ can be any object that supports the +write+ or +<<+ methods,
+    # which includes the standard library Logger.  These methods are called
+    # with a single string argument, the log message.
+    # If +logger+ is nil, CommonLogger will fall back <tt>env['rack.errors']</tt>.
     def initialize(app, logger = nil)
       @app = app
       @logger = logger
     end
 
+    # Log all requests in common_log format after a response has been
+    # returned.  Note that if the app raises an exception, the request
+    # will not be logged, so if exception handling middleware are used,
+    # they should be loaded after this middleware.  Additionally, because
+    # the logging happens after the request body has been fully sent, any
+    # exceptions raised during the sending of the response body will
+    # cause the request not to be logged.
     def call(env)
       began_at = Utils.clock_time
-      status, header, body = @app.call(env)
-      header = Utils::HeaderHash.new(header)
-      body = BodyProxy.new(body) { log(env, status, header, began_at) }
-      [status, header, body]
+      status, headers, body = @app.call(env)
+      headers = Utils::HeaderHash[headers]
+      body = BodyProxy.new(body) { log(env, status, headers, began_at) }
+      [status, headers, body]
     end
 
     private
 
+    # Log the request to the configured logger.
     def log(env, status, header, began_at)
       length = extract_content_length(header)
 
@@ -48,6 +52,7 @@ module Rack
         env["REMOTE_USER"] || "-",
         Time.now.strftime("%d/%b/%Y:%H:%M:%S %z"),
         env[REQUEST_METHOD],
+        env[SCRIPT_NAME],
         env[PATH_INFO],
         env[QUERY_STRING].empty? ? "" : "?#{env[QUERY_STRING]}",
         env[SERVER_PROTOCOL],
@@ -65,6 +70,8 @@ module Rack
       end
     end
 
+    # Attempt to determine the content length for the response to
+    # include it in the logged data.
     def extract_content_length(headers)
       value = headers[CONTENT_LENGTH]
       !value || value.to_s == '0' ? '-' : value

data/lib/rack/conditional_get.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'rack/utils'
-
 module Rack
 
   # Middleware that enables conditional GET using If-None-Match and
@@ -21,11 +19,13 @@ module Rack
       @app = app
     end
 
+    # Return empty 304 response if the response has not been
+    # modified since the last request.
     def call(env)
       case env[REQUEST_METHOD]
       when "GET", "HEAD"
         status, headers, body = @app.call(env)
-        headers = Utils::HeaderHash.new(headers)
+        headers = Utils::HeaderHash[headers]
         if status == 200 && fresh?(env, headers)
           status = 304
           headers.delete(CONTENT_TYPE)
@@ -43,28 +43,32 @@ module Rack
 
   private
 
+    # Return whether the response has not been modified since the
+    # last request.
     def fresh?(env, headers)
-      modified_since = env['HTTP_IF_MODIFIED_SINCE']
-      none_match     = env['HTTP_IF_NONE_MATCH']
-
-      return false unless modified_since || none_match
-
-      success = true
-      success &&= modified_since?(to_rfc2822(modified_since), headers) if modified_since
-      success &&= etag_matches?(none_match, headers) if none_match
-      success
+      # If-None-Match has priority over If-Modified-Since per RFC 7232
+      if none_match = env['HTTP_IF_NONE_MATCH']
+        etag_matches?(none_match, headers)
+      elsif (modified_since = env['HTTP_IF_MODIFIED_SINCE']) && (modified_since = to_rfc2822(modified_since))
+        modified_since?(modified_since, headers)
+      end
     end
 
+    # Whether the ETag response header matches the If-None-Match request header.
+    # If so, the request has not been modified.
     def etag_matches?(none_match, headers)
-      etag = headers['ETag'] and etag == none_match
+      headers['ETag'] == none_match
     end
 
+    # Whether the Last-Modified response header matches the If-Modified-Since
+    # request header.  If so, the request has not been modified.
     def modified_since?(modified_since, headers)
       last_modified = to_rfc2822(headers['Last-Modified']) and
-        modified_since and
         modified_since >= last_modified
     end
 
+    # Return a Time object for the given string (which should be in RFC2822
+    # format), or nil if the string cannot be parsed.
     def to_rfc2822(since)
       # shortest possible valid date is the obsolete: 1 Nov 97 09:55 A
       # anything shorter is invalid, this avoids exceptions for common cases
@@ -73,8 +77,6 @@ module Rack
         # NOTE: there is no trivial way to write this in a non exception way
         #   _rfc2822 returns a hash but is not that usable
         Time.rfc2822(since) rescue nil
-      else
-        nil
       end
     end
   end

data/lib/rack/content_length.rb

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
-require 'rack/utils'
-require 'rack/body_proxy'
-
 module Rack
 
-  # Sets the Content-Length header on responses with fixed-length bodies.
+  # Sets the Content-Length header on responses that do not specify
+  # a Content-Length or Transfer-Encoding header.  Note that this
+  # does not fix responses that have an invalid Content-Length
+  # header specified.
   class ContentLength
     include Rack::Utils
 
@@ -15,12 +15,11 @@ module Rack
 
     def call(env)
       status, headers, body = @app.call(env)
-      headers = HeaderHash.new(headers)
+      headers = HeaderHash[headers]
 
       if !STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i) &&
          !headers[CONTENT_LENGTH] &&
-         !headers[TRANSFER_ENCODING] &&
-         body.respond_to?(:to_ary)
+         !headers[TRANSFER_ENCODING]
 
         obody = body
         body, length = [], 0

data/lib/rack/content_type.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'rack/utils'
-
 module Rack
 
   # Sets the Content-Type header on responses which don't have one.
@@ -9,7 +7,8 @@ module Rack
   # Builder Usage:
   #   use Rack::ContentType, "text/plain"
   #
-  # When no content type argument is provided, "text/html" is assumed.
+  # When no content type argument is provided, "text/html" is the
+  # default.
   class ContentType
     include Rack::Utils
 
@@ -19,7 +18,7 @@ module Rack
 
     def call(env)
       status, headers, body = @app.call(env)
-      headers = Utils::HeaderHash.new(headers)
+      headers = Utils::HeaderHash[headers]
 
       unless STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i)
         headers[CONTENT_TYPE] ||= @content_type

data/lib/rack/deflater.rb

@@ -2,48 +2,47 @@
 
 require "zlib"
 require "time"  # for Time.httpdate
-require 'rack/utils'
-
-require_relative 'core_ext/regexp'
 
 module Rack
-  # This middleware enables compression of http responses.
+  # This middleware enables content encoding of http responses,
+  # usually for purposes of compression.
+  #
+  # Currently supported encodings:
   #
-  # Currently supported compression algorithms:
+  # * gzip
+  # * identity (no transformation)
   #
-  #   * gzip
-  #   * identity (no transformation)
+  # This middleware automatically detects when encoding is supported
+  # and allowed. For example no encoding is made when a cache
+  # directive of 'no-transform' is present, when the response status
+  # code is one that doesn't allow an entity body, or when the body
+  # is empty.
   #
-  # The middleware automatically detects when compression is supported
-  # and allowed. For example no transformation is made when a cache
-  # directive of 'no-transform' is present, or when the response status
-  # code is one that doesn't allow an entity body.
+  # Note that despite the name, Deflater does not support the +deflate+
+  # encoding.
   class Deflater
-    using ::Rack::RegexpExtensions
+    (require_relative 'core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
 
-    ##
-    # Creates Rack::Deflater middleware.
+    # Creates Rack::Deflater middleware. Options:
     #
-    # [app] rack app instance
-    # [options] hash of deflater options, i.e.
-    #           'if' - a lambda enabling / disabling deflation based on returned boolean value
-    #                  e.g use Rack::Deflater, :if => lambda { |*, body| sum=0; body.each { |i| sum += i.length }; sum > 512 }
-    #           'include' - a list of content types that should be compressed
-    #           'sync' - determines if the stream is going to be flushed after every chunk.
-    #                    Flushing after every chunk reduces latency for
-    #                    time-sensitive streaming applications, but hurts
-    #                    compression and throughput. Defaults to `true'.
+    # :if :: a lambda enabling / disabling deflation based on returned boolean value
+    #        (e.g <tt>use Rack::Deflater, :if => lambda { |*, body| sum=0; body.each { |i| sum += i.length }; sum > 512 }</tt>).
+    #        However, be aware that calling `body.each` inside the block will break cases where `body.each` is not idempotent,
+    #        such as when it is an +IO+ instance.
+    # :include :: a list of content types that should be compressed. By default, all content types are compressed.
+    # :sync :: determines if the stream is going to be flushed after every chunk.  Flushing after every chunk reduces
+    #          latency for time-sensitive streaming applications, but hurts compression and throughput.
+    #          Defaults to +true+.
     def initialize(app, options = {})
       @app = app
-
       @condition = options[:if]
       @compressible_types = options[:include]
-      @sync = options[:sync] == false ? false : true
+      @sync = options.fetch(:sync, true)
     end
 
     def call(env)
       status, headers, body = @app.call(env)
-      headers = Utils::HeaderHash.new(headers)
+      headers = Utils::HeaderHash[headers]
 
       unless should_deflate?(env, status, headers, body)
         return [status, headers, body]
@@ -63,7 +62,7 @@ module Rack
       case encoding
       when "gzip"
         headers['Content-Encoding'] = "gzip"
-        headers.delete('Content-Length')
+        headers.delete(CONTENT_LENGTH)
         mtime = headers["Last-Modified"]
         mtime = Time.httpdate(mtime).to_i if mtime
         [status, headers, GzipStream.new(body, mtime, @sync)]
@@ -72,49 +71,60 @@ module Rack
       when nil
         message = "An acceptable encoding for the requested resource #{request.fullpath} could not be found."
         bp = Rack::BodyProxy.new([message]) { body.close if body.respond_to?(:close) }
-        [406, { 'Content-Type' => "text/plain", 'Content-Length' => message.length.to_s }, bp]
+        [406, { CONTENT_TYPE => "text/plain", CONTENT_LENGTH => message.length.to_s }, bp]
       end
     end
 
+    # Body class used for gzip encoded responses.
     class GzipStream
+      # Initialize the gzip stream.  Arguments:
+      # body :: Response body to compress with gzip
+      # mtime :: The modification time of the body, used to set the
+      #          modification time in the gzip header.
+      # sync :: Whether to flush each gzip chunk as soon as it is ready.
       def initialize(body, mtime, sync)
-        @sync = sync
         @body = body
         @mtime = mtime
+        @sync = sync
       end
 
+      # Yield gzip compressed strings to the given block.
       def each(&block)
         @writer = block
         gzip = ::Zlib::GzipWriter.new(self)
         gzip.mtime = @mtime if @mtime
         @body.each { |part|
-          len = gzip.write(part)
-          # Flushing empty parts would raise Zlib::BufError.
-          gzip.flush if @sync && len > 0
+          # Skip empty strings, as they would result in no output,
+          # and flushing empty parts would raise Zlib::BufError.
+          next if part.empty?
+
+          gzip.write(part)
+          gzip.flush if @sync
         }
       ensure
         gzip.close
-        @writer = nil
       end
 
+      # Call the block passed to #each with the the gzipped data.
       def write(data)
         @writer.call(data)
       end
 
+      # Close the original body if possible.
       def close
         @body.close if @body.respond_to?(:close)
-        @body = nil
       end
     end
 
     private
 
+    # Whether the body should be compressed.
     def should_deflate?(env, status, headers, body)
       # Skip compressing empty entity body responses and responses with
       # no-transform set.
       if Utils::STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i) ||
           /\bno-transform\b/.match?(headers['Cache-Control'].to_s) ||
-         (headers['Content-Encoding'] && headers['Content-Encoding'] !~ /\bidentity\b/)
+          headers['Content-Encoding']&.!~(/\bidentity\b/)
         return false
       end
 

data/lib/rack/directory.rb

@@ -1,9 +1,6 @@
 # frozen_string_literal: true
 
 require 'time'
-require 'rack/utils'
-require 'rack/mime'
-require 'rack/files'
 
 module Rack
   # Rack::Directory serves entries below the +root+ given, according to the
@@ -14,8 +11,8 @@ module Rack
   # If +app+ is not specified, a Rack::Files of the same +root+ will be used.
 
   class Directory
-    DIR_FILE = "<tr><td class='name'><a href='%s'>%s</a></td><td class='size'>%s</td><td class='type'>%s</td><td class='mtime'>%s</td></tr>"
-    DIR_PAGE = <<-PAGE
+    DIR_FILE = "<tr><td class='name'><a href='%s'>%s</a></td><td class='size'>%s</td><td class='type'>%s</td><td class='mtime'>%s</td></tr>\n"
+    DIR_PAGE_HEADER = <<-PAGE
 <html><head>
   <title>%s</title>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
@@ -36,33 +33,51 @@ table { width:100%%; }
     <th class='type'>Type</th>
     <th class='mtime'>Last Modified</th>
   </tr>
-%s
+    PAGE
+    DIR_PAGE_FOOTER = <<-PAGE
 </table>
 <hr />
 </body></html>
     PAGE
 
+    # Body class for directory entries, showing an index page with links
+    # to each file.
     class DirectoryBody < Struct.new(:root, :path, :files)
+      # Yield strings for each part of the directory entry
       def each
-        show_path = Rack::Utils.escape_html(path.sub(/^#{root}/, ''))
-        listings = files.map{|f| DIR_FILE % DIR_FILE_escape(*f) } * "\n"
-        page = DIR_PAGE % [ show_path, show_path, listings ]
-        page.each_line{|l| yield l }
+        show_path = Utils.escape_html(path.sub(/^#{root}/, ''))
+        yield(DIR_PAGE_HEADER % [ show_path, show_path ])
+
+        unless path.chomp('/') == root
+          yield(DIR_FILE % DIR_FILE_escape(files.call('..')))
+        end
+
+        Dir.foreach(path) do |basename|
+          next if basename.start_with?('.')
+          next unless f = files.call(basename)
+          yield(DIR_FILE % DIR_FILE_escape(f))
+        end
+
+        yield(DIR_PAGE_FOOTER)
       end
 
       private
-      # Assumes url is already escaped.
-      def DIR_FILE_escape url, *html
-        [url, *html.map { |e| Utils.escape_html(e) }]
+
+      # Escape each element in the array of html strings.
+      def DIR_FILE_escape(htmls)
+        htmls.map { |e| Utils.escape_html(e) }
       end
     end
 
-    attr_reader :root, :path
+    # The root of the directory hierarchy.  Only requests for files and
+    # directories inside of the root directory are supported.
+    attr_reader :root
 
+    # Set the root directory and application for serving files.
     def initialize(root, app = nil)
       @root = ::File.expand_path(root)
-      @app = app || Rack::Files.new(@root)
-      @head = Rack::Head.new(lambda { |env| get env })
+      @app = app || Files.new(@root)
+      @head = Head.new(method(:get))
     end
 
     def call(env)
@@ -70,100 +85,101 @@ table { width:100%%; }
       @head.call env
     end
 
+    # Internals of request handling.  Similar to call but does
+    # not remove body for HEAD requests.
     def get(env)
       script_name = env[SCRIPT_NAME]
       path_info = Utils.unescape_path(env[PATH_INFO])
 
-      if bad_request = check_bad_request(path_info)
-        bad_request
-      elsif forbidden = check_forbidden(path_info)
-        forbidden
+      if client_error_response = check_bad_request(path_info) || check_forbidden(path_info)
+        client_error_response
       else
         path = ::File.join(@root, path_info)
         list_path(env, path, path_info, script_name)
       end
     end
 
+    # Rack response to use for requests with invalid paths, or nil if path is valid.
     def check_bad_request(path_info)
       return if Utils.valid_path?(path_info)
 
       body = "Bad Request\n"
-      size = body.bytesize
-      return [400, { CONTENT_TYPE => "text/plain",
-        CONTENT_LENGTH => size.to_s,
+      [400, { CONTENT_TYPE => "text/plain",
+        CONTENT_LENGTH => body.bytesize.to_s,
         "X-Cascade" => "pass" }, [body]]
     end
 
+    # Rack response to use for requests with paths outside the root, or nil if path is inside the root.
     def check_forbidden(path_info)
       return unless path_info.include? ".."
+      return if ::File.expand_path(::File.join(@root, path_info)).start_with?(@root)
 
       body = "Forbidden\n"
-      size = body.bytesize
-      return [403, { CONTENT_TYPE => "text/plain",
-        CONTENT_LENGTH => size.to_s,
+      [403, { CONTENT_TYPE => "text/plain",
+        CONTENT_LENGTH => body.bytesize.to_s,
         "X-Cascade" => "pass" }, [body]]
     end
 
+    # Rack response to use for directories under the root.
     def list_directory(path_info, path, script_name)
-      files = [['../', 'Parent Directory', '', '', '']]
-      glob = ::File.join(path, '*')
-
       url_head = (script_name.split('/') + path_info.split('/')).map do |part|
-        Rack::Utils.escape_path part
+        Utils.escape_path part
       end
 
-      Dir[glob].sort.each do |node|
-        stat = stat(node)
+      # Globbing not safe as path could contain glob metacharacters
+      body = DirectoryBody.new(@root, path, ->(basename) do
+        stat = stat(::File.join(path, basename))
         next unless stat
-        basename = ::File.basename(node)
-        ext = ::File.extname(node)
 
-        url = ::File.join(*url_head + [Rack::Utils.escape_path(basename)])
-        size = stat.size
-        type = stat.directory? ? 'directory' : Mime.mime_type(ext)
-        size = stat.directory? ? '-' : filesize_format(size)
+        url = ::File.join(*url_head + [Utils.escape_path(basename)])
         mtime = stat.mtime.httpdate
-        url << '/'  if stat.directory?
-        basename << '/'  if stat.directory?
-
-        files << [ url, basename, size, type, mtime ]
-      end
-
-      return [ 200, { CONTENT_TYPE => 'text/html; charset=utf-8' }, DirectoryBody.new(@root, path, files) ]
+        if stat.directory?
+          type = 'directory'
+          size = '-'
+          url << '/'
+          if basename == '..'
+            basename = 'Parent Directory'
+          else
+            basename << '/'
+          end
+        else
+          type = Mime.mime_type(::File.extname(basename))
+          size = filesize_format(stat.size)
+        end
+
+        [ url, basename, size, type, mtime ]
+      end)
+
+      [ 200, { CONTENT_TYPE => 'text/html; charset=utf-8' }, body ]
     end
 
-    def stat(node)
-      ::File.stat(node)
+    # File::Stat for the given path, but return nil for missing/bad entries.
+    def stat(path)
+      ::File.stat(path)
     rescue Errno::ENOENT, Errno::ELOOP
       return nil
     end
 
-    # TODO: add correct response if not readable, not sure if 404 is the best
-    #       option
+    # Rack response to use for files and directories under the root.
+    # Unreadable and non-file, non-directory entries will get a 404 response.
     def list_path(env, path, path_info, script_name)
-      stat = ::File.stat(path)
-
-      if stat.readable?
+      if (stat = stat(path)) && stat.readable?
         return @app.call(env) if stat.file?
         return list_directory(path_info, path, script_name) if stat.directory?
-      else
-        raise Errno::ENOENT, 'No such file or directory'
       end
 
-    rescue Errno::ENOENT, Errno::ELOOP
-      return entity_not_found(path_info)
+      entity_not_found(path_info)
     end
 
+    # Rack response to use for unreadable and non-file, non-directory entries.
     def entity_not_found(path_info)
       body = "Entity not found: #{path_info}\n"
-      size = body.bytesize
-      return [404, { CONTENT_TYPE => "text/plain",
-        CONTENT_LENGTH => size.to_s,
+      [404, { CONTENT_TYPE => "text/plain",
+        CONTENT_LENGTH => body.bytesize.to_s,
         "X-Cascade" => "pass" }, [body]]
     end
 
     # Stolen from Ramaze
-
     FILESIZE_FORMAT = [
       ['%.1fT', 1 << 40],
       ['%.1fG', 1 << 30],
@@ -171,6 +187,7 @@ table { width:100%%; }
       ['%.1fK', 1 << 10],
     ]
 
+    # Provide human readable file sizes
     def filesize_format(int)
       FILESIZE_FORMAT.each do |format, size|
         return format % (int.to_f / size) if int >= size