rack 2.2.17 → 3.0.18

data/lib/rack/chunked.rb

@@ -1,22 +1,26 @@
 # frozen_string_literal: true
 
+require_relative 'constants'
+require_relative 'utils'
+
 module Rack
+  warn "Rack::Chunked is deprecated and will be removed in Rack 3.1", uplevel: 1
 
   # Middleware that applies chunked transfer encoding to response bodies
-  # when the response does not include a Content-Length header.
+  # when the response does not include a content-length header.
   #
-  # This supports the Trailer response header to allow the use of trailing
+  # This supports the trailer response header to allow the use of trailing
   # headers in the chunked encoding.  However, using this requires you manually
   # specify a response body that supports a +trailers+ method.  Example:
   #
-  #   [200, { 'Trailer' => 'Expires'}, ["Hello", "World"]]
+  #   [200, { 'trailer' => 'expires'}, ["Hello", "World"]]
   #   # error raised
   #
   #   body = ["Hello", "World"]
   #   def body.trailers
-  #     { 'Expires' => Time.now.to_s }
+  #     { 'expires' => Time.now.to_s }
   #   end
-  #   [200, { 'Trailer' => 'Expires'}, body]
+  #   [200, { 'trailer' => 'expires'}, body]
   #   # No exception raised
   class Chunked
     include Rack::Utils
@@ -92,11 +96,10 @@ module Rack
     end
 
     # If the rack app returns a response that should have a body,
-    # but does not have Content-Length or Transfer-Encoding headers,
-    # modify the response to use chunked Transfer-Encoding.
+    # but does not have content-length or transfer-encoding headers,
+    # modify the response to use chunked transfer-encoding.
     def call(env)
-      status, headers, body = @app.call(env)
-      headers = HeaderHash[headers]
+      status, headers, body = response = @app.call(env)
 
       if chunkable_version?(env[SERVER_PROTOCOL]) &&
          !STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i) &&
@@ -104,14 +107,14 @@ module Rack
          !headers[TRANSFER_ENCODING]
 
         headers[TRANSFER_ENCODING] = 'chunked'
-        if headers['Trailer']
-          body = TrailerBody.new(body)
+        if headers['trailer']
+          response[2] = TrailerBody.new(body)
         else
-          body = Body.new(body)
+          response[2] = Body.new(body)
         end
       end
 
-      [status, headers, body]
+      response
     end
   end
 end

data/lib/rack/common_logger.rb

@@ -1,5 +1,10 @@
 # frozen_string_literal: true
 
+require_relative 'constants'
+require_relative 'utils'
+require_relative 'body_proxy'
+require_relative 'request'
+
 module Rack
   # Rack::CommonLogger forwards every request to the given +app+, and
   # logs a line in the
@@ -35,36 +40,36 @@ module Rack
     # cause the request not to be logged.
     def call(env)
       began_at = Utils.clock_time
-      status, headers, body = @app.call(env)
-      headers = Utils::HeaderHash[headers]
-      body = BodyProxy.new(body) { log(env, status, headers, began_at) }
-      [status, headers, body]
+      status, headers, body = response = @app.call(env)
+
+      response[2] = BodyProxy.new(body) { log(env, status, headers, began_at) }
+      response
     end
 
     private
 
     # Log the request to the configured logger.
-    def log(env, status, header, began_at)
-      length = extract_content_length(header)
+    def log(env, status, response_headers, began_at)
+      request = Rack::Request.new(env)
+      length = extract_content_length(response_headers)
 
-      msg = FORMAT % [
-        env['HTTP_X_FORWARDED_FOR'] || env["REMOTE_ADDR"] || "-",
-        env["REMOTE_USER"] || "-",
+      msg = sprintf(FORMAT,
+        request.ip || "-",
+        request.get_header("REMOTE_USER") || "-",
         Time.now.strftime("%d/%b/%Y:%H:%M:%S %z"),
-        env[REQUEST_METHOD],
-        env[SCRIPT_NAME],
-        env[PATH_INFO],
-        env[QUERY_STRING].empty? ? "" : "?#{env[QUERY_STRING]}",
-        env[SERVER_PROTOCOL],
+        request.request_method,
+        request.script_name,
+        request.path_info,
+        request.query_string.empty? ? "" : "?#{request.query_string}",
+        request.get_header(SERVER_PROTOCOL),
         status.to_s[0..3],
         length,
-        Utils.clock_time - began_at ]
+        Utils.clock_time - began_at)
 
       msg.gsub!(/[^[:print:]]/) { |c| sprintf("\\x%x", c.ord) }
       msg[-1] = "\n"
 
-      logger = @logger || env[RACK_ERRORS]
-
+      logger = @logger || request.get_header(RACK_ERRORS)
       # Standard library logger doesn't support write but it supports << which actually
       # calls to write on the log device without formatting
       if logger.respond_to?(:write)

data/lib/rack/conditional_get.rb

@@ -1,10 +1,14 @@
 # frozen_string_literal: true
 
+require_relative 'constants'
+require_relative 'utils'
+require_relative 'body_proxy'
+
 module Rack
 
-  # Middleware that enables conditional GET using If-None-Match and
-  # If-Modified-Since. The application should set either or both of the
-  # Last-Modified or Etag response headers according to RFC 2616. When
+  # Middleware that enables conditional GET using if-none-match and
+  # if-modified-since. The application should set either or both of the
+  # last-modified or etag response headers according to RFC 2616. When
   # either of the conditions is met, the response body is set to be zero
   # length and the response status is set to 304 Not Modified.
   #
@@ -24,18 +28,17 @@ module Rack
     def call(env)
       case env[REQUEST_METHOD]
       when "GET", "HEAD"
-        status, headers, body = @app.call(env)
-        headers = Utils::HeaderHash[headers]
+        status, headers, body = response = @app.call(env)
+
         if status == 200 && fresh?(env, headers)
-          status = 304
+          response[0] = 304
           headers.delete(CONTENT_TYPE)
           headers.delete(CONTENT_LENGTH)
-          original_body = body
-          body = Rack::BodyProxy.new([]) do
-            original_body.close if original_body.respond_to?(:close)
+          response[2] = Rack::BodyProxy.new([]) do
+            body.close if body.respond_to?(:close)
           end
         end
-        [status, headers, body]
+        response
       else
         @app.call(env)
       end
@@ -46,7 +49,7 @@ module Rack
     # Return whether the response has not been modified since the
     # last request.
     def fresh?(env, headers)
-      # If-None-Match has priority over If-Modified-Since per RFC 7232
+      # if-none-match has priority over if-modified-since per RFC 7232
       if none_match = env['HTTP_IF_NONE_MATCH']
         etag_matches?(none_match, headers)
       elsif (modified_since = env['HTTP_IF_MODIFIED_SINCE']) && (modified_since = to_rfc2822(modified_since))
@@ -54,16 +57,16 @@ module Rack
       end
     end
 
-    # Whether the ETag response header matches the If-None-Match request header.
+    # Whether the etag response header matches the if-none-match request header.
     # If so, the request has not been modified.
     def etag_matches?(none_match, headers)
-      headers['ETag'] == none_match
+      headers[ETAG] == none_match
     end
 
-    # Whether the Last-Modified response header matches the If-Modified-Since
+    # Whether the last-modified response header matches the if-modified-since
     # request header.  If so, the request has not been modified.
     def modified_since?(modified_since, headers)
-      last_modified = to_rfc2822(headers['Last-Modified']) and
+      last_modified = to_rfc2822(headers['last-modified']) and
         modified_since >= last_modified
     end
 

data/lib/rack/constants.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+module Rack
+  # Request env keys
+  HTTP_HOST         = 'HTTP_HOST'
+  HTTP_PORT         = 'HTTP_PORT'
+  HTTPS             = 'HTTPS'
+  PATH_INFO         = 'PATH_INFO'
+  REQUEST_METHOD    = 'REQUEST_METHOD'
+  REQUEST_PATH      = 'REQUEST_PATH'
+  SCRIPT_NAME       = 'SCRIPT_NAME'
+  QUERY_STRING      = 'QUERY_STRING'
+  SERVER_PROTOCOL   = 'SERVER_PROTOCOL'
+  SERVER_NAME       = 'SERVER_NAME'
+  SERVER_PORT       = 'SERVER_PORT'
+  HTTP_COOKIE       = 'HTTP_COOKIE'
+
+  # Response Header Keys
+  CACHE_CONTROL     = 'cache-control'
+  CONTENT_LENGTH    = 'content-length'
+  CONTENT_TYPE      = 'content-type'
+  ETAG              = 'etag'
+  EXPIRES           = 'expires'
+  SET_COOKIE        = 'set-cookie'
+  TRANSFER_ENCODING = 'transfer-encoding'
+
+  # HTTP method verbs
+  GET     = 'GET'
+  POST    = 'POST'
+  PUT     = 'PUT'
+  PATCH   = 'PATCH'
+  DELETE  = 'DELETE'
+  HEAD    = 'HEAD'
+  OPTIONS = 'OPTIONS'
+  LINK    = 'LINK'
+  UNLINK  = 'UNLINK'
+  TRACE   = 'TRACE'
+
+  # Rack environment variables
+  RACK_VERSION                        = 'rack.version'
+  RACK_TEMPFILES                      = 'rack.tempfiles'
+  RACK_ERRORS                         = 'rack.errors'
+  RACK_LOGGER                         = 'rack.logger'
+  RACK_INPUT                          = 'rack.input'
+  RACK_SESSION                        = 'rack.session'
+  RACK_SESSION_OPTIONS                = 'rack.session.options'
+  RACK_SHOWSTATUS_DETAIL              = 'rack.showstatus.detail'
+  RACK_URL_SCHEME                     = 'rack.url_scheme'
+  RACK_HIJACK                         = 'rack.hijack'
+  RACK_IS_HIJACK                      = 'rack.hijack?'
+  RACK_RECURSIVE_INCLUDE              = 'rack.recursive.include'
+  RACK_MULTIPART_BUFFER_SIZE          = 'rack.multipart.buffer_size'
+  RACK_MULTIPART_TEMPFILE_FACTORY     = 'rack.multipart.tempfile_factory'
+  RACK_RESPONSE_FINISHED              = 'rack.response_finished'
+  RACK_REQUEST_FORM_INPUT             = 'rack.request.form_input'
+  RACK_REQUEST_FORM_HASH              = 'rack.request.form_hash'
+  RACK_REQUEST_FORM_VARS              = 'rack.request.form_vars'
+  RACK_REQUEST_FORM_ERROR             = 'rack.request.form_error'
+  RACK_REQUEST_COOKIE_HASH            = 'rack.request.cookie_hash'
+  RACK_REQUEST_COOKIE_STRING          = 'rack.request.cookie_string'
+  RACK_REQUEST_QUERY_HASH             = 'rack.request.query_hash'
+  RACK_REQUEST_QUERY_STRING           = 'rack.request.query_string'
+  RACK_METHODOVERRIDE_ORIGINAL_METHOD = 'rack.methodoverride.original_method'
+end

data/lib/rack/content_length.rb

@@ -1,10 +1,13 @@
 # frozen_string_literal: true
 
+require_relative 'constants'
+require_relative 'utils'
+
 module Rack
 
-  # Sets the Content-Length header on responses that do not specify
-  # a Content-Length or Transfer-Encoding header.  Note that this
-  # does not fix responses that have an invalid Content-Length
+  # Sets the content-length header on responses that do not specify
+  # a content-length or transfer-encoding header.  Note that this
+  # does not fix responses that have an invalid content-length
   # header specified.
   class ContentLength
     include Rack::Utils
@@ -14,25 +17,18 @@ module Rack
     end
 
     def call(env)
-      status, headers, body = @app.call(env)
-      headers = HeaderHash[headers]
+      status, headers, body = response = @app.call(env)
 
       if !STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i) &&
          !headers[CONTENT_LENGTH] &&
-         !headers[TRANSFER_ENCODING]
-
-        obody = body
-        body, length = [], 0
-        obody.each { |part| body << part; length += part.bytesize }
-
-        body = BodyProxy.new(body) do
-          obody.close if obody.respond_to?(:close)
-        end
+         !headers[TRANSFER_ENCODING] &&
+         body.respond_to?(:to_ary)
 
-        headers[CONTENT_LENGTH] = length.to_s
+        response[2] = body = body.to_ary
+        headers[CONTENT_LENGTH] = body.sum(&:bytesize).to_s
       end
 
-      [status, headers, body]
+      response
     end
   end
 end

data/lib/rack/content_type.rb

@@ -1,8 +1,11 @@
 # frozen_string_literal: true
 
+require_relative 'constants'
+require_relative 'utils'
+
 module Rack
 
-  # Sets the Content-Type header on responses which don't have one.
+  # Sets the content-type header on responses which don't have one.
   #
   # Builder Usage:
   #   use Rack::ContentType, "text/plain"
@@ -13,18 +16,18 @@ module Rack
     include Rack::Utils
 
     def initialize(app, content_type = "text/html")
-      @app, @content_type = app, content_type
+      @app = app
+      @content_type = content_type
     end
 
     def call(env)
-      status, headers, body = @app.call(env)
-      headers = Utils::HeaderHash[headers]
+      status, headers, _ = response = @app.call(env)
 
       unless STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i)
         headers[CONTENT_TYPE] ||= @content_type
       end
 
-      [status, headers, body]
+      response
     end
   end
 end

data/lib/rack/deflater.rb

@@ -3,6 +3,11 @@
 require "zlib"
 require "time"  # for Time.httpdate
 
+require_relative 'constants'
+require_relative 'utils'
+require_relative 'request'
+require_relative 'body_proxy'
+
 module Rack
   # This middleware enables content encoding of http responses,
   # usually for purposes of compression.
@@ -21,8 +26,6 @@ module Rack
   # Note that despite the name, Deflater does not support the +deflate+
   # encoding.
   class Deflater
-    (require_relative 'core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
-
     # Creates Rack::Deflater middleware. Options:
     #
     # :if :: a lambda enabling / disabling deflation based on returned boolean value
@@ -41,11 +44,10 @@ module Rack
     end
 
     def call(env)
-      status, headers, body = @app.call(env)
-      headers = Utils::HeaderHash[headers]
+      status, headers, body = response = @app.call(env)
 
       unless should_deflate?(env, status, headers, body)
-        return [status, headers, body]
+        return response
       end
 
       request = Request.new(env)
@@ -54,21 +56,23 @@ module Rack
                                             request.accept_encoding)
 
       # Set the Vary HTTP header.
-      vary = headers["Vary"].to_s.split(",").map(&:strip)
-      unless vary.include?("*") || vary.include?("Accept-Encoding")
-        headers["Vary"] = vary.push("Accept-Encoding").join(",")
+      vary = headers["vary"].to_s.split(",").map(&:strip)
+      unless vary.include?("*") || vary.any?{|v| v.downcase == 'accept-encoding'}
+        headers["vary"] = vary.push("Accept-Encoding").join(",")
       end
 
       case encoding
       when "gzip"
-        headers['Content-Encoding'] = "gzip"
+        headers['content-encoding'] = "gzip"
         headers.delete(CONTENT_LENGTH)
-        mtime = headers["Last-Modified"]
+        mtime = headers["last-modified"]
         mtime = Time.httpdate(mtime).to_i if mtime
-        [status, headers, GzipStream.new(body, mtime, @sync)]
+        response[2] = GzipStream.new(body, mtime, @sync)
+        response
       when "identity"
-        [status, headers, body]
-      when nil
+        response
+      else # when nil
+        # Only possible encoding values here are 'gzip', 'identity', and nil
         message = "An acceptable encoding for the requested resource #{request.fullpath} could not be found."
         bp = Rack::BodyProxy.new([message]) { body.close if body.respond_to?(:close) }
         [406, { CONTENT_TYPE => "text/plain", CONTENT_LENGTH => message.length.to_s }, bp]
@@ -77,6 +81,9 @@ module Rack
 
     # Body class used for gzip encoded responses.
     class GzipStream
+
+      BUFFER_LENGTH = 128 * 1_024
+
       # Initialize the gzip stream.  Arguments:
       # body :: Response body to compress with gzip
       # mtime :: The modification time of the body, used to set the
@@ -93,19 +100,26 @@ module Rack
         @writer = block
         gzip = ::Zlib::GzipWriter.new(self)
         gzip.mtime = @mtime if @mtime
-        @body.each { |part|
-          # Skip empty strings, as they would result in no output,
-          # and flushing empty parts would raise Zlib::BufError.
-          next if part.empty?
-
-          gzip.write(part)
-          gzip.flush if @sync
-        }
+        # @body.each is equivalent to @body.gets (slow)
+        if @body.is_a? ::File # XXX: Should probably be ::IO
+          while part = @body.read(BUFFER_LENGTH)
+            gzip.write(part)
+            gzip.flush if @sync
+          end
+        else
+          @body.each { |part|
+            # Skip empty strings, as they would result in no output,
+            # and flushing empty parts would raise Zlib::BufError.
+            next if part.empty?
+            gzip.write(part)
+            gzip.flush if @sync
+          }
+        end
       ensure
-        gzip.close
+        gzip.finish
       end
 
-      # Call the block passed to #each with the the gzipped data.
+      # Call the block passed to #each with the gzipped data.
       def write(data)
         @writer.call(data)
       end
@@ -123,13 +137,13 @@ module Rack
       # Skip compressing empty entity body responses and responses with
       # no-transform set.
       if Utils::STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i) ||
-          /\bno-transform\b/.match?(headers['Cache-Control'].to_s) ||
-          headers['Content-Encoding']&.!~(/\bidentity\b/)
+          /\bno-transform\b/.match?(headers[CACHE_CONTROL].to_s) ||
+          headers['content-encoding']&.!~(/\bidentity\b/)
         return false
       end
 
       # Skip if @compressible_types are given and does not include request's content type
-      return false if @compressible_types && !(headers.has_key?('Content-Type') && @compressible_types.include?(headers['Content-Type'][/[^;]*/]))
+      return false if @compressible_types && !(headers.has_key?(CONTENT_TYPE) && @compressible_types.include?(headers[CONTENT_TYPE][/[^;]*/]))
 
       # Skip if @condition lambda is given and evaluates to false
       return false if @condition && !@condition.call(env, status, headers, body)

data/lib/rack/directory.rb

@@ -2,6 +2,12 @@
 
 require 'time'
 
+require_relative 'constants'
+require_relative 'utils'
+require_relative 'head'
+require_relative 'mime'
+require_relative 'files'
+
 module Rack
   # Rack::Directory serves entries below the +root+ given, according to the
   # path info of the Rack request. If a directory is found, the file's contents
@@ -106,7 +112,7 @@ table { width:100%%; }
       body = "Bad Request\n"
       [400, { CONTENT_TYPE => "text/plain",
         CONTENT_LENGTH => body.bytesize.to_s,
-        "X-Cascade" => "pass" }, [body]]
+        "x-cascade" => "pass" }, [body]]
     end
 
     # Rack response to use for requests with paths outside the root, or nil if path is inside the root.
@@ -117,7 +123,7 @@ table { width:100%%; }
       body = "Forbidden\n"
       [403, { CONTENT_TYPE => "text/plain",
         CONTENT_LENGTH => body.bytesize.to_s,
-        "X-Cascade" => "pass" }, [body]]
+        "x-cascade" => "pass" }, [body]]
     end
 
     # Rack response to use for directories under the root.
@@ -176,7 +182,7 @@ table { width:100%%; }
       body = "Entity not found: #{path_info}\n"
       [404, { CONTENT_TYPE => "text/plain",
         CONTENT_LENGTH => body.bytesize.to_s,
-        "X-Cascade" => "pass" }, [body]]
+        "x-cascade" => "pass" }, [body]]
     end
 
     # Stolen from Ramaze

data/lib/rack/etag.rb

@@ -1,17 +1,19 @@
 # frozen_string_literal: true
 
-require_relative '../rack'
 require 'digest/sha2'
 
+require_relative 'constants'
+require_relative 'utils'
+
 module Rack
-  # Automatically sets the ETag header on all String bodies.
+  # Automatically sets the etag header on all String bodies.
   #
-  # The ETag header is skipped if ETag or Last-Modified headers are sent or if
+  # The etag header is skipped if etag or last-modified headers are sent or if
   # a sendfile body (body.responds_to :to_path) is given (since such cases
   # should be handled by apache/nginx).
   #
-  # On initialization, you can pass two parameters: a Cache-Control directive
-  # used when Etag is absent and a directive when it is present. The first
+  # On initialization, you can pass two parameters: a cache-control directive
+  # used when etag is absent and a directive when it is present. The first
   # defaults to nil, while the second defaults to "max-age=0, private, must-revalidate"
   class ETag
     ETAG_STRING = Rack::ETAG
@@ -24,17 +26,15 @@ module Rack
     end
 
     def call(env)
-      status, headers, body = @app.call(env)
-
-      headers = Utils::HeaderHash[headers]
+      status, headers, body = response = @app.call(env)
 
-      if etag_status?(status) && etag_body?(body) && !skip_caching?(headers)
-        original_body = body
-        digest, new_body = digest_body(body)
-        body = Rack::BodyProxy.new(new_body) do
-          original_body.close if original_body.respond_to?(:close)
-        end
+      if etag_status?(status) && body.respond_to?(:to_ary) && !skip_caching?(headers)
+        body = body.to_ary
+        digest = digest_body(body)
         headers[ETAG_STRING] = %(W/"#{digest}") if digest
+
+        # Body was modified, so we need to re-assign it:
+        response[2] = body
       end
 
       unless headers[CACHE_CONTROL]
@@ -45,7 +45,7 @@ module Rack
         end
       end
 
-      [status, headers, body]
+      response
     end
 
     private
@@ -54,24 +54,18 @@ module Rack
         status == 200 || status == 201
       end
 
-      def etag_body?(body)
-        !body.respond_to?(:to_path)
-      end
-
       def skip_caching?(headers)
-        headers.key?(ETAG_STRING) || headers.key?('Last-Modified')
+        headers.key?(ETAG_STRING) || headers.key?('last-modified')
       end
 
       def digest_body(body)
-        parts = []
         digest = nil
 
         body.each do |part|
-          parts << part
           (digest ||= Digest::SHA256.new) << part unless part.empty?
         end
 
-        [digest && digest.hexdigest.byteslice(0, 32), parts]
+        digest && digest.hexdigest.byteslice(0,32)
       end
   end
 end

data/lib/rack/events.rb

@@ -1,5 +1,9 @@
 # frozen_string_literal: true
 
+require_relative 'body_proxy'
+require_relative 'request'
+require_relative 'response'
+
 module Rack
   ### This middleware provides hooks to certain places in the request /
   # response lifecycle.  This is so that middleware that don't need to filter

data/lib/rack/file.rb

@@ -3,5 +3,7 @@
 require_relative 'files'
 
 module Rack
+  warn "Rack::File is deprecated and will be removed in Rack 3.1", uplevel: 1
+
   File = Files
 end