RubyGems - rack - Versions diffs - 2.2.8 → 3.0.9 - Mend

rack 2.2.8 → 3.0.9

Potentially problematic release.

This version of rack might be problematic. Click here for more details.

Files changed (87) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +213 -83
data/CONTRIBUTING.md +53 -47
data/MIT-LICENSE +1 -1
data/README.md +309 -0
data/SPEC.rdoc +174 -126
data/lib/rack/auth/abstract/handler.rb +3 -1
data/lib/rack/auth/abstract/request.rb +3 -1
data/lib/rack/auth/basic.rb +0 -2
data/lib/rack/auth/digest/md5.rb +1 -131
data/lib/rack/auth/digest/nonce.rb +1 -54
data/lib/rack/auth/digest/params.rb +1 -54
data/lib/rack/auth/digest/request.rb +1 -43
data/lib/rack/auth/digest.rb +256 -0
data/lib/rack/body_proxy.rb +3 -1
data/lib/rack/builder.rb +83 -63
data/lib/rack/cascade.rb +2 -0
data/lib/rack/chunked.rb +16 -13
data/lib/rack/common_logger.rb +23 -18
data/lib/rack/conditional_get.rb +18 -15
data/lib/rack/constants.rb +64 -0
data/lib/rack/content_length.rb +12 -16
data/lib/rack/content_type.rb +8 -5
data/lib/rack/deflater.rb +40 -26
data/lib/rack/directory.rb +9 -3
data/lib/rack/etag.rb +14 -23
data/lib/rack/events.rb +4 -0
data/lib/rack/file.rb +2 -0
data/lib/rack/files.rb +15 -17
data/lib/rack/head.rb +9 -8
data/lib/rack/headers.rb +154 -0
data/lib/rack/lint.rb +758 -646
data/lib/rack/lock.rb +2 -5
data/lib/rack/logger.rb +2 -0
data/lib/rack/media_type.rb +1 -1
data/lib/rack/method_override.rb +5 -1
data/lib/rack/mime.rb +8 -0
data/lib/rack/mock.rb +1 -271
data/lib/rack/mock_request.rb +166 -0
data/lib/rack/mock_response.rb +126 -0
data/lib/rack/multipart/generator.rb +7 -5
data/lib/rack/multipart/parser.rb +120 -64
data/lib/rack/multipart/uploaded_file.rb +4 -0
data/lib/rack/multipart.rb +20 -40
data/lib/rack/null_logger.rb +9 -0
data/lib/rack/query_parser.rb +78 -46
data/lib/rack/recursive.rb +2 -0
data/lib/rack/reloader.rb +0 -2
data/lib/rack/request.rb +224 -106
data/lib/rack/response.rb +138 -61
data/lib/rack/rewindable_input.rb +24 -5
data/lib/rack/runtime.rb +7 -6
data/lib/rack/sendfile.rb +30 -25
data/lib/rack/show_exceptions.rb +15 -2
data/lib/rack/show_status.rb +17 -7
data/lib/rack/static.rb +8 -8
data/lib/rack/tempfile_reaper.rb +15 -4
data/lib/rack/urlmap.rb +3 -1
data/lib/rack/utils.rb +202 -176
data/lib/rack/version.rb +9 -4
data/lib/rack.rb +6 -76
metadata +15 -35
data/README.rdoc +0 -320
data/Rakefile +0 -130
data/bin/rackup +0 -5
data/contrib/rack.png +0 -0
data/contrib/rack.svg +0 -150
data/contrib/rack_logo.svg +0 -164
data/contrib/rdoc.css +0 -412
data/example/lobster.ru +0 -6
data/example/protectedlobster.rb +0 -16
data/example/protectedlobster.ru +0 -10
data/lib/rack/core_ext/regexp.rb +0 -14
data/lib/rack/handler/cgi.rb +0 -59
data/lib/rack/handler/fastcgi.rb +0 -100
data/lib/rack/handler/lsws.rb +0 -61
data/lib/rack/handler/scgi.rb +0 -71
data/lib/rack/handler/thin.rb +0 -36
data/lib/rack/handler/webrick.rb +0 -129
data/lib/rack/handler.rb +0 -104
data/lib/rack/lobster.rb +0 -70
data/lib/rack/server.rb +0 -466
data/lib/rack/session/abstract/id.rb +0 -523
data/lib/rack/session/cookie.rb +0 -204
data/lib/rack/session/memcache.rb +0 -10
data/lib/rack/session/pool.rb +0 -85
data/rack.gemspec +0 -46

data/lib/rack/session/cookie.rb DELETED Viewed

@@ -1,204 +0,0 @@
-# frozen_string_literal: true
-require 'openssl'
-require 'zlib'
-require_relative 'abstract/id'
-require 'json'
-require 'base64'
-require 'delegate'
-module Rack
-  module Session
-    # Rack::Session::Cookie provides simple cookie based session management.
-    # By default, the session is a Ruby Hash stored as base64 encoded marshalled
-    # data set to :key (default: rack.session).  The object that encodes the
-    # session data is configurable and must respond to +encode+ and +decode+.
-    # Both methods must take a string and return a string.
-    #
-    # When the secret key is set, cookie data is checked for data integrity.
-    # The old secret key is also accepted and allows graceful secret rotation.
-    #
-    # Example:
-    #
-    #     use Rack::Session::Cookie, :key => 'rack.session',
-    #                                :domain => 'foo.com',
-    #                                :path => '/',
-    #                                :expire_after => 2592000,
-    #                                :secret => 'change_me',
-    #                                :old_secret => 'also_change_me'
-    #
-    #     All parameters are optional.
-    #
-    # Example of a cookie with no encoding:
-    #
-    #   Rack::Session::Cookie.new(application, {
-    #     :coder => Rack::Session::Cookie::Identity.new
-    #   })
-    #
-    # Example of a cookie with custom encoding:
-    #
-    #   Rack::Session::Cookie.new(application, {
-    #     :coder => Class.new {
-    #       def encode(str); str.reverse; end
-    #       def decode(str); str.reverse; end
-    #     }.new
-    #   })
-    #
-    class Cookie < Abstract::PersistedSecure
-      # Encode session cookies as Base64
-      class Base64
-        def encode(str)
-          ::Base64.strict_encode64(str)
-        end
-        def decode(str)
-          ::Base64.decode64(str)
-        end
-        # Encode session cookies as Marshaled Base64 data
-        class Marshal < Base64
-          def encode(str)
-            super(::Marshal.dump(str))
-          end
-          def decode(str)
-            return unless str
-            ::Marshal.load(super(str)) rescue nil
-          end
-        end
-        # N.B. Unlike other encoding methods, the contained objects must be a
-        # valid JSON composite type, either a Hash or an Array.
-        class JSON < Base64
-          def encode(obj)
-            super(::JSON.dump(obj))
-          end
-          def decode(str)
-            return unless str
-            ::JSON.parse(super(str)) rescue nil
-          end
-        end
-        class ZipJSON < Base64
-          def encode(obj)
-            super(Zlib::Deflate.deflate(::JSON.dump(obj)))
-          end
-          def decode(str)
-            return unless str
-            ::JSON.parse(Zlib::Inflate.inflate(super(str)))
-          rescue
-            nil
-          end
-        end
-      end
-      # Use no encoding for session cookies
-      class Identity
-        def encode(str); str; end
-        def decode(str); str; end
-      end
-      attr_reader :coder
-      def initialize(app, options = {})
-        @secrets = options.values_at(:secret, :old_secret).compact
-        @hmac = options.fetch(:hmac, OpenSSL::Digest::SHA1)
-        warn <<-MSG unless secure?(options)
-        SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
-        This poses a security threat. It is strongly recommended that you
-        provide a secret to prevent exploits that may be possible from crafted
-        cookies. This will not be supported in future versions of Rack, and
-        future versions will even invalidate your existing user cookies.
-        Called from: #{caller[0]}.
-        MSG
-        @coder = options[:coder] ||= Base64::Marshal.new
-        super(app, options.merge!(cookie_only: true))
-      end
-      private
-      def find_session(req, sid)
-        data = unpacked_cookie_data(req)
-        data = persistent_session_id!(data)
-        [data["session_id"], data]
-      end
-      def extract_session_id(request)
-        unpacked_cookie_data(request)["session_id"]
-      end
-      def unpacked_cookie_data(request)
-        request.fetch_header(RACK_SESSION_UNPACKED_COOKIE_DATA) do |k|
-          session_data = request.cookies[@key]
-          if @secrets.size > 0 && session_data
-            session_data, _, digest = session_data.rpartition('--')
-            session_data = nil unless digest_match?(session_data, digest)
-          end
-          request.set_header(k, coder.decode(session_data) || {})
-        end
-      end
-      def persistent_session_id!(data, sid = nil)
-        data ||= {}
-        data["session_id"] ||= sid || generate_sid
-        data
-      end
-      class SessionId < DelegateClass(Session::SessionId)
-        attr_reader :cookie_value
-        def initialize(session_id, cookie_value)
-          super(session_id)
-          @cookie_value = cookie_value
-        end
-      end
-      def write_session(req, session_id, session, options)
-        session = session.merge("session_id" => session_id)
-        session_data = coder.encode(session)
-        if @secrets.first
-          session_data << "--#{generate_hmac(session_data, @secrets.first)}"
-        end
-        if session_data.size > (4096 - @key.size)
-          req.get_header(RACK_ERRORS).puts("Warning! Rack::Session::Cookie data size exceeds 4K.")
-          nil
-        else
-          SessionId.new(session_id, session_data)
-        end
-      end
-      def delete_session(req, session_id, options)
-        # Nothing to do here, data is in the client
-        generate_sid unless options[:drop]
-      end
-      def digest_match?(data, digest)
-        return unless data && digest
-        @secrets.any? do |secret|
-          Rack::Utils.secure_compare(digest, generate_hmac(data, secret))
-        end
-      end
-      def generate_hmac(data, secret)
-        OpenSSL::HMAC.hexdigest(@hmac.new, secret, data)
-      end
-      def secure?(options)
-        @secrets.size >= 1 ||
-        (options[:coder] && options[:let_coder_handle_secure_encoding])
-      end
-    end
-  end
-end

data/lib/rack/session/memcache.rb DELETED Viewed

@@ -1,10 +0,0 @@
-# frozen_string_literal: true
-require 'rack/session/dalli'
-module Rack
-  module Session
-    warn "Rack::Session::Memcache is deprecated, please use Rack::Session::Dalli from 'dalli' gem instead."
-    Memcache = Dalli
-  end
-end

data/lib/rack/session/pool.rb DELETED Viewed

@@ -1,85 +0,0 @@
-# frozen_string_literal: true
-# AUTHOR: blink <blinketje@gmail.com>; blink#ruby-lang@irc.freenode.net
-# THANKS:
-#   apeiros, for session id generation, expiry setup, and threadiness
-#   sergio, threadiness and bugreps
-require_relative 'abstract/id'
-require 'thread'
-module Rack
-  module Session
-    # Rack::Session::Pool provides simple cookie based session management.
-    # Session data is stored in a hash held by @pool.
-    # In the context of a multithreaded environment, sessions being
-    # committed to the pool is done in a merging manner.
-    #
-    # The :drop option is available in rack.session.options if you wish to
-    # explicitly remove the session from the session cache.
-    #
-    # Example:
-    #   myapp = MyRackApp.new
-    #   sessioned = Rack::Session::Pool.new(myapp,
-    #     :domain => 'foo.com',
-    #     :expire_after => 2592000
-    #   )
-    #   Rack::Handler::WEBrick.run sessioned
-    class Pool < Abstract::PersistedSecure
-      attr_reader :mutex, :pool
-      DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.merge drop: false
-      def initialize(app, options = {})
-        super
-        @pool = Hash.new
-        @mutex = Mutex.new
-      end
-      def generate_sid
-        loop do
-          sid = super
-          break sid unless @pool.key? sid.private_id
-        end
-      end
-      def find_session(req, sid)
-        with_lock(req) do
-          unless sid and session = get_session_with_fallback(sid)
-            sid, session = generate_sid, {}
-            @pool.store sid.private_id, session
-          end
-          [sid, session]
-        end
-      end
-      def write_session(req, session_id, new_session, options)
-        with_lock(req) do
-          @pool.store session_id.private_id, new_session
-          session_id
-        end
-      end
-      def delete_session(req, session_id, options)
-        with_lock(req) do
-          @pool.delete(session_id.public_id)
-          @pool.delete(session_id.private_id)
-          generate_sid unless options[:drop]
-        end
-      end
-      def with_lock(req)
-        @mutex.lock if req.multithread?
-        yield
-      ensure
-        @mutex.unlock if @mutex.locked?
-      end
-      private
-      def get_session_with_fallback(sid)
-        @pool[sid.private_id] || @pool[sid.public_id]
-      end
-    end
-  end
-end

data/rack.gemspec DELETED Viewed

@@ -1,46 +0,0 @@
-# frozen_string_literal: true
-require_relative 'lib/rack/version'
-Gem::Specification.new do |s|
-  s.name = "rack"
-  s.version = Rack::RELEASE
-  s.platform = Gem::Platform::RUBY
-  s.summary = "A modular Ruby webserver interface."
-  s.license = "MIT"
-  s.description = <<~EOF
-    Rack provides a minimal, modular and adaptable interface for developing
-    web applications in Ruby. By wrapping HTTP requests and responses in
-    the simplest way possible, it unifies and distills the API for web
-    servers, web frameworks, and software in between (the so-called
-    middleware) into a single method call.
-  EOF
-  s.files = Dir['{bin/*,contrib/*,example/*,lib/**/*}'] +
-    %w(MIT-LICENSE rack.gemspec Rakefile README.rdoc SPEC.rdoc)
-  s.bindir = 'bin'
-  s.executables << 'rackup'
-  s.require_path = 'lib'
-  s.extra_rdoc_files = ['README.rdoc', 'CHANGELOG.md', 'CONTRIBUTING.md']
-  s.author = 'Leah Neukirchen'
-  s.email = 'leah@vuxu.org'
-  s.homepage = 'https://github.com/rack/rack'
-  s.required_ruby_version = '>= 2.3.0'
-  s.metadata = {
-    "bug_tracker_uri" => "https://github.com/rack/rack/issues",
-    "changelog_uri" => "https://github.com/rack/rack/blob/master/CHANGELOG.md",
-    "documentation_uri" => "https://rubydoc.info/github/rack/rack",
-    "source_code_uri"   => "https://github.com/rack/rack"
-  }
-  s.add_development_dependency 'minitest', "~> 5.0"
-  s.add_development_dependency 'minitest-sprint'
-  s.add_development_dependency 'minitest-global_expectations'
-  s.add_development_dependency 'rake'
-end