rack 2.2.9 → 3.1.7

data/lib/rack/session/cookie.rb

@@ -1,204 +0,0 @@
-# frozen_string_literal: true
-
-require 'openssl'
-require 'zlib'
-require_relative 'abstract/id'
-require 'json'
-require 'base64'
-require 'delegate'
-
-module Rack
-
-  module Session
-
-    # Rack::Session::Cookie provides simple cookie based session management.
-    # By default, the session is a Ruby Hash stored as base64 encoded marshalled
-    # data set to :key (default: rack.session).  The object that encodes the
-    # session data is configurable and must respond to +encode+ and +decode+.
-    # Both methods must take a string and return a string.
-    #
-    # When the secret key is set, cookie data is checked for data integrity.
-    # The old secret key is also accepted and allows graceful secret rotation.
-    #
-    # Example:
-    #
-    #     use Rack::Session::Cookie, :key => 'rack.session',
-    #                                :domain => 'foo.com',
-    #                                :path => '/',
-    #                                :expire_after => 2592000,
-    #                                :secret => 'change_me',
-    #                                :old_secret => 'also_change_me'
-    #
-    #     All parameters are optional.
-    #
-    # Example of a cookie with no encoding:
-    #
-    #   Rack::Session::Cookie.new(application, {
-    #     :coder => Rack::Session::Cookie::Identity.new
-    #   })
-    #
-    # Example of a cookie with custom encoding:
-    #
-    #   Rack::Session::Cookie.new(application, {
-    #     :coder => Class.new {
-    #       def encode(str); str.reverse; end
-    #       def decode(str); str.reverse; end
-    #     }.new
-    #   })
-    #
-
-    class Cookie < Abstract::PersistedSecure
-      # Encode session cookies as Base64
-      class Base64
-        def encode(str)
-          ::Base64.strict_encode64(str)
-        end
-
-        def decode(str)
-          ::Base64.decode64(str)
-        end
-
-        # Encode session cookies as Marshaled Base64 data
-        class Marshal < Base64
-          def encode(str)
-            super(::Marshal.dump(str))
-          end
-
-          def decode(str)
-            return unless str
-            ::Marshal.load(super(str)) rescue nil
-          end
-        end
-
-        # N.B. Unlike other encoding methods, the contained objects must be a
-        # valid JSON composite type, either a Hash or an Array.
-        class JSON < Base64
-          def encode(obj)
-            super(::JSON.dump(obj))
-          end
-
-          def decode(str)
-            return unless str
-            ::JSON.parse(super(str)) rescue nil
-          end
-        end
-
-        class ZipJSON < Base64
-          def encode(obj)
-            super(Zlib::Deflate.deflate(::JSON.dump(obj)))
-          end
-
-          def decode(str)
-            return unless str
-            ::JSON.parse(Zlib::Inflate.inflate(super(str)))
-          rescue
-            nil
-          end
-        end
-      end
-
-      # Use no encoding for session cookies
-      class Identity
-        def encode(str); str; end
-        def decode(str); str; end
-      end
-
-      attr_reader :coder
-
-      def initialize(app, options = {})
-        @secrets = options.values_at(:secret, :old_secret).compact
-        @hmac = options.fetch(:hmac, OpenSSL::Digest::SHA1)
-
-        warn <<-MSG unless secure?(options)
-        SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
-        This poses a security threat. It is strongly recommended that you
-        provide a secret to prevent exploits that may be possible from crafted
-        cookies. This will not be supported in future versions of Rack, and
-        future versions will even invalidate your existing user cookies.
-
-        Called from: #{caller[0]}.
-        MSG
-        @coder = options[:coder] ||= Base64::Marshal.new
-        super(app, options.merge!(cookie_only: true))
-      end
-
-      private
-
-      def find_session(req, sid)
-        data = unpacked_cookie_data(req)
-        data = persistent_session_id!(data)
-        [data["session_id"], data]
-      end
-
-      def extract_session_id(request)
-        unpacked_cookie_data(request)["session_id"]
-      end
-
-      def unpacked_cookie_data(request)
-        request.fetch_header(RACK_SESSION_UNPACKED_COOKIE_DATA) do |k|
-          session_data = request.cookies[@key]
-
-          if @secrets.size > 0 && session_data
-            session_data, _, digest = session_data.rpartition('--')
-            session_data = nil unless digest_match?(session_data, digest)
-          end
-
-          request.set_header(k, coder.decode(session_data) || {})
-        end
-      end
-
-      def persistent_session_id!(data, sid = nil)
-        data ||= {}
-        data["session_id"] ||= sid || generate_sid
-        data
-      end
-
-      class SessionId < DelegateClass(Session::SessionId)
-        attr_reader :cookie_value
-
-        def initialize(session_id, cookie_value)
-          super(session_id)
-          @cookie_value = cookie_value
-        end
-      end
-
-      def write_session(req, session_id, session, options)
-        session = session.merge("session_id" => session_id)
-        session_data = coder.encode(session)
-
-        if @secrets.first
-          session_data << "--#{generate_hmac(session_data, @secrets.first)}"
-        end
-
-        if session_data.size > (4096 - @key.size)
-          req.get_header(RACK_ERRORS).puts("Warning! Rack::Session::Cookie data size exceeds 4K.")
-          nil
-        else
-          SessionId.new(session_id, session_data)
-        end
-      end
-
-      def delete_session(req, session_id, options)
-        # Nothing to do here, data is in the client
-        generate_sid unless options[:drop]
-      end
-
-      def digest_match?(data, digest)
-        return unless data && digest
-        @secrets.any? do |secret|
-          Rack::Utils.secure_compare(digest, generate_hmac(data, secret))
-        end
-      end
-
-      def generate_hmac(data, secret)
-        OpenSSL::HMAC.hexdigest(@hmac.new, secret, data)
-      end
-
-      def secure?(options)
-        @secrets.size >= 1 ||
-        (options[:coder] && options[:let_coder_handle_secure_encoding])
-      end
-
-    end
-  end
-end

data/lib/rack/session/memcache.rb

@@ -1,10 +0,0 @@
-# frozen_string_literal: true
-
-require 'rack/session/dalli'
-
-module Rack
-  module Session
-    warn "Rack::Session::Memcache is deprecated, please use Rack::Session::Dalli from 'dalli' gem instead."
-    Memcache = Dalli
-  end
-end

data/lib/rack/session/pool.rb

@@ -1,85 +0,0 @@
-# frozen_string_literal: true
-
-# AUTHOR: blink <blinketje@gmail.com>; blink#ruby-lang@irc.freenode.net
-# THANKS:
-#   apeiros, for session id generation, expiry setup, and threadiness
-#   sergio, threadiness and bugreps
-
-require_relative 'abstract/id'
-require 'thread'
-
-module Rack
-  module Session
-    # Rack::Session::Pool provides simple cookie based session management.
-    # Session data is stored in a hash held by @pool.
-    # In the context of a multithreaded environment, sessions being
-    # committed to the pool is done in a merging manner.
-    #
-    # The :drop option is available in rack.session.options if you wish to
-    # explicitly remove the session from the session cache.
-    #
-    # Example:
-    #   myapp = MyRackApp.new
-    #   sessioned = Rack::Session::Pool.new(myapp,
-    #     :domain => 'foo.com',
-    #     :expire_after => 2592000
-    #   )
-    #   Rack::Handler::WEBrick.run sessioned
-
-    class Pool < Abstract::PersistedSecure
-      attr_reader :mutex, :pool
-      DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.merge drop: false
-
-      def initialize(app, options = {})
-        super
-        @pool = Hash.new
-        @mutex = Mutex.new
-      end
-
-      def generate_sid
-        loop do
-          sid = super
-          break sid unless @pool.key? sid.private_id
-        end
-      end
-
-      def find_session(req, sid)
-        with_lock(req) do
-          unless sid and session = get_session_with_fallback(sid)
-            sid, session = generate_sid, {}
-            @pool.store sid.private_id, session
-          end
-          [sid, session]
-        end
-      end
-
-      def write_session(req, session_id, new_session, options)
-        with_lock(req) do
-          @pool.store session_id.private_id, new_session
-          session_id
-        end
-      end
-
-      def delete_session(req, session_id, options)
-        with_lock(req) do
-          @pool.delete(session_id.public_id)
-          @pool.delete(session_id.private_id)
-          generate_sid unless options[:drop]
-        end
-      end
-
-      def with_lock(req)
-        @mutex.lock if req.multithread?
-        yield
-      ensure
-        @mutex.unlock if @mutex.locked?
-      end
-
-      private
-
-      def get_session_with_fallback(sid)
-        @pool[sid.private_id] || @pool[sid.public_id]
-      end
-    end
-  end
-end

data/rack.gemspec

@@ -1,46 +0,0 @@
-# frozen_string_literal: true
-
-require_relative 'lib/rack/version'
-
-Gem::Specification.new do |s|
-  s.name = "rack"
-  s.version = Rack::RELEASE
-  s.platform = Gem::Platform::RUBY
-  s.summary = "A modular Ruby webserver interface."
-  s.license = "MIT"
-
-  s.description = <<~EOF
-    Rack provides a minimal, modular and adaptable interface for developing
-    web applications in Ruby. By wrapping HTTP requests and responses in
-    the simplest way possible, it unifies and distills the API for web
-    servers, web frameworks, and software in between (the so-called
-    middleware) into a single method call.
-  EOF
-
-  s.files = Dir['{bin/*,contrib/*,example/*,lib/**/*}'] +
-    %w(MIT-LICENSE rack.gemspec Rakefile README.rdoc SPEC.rdoc)
-
-  s.bindir = 'bin'
-  s.executables << 'rackup'
-  s.require_path = 'lib'
-  s.extra_rdoc_files = ['README.rdoc', 'CHANGELOG.md', 'CONTRIBUTING.md']
-
-  s.author = 'Leah Neukirchen'
-  s.email = 'leah@vuxu.org'
-
-  s.homepage = 'https://github.com/rack/rack'
-
-  s.required_ruby_version = '>= 2.3.0'
-
-  s.metadata = {
-    "bug_tracker_uri" => "https://github.com/rack/rack/issues",
-    "changelog_uri" => "https://github.com/rack/rack/blob/master/CHANGELOG.md",
-    "documentation_uri" => "https://rubydoc.info/github/rack/rack",
-    "source_code_uri"   => "https://github.com/rack/rack"
-  }
-
-  s.add_development_dependency 'minitest', "~> 5.0"
-  s.add_development_dependency 'minitest-sprint'
-  s.add_development_dependency 'minitest-global_expectations'
-  s.add_development_dependency 'rake'
-end