rack 2.2.9 → 3.1.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (86) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +330 -88
  3. data/CONTRIBUTING.md +63 -55
  4. data/MIT-LICENSE +1 -1
  5. data/README.md +328 -0
  6. data/SPEC.rdoc +204 -131
  7. data/lib/rack/auth/abstract/handler.rb +3 -1
  8. data/lib/rack/auth/abstract/request.rb +3 -1
  9. data/lib/rack/auth/basic.rb +1 -4
  10. data/lib/rack/bad_request.rb +8 -0
  11. data/lib/rack/body_proxy.rb +21 -3
  12. data/lib/rack/builder.rb +102 -69
  13. data/lib/rack/cascade.rb +2 -3
  14. data/lib/rack/common_logger.rb +23 -18
  15. data/lib/rack/conditional_get.rb +18 -15
  16. data/lib/rack/constants.rb +67 -0
  17. data/lib/rack/content_length.rb +12 -16
  18. data/lib/rack/content_type.rb +8 -5
  19. data/lib/rack/deflater.rb +40 -26
  20. data/lib/rack/directory.rb +9 -3
  21. data/lib/rack/etag.rb +14 -23
  22. data/lib/rack/events.rb +4 -0
  23. data/lib/rack/files.rb +15 -17
  24. data/lib/rack/head.rb +9 -8
  25. data/lib/rack/headers.rb +238 -0
  26. data/lib/rack/lint.rb +840 -644
  27. data/lib/rack/lock.rb +2 -5
  28. data/lib/rack/logger.rb +3 -0
  29. data/lib/rack/method_override.rb +5 -1
  30. data/lib/rack/mime.rb +14 -5
  31. data/lib/rack/mock.rb +1 -271
  32. data/lib/rack/mock_request.rb +161 -0
  33. data/lib/rack/mock_response.rb +124 -0
  34. data/lib/rack/multipart/generator.rb +7 -5
  35. data/lib/rack/multipart/parser.rb +213 -95
  36. data/lib/rack/multipart/uploaded_file.rb +4 -0
  37. data/lib/rack/multipart.rb +53 -40
  38. data/lib/rack/null_logger.rb +9 -0
  39. data/lib/rack/query_parser.rb +81 -102
  40. data/lib/rack/recursive.rb +2 -0
  41. data/lib/rack/reloader.rb +0 -2
  42. data/lib/rack/request.rb +260 -123
  43. data/lib/rack/response.rb +151 -66
  44. data/lib/rack/rewindable_input.rb +24 -5
  45. data/lib/rack/runtime.rb +7 -6
  46. data/lib/rack/sendfile.rb +30 -25
  47. data/lib/rack/show_exceptions.rb +21 -4
  48. data/lib/rack/show_status.rb +17 -7
  49. data/lib/rack/static.rb +8 -8
  50. data/lib/rack/tempfile_reaper.rb +15 -4
  51. data/lib/rack/urlmap.rb +3 -1
  52. data/lib/rack/utils.rb +232 -233
  53. data/lib/rack/version.rb +1 -9
  54. data/lib/rack.rb +13 -89
  55. metadata +15 -41
  56. data/README.rdoc +0 -320
  57. data/Rakefile +0 -130
  58. data/bin/rackup +0 -5
  59. data/contrib/rack.png +0 -0
  60. data/contrib/rack.svg +0 -150
  61. data/contrib/rack_logo.svg +0 -164
  62. data/contrib/rdoc.css +0 -412
  63. data/example/lobster.ru +0 -6
  64. data/example/protectedlobster.rb +0 -16
  65. data/example/protectedlobster.ru +0 -10
  66. data/lib/rack/auth/digest/md5.rb +0 -131
  67. data/lib/rack/auth/digest/nonce.rb +0 -54
  68. data/lib/rack/auth/digest/params.rb +0 -54
  69. data/lib/rack/auth/digest/request.rb +0 -43
  70. data/lib/rack/chunked.rb +0 -117
  71. data/lib/rack/core_ext/regexp.rb +0 -14
  72. data/lib/rack/file.rb +0 -7
  73. data/lib/rack/handler/cgi.rb +0 -59
  74. data/lib/rack/handler/fastcgi.rb +0 -100
  75. data/lib/rack/handler/lsws.rb +0 -61
  76. data/lib/rack/handler/scgi.rb +0 -71
  77. data/lib/rack/handler/thin.rb +0 -36
  78. data/lib/rack/handler/webrick.rb +0 -129
  79. data/lib/rack/handler.rb +0 -104
  80. data/lib/rack/lobster.rb +0 -70
  81. data/lib/rack/server.rb +0 -466
  82. data/lib/rack/session/abstract/id.rb +0 -523
  83. data/lib/rack/session/cookie.rb +0 -204
  84. data/lib/rack/session/memcache.rb +0 -10
  85. data/lib/rack/session/pool.rb +0 -85
  86. data/rack.gemspec +0 -46
data/lib/rack/lint.rb CHANGED
@@ -1,795 +1,991 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'forwardable'
4
+ require 'uri'
5
+
6
+ require_relative 'constants'
7
+ require_relative 'utils'
4
8
 
5
9
  module Rack
6
10
  # Rack::Lint validates your application and the requests and
7
11
  # responses according to the Rack spec.
8
12
 
9
13
  class Lint
14
+ REQUEST_PATH_ORIGIN_FORM = /\A\/[^#]*\z/
15
+ REQUEST_PATH_ABSOLUTE_FORM = /\A#{URI::DEFAULT_PARSER.make_regexp}\z/
16
+ REQUEST_PATH_AUTHORITY_FORM = /\A[^\/:]+:\d+\z/
17
+ REQUEST_PATH_ASTERISK_FORM = '*'
18
+
10
19
  def initialize(app)
11
20
  @app = app
12
- @content_length = nil
13
21
  end
14
22
 
15
23
  # :stopdoc:
16
24
 
17
25
  class LintError < RuntimeError; end
18
- module Assertion
19
- def assert(message)
20
- unless yield
21
- raise LintError, message
22
- end
23
- end
24
- end
25
- include Assertion
26
-
27
- ## This specification aims to formalize the Rack protocol. You
26
+ # AUTHORS: n.b. The trailing whitespace between paragraphs is important and
27
+ # should not be removed. The whitespace creates paragraphs in the RDoc
28
+ # output.
29
+ #
30
+ ## This specification aims to formalize the Rack protocol. You
28
31
  ## can (and should) use Rack::Lint to enforce it.
29
32
  ##
30
33
  ## When you develop middleware, be sure to add a Lint before and
31
34
  ## after to catch all mistakes.
32
-
35
+ ##
33
36
  ## = Rack applications
34
-
37
+ ##
35
38
  ## A Rack application is a Ruby object (not a class) that
36
39
  ## responds to +call+.
37
40
  def call(env = nil)
38
- dup._call(env)
41
+ Wrapper.new(@app, env).response
39
42
  end
40
43
 
41
- def _call(env)
42
- ## It takes exactly one argument, the *environment*
43
- raise LintError, "No env given" unless env
44
- check_env env
44
+ class Wrapper
45
+ def initialize(app, env)
46
+ @app = app
47
+ @env = env
48
+ @response = nil
49
+ @head_request = false
45
50
 
46
- env[RACK_INPUT] = InputWrapper.new(env[RACK_INPUT])
47
- env[RACK_ERRORS] = ErrorWrapper.new(env[RACK_ERRORS])
51
+ @status = nil
52
+ @headers = nil
53
+ @body = nil
54
+ @invoked = nil
55
+ @content_length = nil
56
+ @closed = false
57
+ @size = 0
58
+ end
48
59
 
49
- ## and returns an Array of exactly three values:
50
- ary = @app.call(env)
51
- raise LintError, "response is not an Array, but #{ary.class}" unless ary.kind_of? Array
52
- raise LintError, "response array has #{ary.size} elements instead of 3" unless ary.size == 3
60
+ def response
61
+ ## It takes exactly one argument, the *environment*
62
+ raise LintError, "No env given" unless @env
63
+ check_environment(@env)
53
64
 
54
- status, headers, @body = ary
55
- ## The *status*,
56
- check_status status
57
- ## the *headers*,
58
- check_headers headers
65
+ ## and returns a non-frozen Array of exactly three values:
66
+ @response = @app.call(@env)
67
+ raise LintError, "response is not an Array, but #{@response.class}" unless @response.kind_of? Array
68
+ raise LintError, "response is frozen" if @response.frozen?
69
+ raise LintError, "response array has #{@response.size} elements instead of 3" unless @response.size == 3
59
70
 
60
- hijack_proc = check_hijack_response headers, env
61
- if hijack_proc && headers.is_a?(Hash)
62
- headers[RACK_HIJACK] = hijack_proc
63
- end
71
+ @status, @headers, @body = @response
72
+ ## The *status*,
73
+ check_status(@status)
64
74
 
65
- ## and the *body*.
66
- check_content_type status, headers
67
- check_content_length status, headers
68
- @head_request = env[REQUEST_METHOD] == HEAD
69
- [status, headers, self]
70
- end
75
+ ## the *headers*,
76
+ check_headers(@headers)
71
77
 
72
- ## == The Environment
73
- def check_env(env)
74
- ## The environment must be an unfrozen instance of Hash that includes
75
- ## CGI-like headers. The application is free to modify the
76
- ## environment.
77
- raise LintError, "env #{env.inspect} is not a Hash, but #{env.class}" unless env.kind_of? Hash
78
- raise LintError, "env should not be frozen, but is" if env.frozen?
79
-
80
- ##
81
- ## The environment is required to include these variables
82
- ## (adopted from PEP333), except when they'd be empty, but see
83
- ## below.
84
-
85
- ## <tt>REQUEST_METHOD</tt>:: The HTTP request method, such as
86
- ## "GET" or "POST". This cannot ever
87
- ## be an empty string, and so is
88
- ## always required.
89
-
90
- ## <tt>SCRIPT_NAME</tt>:: The initial portion of the request
91
- ## URL's "path" that corresponds to the
92
- ## application object, so that the
93
- ## application knows its virtual
94
- ## "location". This may be an empty
95
- ## string, if the application corresponds
96
- ## to the "root" of the server.
97
-
98
- ## <tt>PATH_INFO</tt>:: The remainder of the request URL's
99
- ## "path", designating the virtual
100
- ## "location" of the request's target
101
- ## within the application. This may be an
102
- ## empty string, if the request URL targets
103
- ## the application root and does not have a
104
- ## trailing slash. This value may be
105
- ## percent-encoded when originating from
106
- ## a URL.
107
-
108
- ## <tt>QUERY_STRING</tt>:: The portion of the request URL that
109
- ## follows the <tt>?</tt>, if any. May be
110
- ## empty, but is always required!
111
-
112
- ## <tt>SERVER_NAME</tt>:: When combined with <tt>SCRIPT_NAME</tt> and
113
- ## <tt>PATH_INFO</tt>, these variables can be
114
- ## used to complete the URL. Note, however,
115
- ## that <tt>HTTP_HOST</tt>, if present,
116
- ## should be used in preference to
117
- ## <tt>SERVER_NAME</tt> for reconstructing
118
- ## the request URL.
119
- ## <tt>SERVER_NAME</tt> can never be an empty
120
- ## string, and so is always required.
121
-
122
- ## <tt>SERVER_PORT</tt>:: An optional +Integer+ which is the port the
123
- ## server is running on. Should be specified if
124
- ## the server is running on a non-standard port.
125
-
126
- ## <tt>HTTP_</tt> Variables:: Variables corresponding to the
127
- ## client-supplied HTTP request
128
- ## headers (i.e., variables whose
129
- ## names begin with <tt>HTTP_</tt>). The
130
- ## presence or absence of these
131
- ## variables should correspond with
132
- ## the presence or absence of the
133
- ## appropriate HTTP header in the
134
- ## request. See
135
- ## {RFC3875 section 4.1.18}[https://tools.ietf.org/html/rfc3875#section-4.1.18]
136
- ## for specific behavior.
137
-
138
- ## In addition to this, the Rack environment must include these
139
- ## Rack-specific variables:
140
-
141
- ## <tt>rack.version</tt>:: The Array representing this version of Rack
142
- ## See Rack::VERSION, that corresponds to
143
- ## the version of this SPEC.
144
-
145
- ## <tt>rack.url_scheme</tt>:: +http+ or +https+, depending on the
146
- ## request URL.
147
-
148
- ## <tt>rack.input</tt>:: See below, the input stream.
149
-
150
- ## <tt>rack.errors</tt>:: See below, the error stream.
151
-
152
- ## <tt>rack.multithread</tt>:: true if the application object may be
153
- ## simultaneously invoked by another thread
154
- ## in the same process, false otherwise.
155
-
156
- ## <tt>rack.multiprocess</tt>:: true if an equivalent application object
157
- ## may be simultaneously invoked by another
158
- ## process, false otherwise.
159
-
160
- ## <tt>rack.run_once</tt>:: true if the server expects
161
- ## (but does not guarantee!) that the
162
- ## application will only be invoked this one
163
- ## time during the life of its containing
164
- ## process. Normally, this will only be true
165
- ## for a server based on CGI
166
- ## (or something similar).
167
-
168
- ## <tt>rack.hijack?</tt>:: present and true if the server supports
169
- ## connection hijacking. See below, hijacking.
170
-
171
- ## <tt>rack.hijack</tt>:: an object responding to #call that must be
172
- ## called at least once before using
173
- ## rack.hijack_io.
174
- ## It is recommended #call return rack.hijack_io
175
- ## as well as setting it in env if necessary.
176
-
177
- ## <tt>rack.hijack_io</tt>:: if rack.hijack? is true, and rack.hijack
178
- ## has received #call, this will contain
179
- ## an object resembling an IO. See hijacking.
180
-
181
- ## Additional environment specifications have approved to
182
- ## standardized middleware APIs. None of these are required to
183
- ## be implemented by the server.
184
-
185
- ## <tt>rack.session</tt>:: A hash like interface for storing
186
- ## request session data.
187
- ## The store must implement:
188
- if session = env[RACK_SESSION]
189
- ## store(key, value) (aliased as []=);
190
- unless session.respond_to?(:store) && session.respond_to?(:[]=)
191
- raise LintError, "session #{session.inspect} must respond to store and []="
192
- end
193
-
194
- ## fetch(key, default = nil) (aliased as []);
195
- unless session.respond_to?(:fetch) && session.respond_to?(:[])
196
- raise LintError, "session #{session.inspect} must respond to fetch and []"
197
- end
198
-
199
- ## delete(key);
200
- unless session.respond_to?(:delete)
201
- raise LintError, "session #{session.inspect} must respond to delete"
202
- end
203
-
204
- ## clear;
205
- unless session.respond_to?(:clear)
206
- raise LintError, "session #{session.inspect} must respond to clear"
78
+ hijack_proc = check_hijack_response(@headers, @env)
79
+ if hijack_proc
80
+ @headers[RACK_HIJACK] = hijack_proc
207
81
  end
208
-
209
- ## to_hash (returning unfrozen Hash instance);
210
- unless session.respond_to?(:to_hash) && session.to_hash.kind_of?(Hash) && !session.to_hash.frozen?
211
- raise LintError, "session #{session.inspect} must respond to to_hash and return unfrozen Hash instance"
82
+
83
+ ## and the *body*.
84
+ check_content_type_header(@status, @headers)
85
+ check_content_length_header(@status, @headers)
86
+ check_rack_protocol_header(@status, @headers)
87
+ @head_request = @env[REQUEST_METHOD] == HEAD
88
+
89
+ @lint = (@env['rack.lint'] ||= []) << self
90
+
91
+ if (@env['rack.lint.body_iteration'] ||= 0) > 0
92
+ raise LintError, "Middleware must not call #each directly"
212
93
  end
94
+
95
+ return [@status, @headers, self]
213
96
  end
214
97
 
215
- ## <tt>rack.logger</tt>:: A common object interface for logging messages.
216
- ## The object must implement:
217
- if logger = env[RACK_LOGGER]
218
- ## info(message, &block)
219
- unless logger.respond_to?(:info)
220
- raise LintError, "logger #{logger.inspect} must respond to info"
98
+ ##
99
+ ## == The Environment
100
+ ##
101
+ def check_environment(env)
102
+ ## The environment must be an unfrozen instance of Hash that includes
103
+ ## CGI-like headers. The Rack application is free to modify the
104
+ ## environment.
105
+ raise LintError, "env #{env.inspect} is not a Hash, but #{env.class}" unless env.kind_of? Hash
106
+ raise LintError, "env should not be frozen, but is" if env.frozen?
107
+
108
+ ##
109
+ ## The environment is required to include these variables
110
+ ## (adopted from {PEP 333}[https://peps.python.org/pep-0333/]), except when they'd be empty, but see
111
+ ## below.
112
+
113
+ ## <tt>REQUEST_METHOD</tt>:: The HTTP request method, such as
114
+ ## "GET" or "POST". This cannot ever
115
+ ## be an empty string, and so is
116
+ ## always required.
117
+
118
+ ## <tt>SCRIPT_NAME</tt>:: The initial portion of the request
119
+ ## URL's "path" that corresponds to the
120
+ ## application object, so that the
121
+ ## application knows its virtual
122
+ ## "location". This may be an empty
123
+ ## string, if the application corresponds
124
+ ## to the "root" of the server.
125
+
126
+ ## <tt>PATH_INFO</tt>:: The remainder of the request URL's
127
+ ## "path", designating the virtual
128
+ ## "location" of the request's target
129
+ ## within the application. This may be an
130
+ ## empty string, if the request URL targets
131
+ ## the application root and does not have a
132
+ ## trailing slash. This value may be
133
+ ## percent-encoded when originating from
134
+ ## a URL.
135
+
136
+ ## <tt>QUERY_STRING</tt>:: The portion of the request URL that
137
+ ## follows the <tt>?</tt>, if any. May be
138
+ ## empty, but is always required!
139
+
140
+ ## <tt>SERVER_NAME</tt>:: When combined with <tt>SCRIPT_NAME</tt> and
141
+ ## <tt>PATH_INFO</tt>, these variables can be
142
+ ## used to complete the URL. Note, however,
143
+ ## that <tt>HTTP_HOST</tt>, if present,
144
+ ## should be used in preference to
145
+ ## <tt>SERVER_NAME</tt> for reconstructing
146
+ ## the request URL.
147
+ ## <tt>SERVER_NAME</tt> can never be an empty
148
+ ## string, and so is always required.
149
+
150
+ ## <tt>SERVER_PORT</tt>:: An optional +Integer+ which is the port the
151
+ ## server is running on. Should be specified if
152
+ ## the server is running on a non-standard port.
153
+
154
+ ## <tt>SERVER_PROTOCOL</tt>:: A string representing the HTTP version used
155
+ ## for the request.
156
+
157
+ ## <tt>HTTP_</tt> Variables:: Variables corresponding to the
158
+ ## client-supplied HTTP request
159
+ ## headers (i.e., variables whose
160
+ ## names begin with <tt>HTTP_</tt>). The
161
+ ## presence or absence of these
162
+ ## variables should correspond with
163
+ ## the presence or absence of the
164
+ ## appropriate HTTP header in the
165
+ ## request. See
166
+ ## {RFC3875 section 4.1.18}[https://tools.ietf.org/html/rfc3875#section-4.1.18]
167
+ ## for specific behavior.
168
+
169
+ ## In addition to this, the Rack environment must include these
170
+ ## Rack-specific variables:
171
+
172
+ ## <tt>rack.url_scheme</tt>:: +http+ or +https+, depending on the
173
+ ## request URL.
174
+
175
+ ## <tt>rack.input</tt>:: See below, the input stream.
176
+
177
+ ## <tt>rack.errors</tt>:: See below, the error stream.
178
+
179
+ ## <tt>rack.hijack?</tt>:: See below, if present and true, indicates
180
+ ## that the server supports partial hijacking.
181
+
182
+ ## <tt>rack.hijack</tt>:: See below, if present, an object responding
183
+ ## to +call+ that is used to perform a full
184
+ ## hijack.
185
+
186
+ ## <tt>rack.protocol</tt>:: An optional +Array+ of +String+, containing
187
+ ## the protocols advertised by the client in
188
+ ## the +upgrade+ header (HTTP/1) or the
189
+ ## +:protocol+ pseudo-header (HTTP/2).
190
+ if protocols = @env['rack.protocol']
191
+ unless protocols.is_a?(Array) && protocols.all?{|protocol| protocol.is_a?(String)}
192
+ raise LintError, "rack.protocol must be an Array of Strings"
193
+ end
221
194
  end
222
195
 
223
- ## debug(message, &block)
224
- unless logger.respond_to?(:debug)
225
- raise LintError, "logger #{logger.inspect} must respond to debug"
196
+ ## Additional environment specifications have approved to
197
+ ## standardized middleware APIs. None of these are required to
198
+ ## be implemented by the server.
199
+
200
+ ## <tt>rack.session</tt>:: A hash-like interface for storing
201
+ ## request session data.
202
+ ## The store must implement:
203
+ if session = env[RACK_SESSION]
204
+ ## store(key, value) (aliased as []=);
205
+ unless session.respond_to?(:store) && session.respond_to?(:[]=)
206
+ raise LintError, "session #{session.inspect} must respond to store and []="
207
+ end
208
+
209
+ ## fetch(key, default = nil) (aliased as []);
210
+ unless session.respond_to?(:fetch) && session.respond_to?(:[])
211
+ raise LintError, "session #{session.inspect} must respond to fetch and []"
212
+ end
213
+
214
+ ## delete(key);
215
+ unless session.respond_to?(:delete)
216
+ raise LintError, "session #{session.inspect} must respond to delete"
217
+ end
218
+
219
+ ## clear;
220
+ unless session.respond_to?(:clear)
221
+ raise LintError, "session #{session.inspect} must respond to clear"
222
+ end
223
+
224
+ ## to_hash (returning unfrozen Hash instance);
225
+ unless session.respond_to?(:to_hash) && session.to_hash.kind_of?(Hash) && !session.to_hash.frozen?
226
+ raise LintError, "session #{session.inspect} must respond to to_hash and return unfrozen Hash instance"
227
+ end
226
228
  end
227
229
 
228
- ## warn(message, &block)
229
- unless logger.respond_to?(:warn)
230
- raise LintError, "logger #{logger.inspect} must respond to warn"
230
+ ## <tt>rack.logger</tt>:: A common object interface for logging messages.
231
+ ## The object must implement:
232
+ if logger = env[RACK_LOGGER]
233
+ ## info(message, &block)
234
+ unless logger.respond_to?(:info)
235
+ raise LintError, "logger #{logger.inspect} must respond to info"
236
+ end
237
+
238
+ ## debug(message, &block)
239
+ unless logger.respond_to?(:debug)
240
+ raise LintError, "logger #{logger.inspect} must respond to debug"
241
+ end
242
+
243
+ ## warn(message, &block)
244
+ unless logger.respond_to?(:warn)
245
+ raise LintError, "logger #{logger.inspect} must respond to warn"
246
+ end
247
+
248
+ ## error(message, &block)
249
+ unless logger.respond_to?(:error)
250
+ raise LintError, "logger #{logger.inspect} must respond to error"
251
+ end
252
+
253
+ ## fatal(message, &block)
254
+ unless logger.respond_to?(:fatal)
255
+ raise LintError, "logger #{logger.inspect} must respond to fatal"
256
+ end
231
257
  end
232
258
 
233
- ## error(message, &block)
234
- unless logger.respond_to?(:error)
235
- raise LintError, "logger #{logger.inspect} must respond to error"
259
+ ## <tt>rack.multipart.buffer_size</tt>:: An Integer hint to the multipart parser as to what chunk size to use for reads and writes.
260
+ if bufsize = env[RACK_MULTIPART_BUFFER_SIZE]
261
+ unless bufsize.is_a?(Integer) && bufsize > 0
262
+ raise LintError, "rack.multipart.buffer_size must be an Integer > 0 if specified"
263
+ end
236
264
  end
237
265
 
238
- ## fatal(message, &block)
239
- unless logger.respond_to?(:fatal)
240
- raise LintError, "logger #{logger.inspect} must respond to fatal"
266
+ ## <tt>rack.multipart.tempfile_factory</tt>:: An object responding to #call with two arguments, the filename and content_type given for the multipart form field, and returning an IO-like object that responds to #<< and optionally #rewind. This factory will be used to instantiate the tempfile for each multipart form file upload field, rather than the default class of Tempfile.
267
+ if tempfile_factory = env[RACK_MULTIPART_TEMPFILE_FACTORY]
268
+ raise LintError, "rack.multipart.tempfile_factory must respond to #call" unless tempfile_factory.respond_to?(:call)
269
+ env[RACK_MULTIPART_TEMPFILE_FACTORY] = lambda do |filename, content_type|
270
+ io = tempfile_factory.call(filename, content_type)
271
+ raise LintError, "rack.multipart.tempfile_factory return value must respond to #<<" unless io.respond_to?(:<<)
272
+ io
273
+ end
241
274
  end
242
- end
243
275
 
244
- ## <tt>rack.multipart.buffer_size</tt>:: An Integer hint to the multipart parser as to what chunk size to use for reads and writes.
245
- if bufsize = env[RACK_MULTIPART_BUFFER_SIZE]
246
- unless bufsize.is_a?(Integer) && bufsize > 0
247
- raise LintError, "rack.multipart.buffer_size must be an Integer > 0 if specified"
276
+ ## The server or the application can store their own data in the
277
+ ## environment, too. The keys must contain at least one dot,
278
+ ## and should be prefixed uniquely. The prefix <tt>rack.</tt>
279
+ ## is reserved for use with the Rack core distribution and other
280
+ ## accepted specifications and must not be used otherwise.
281
+ ##
282
+ %w[REQUEST_METHOD SERVER_NAME QUERY_STRING SERVER_PROTOCOL rack.errors].each do |header|
283
+ raise LintError, "env missing required key #{header}" unless env.include? header
248
284
  end
249
- end
250
285
 
251
- ## <tt>rack.multipart.tempfile_factory</tt>:: An object responding to #call with two arguments, the filename and content_type given for the multipart form field, and returning an IO-like object that responds to #<< and optionally #rewind. This factory will be used to instantiate the tempfile for each multipart form file upload field, rather than the default class of Tempfile.
252
- if tempfile_factory = env[RACK_MULTIPART_TEMPFILE_FACTORY]
253
- raise LintError, "rack.multipart.tempfile_factory must respond to #call" unless tempfile_factory.respond_to?(:call)
254
- env[RACK_MULTIPART_TEMPFILE_FACTORY] = lambda do |filename, content_type|
255
- io = tempfile_factory.call(filename, content_type)
256
- raise LintError, "rack.multipart.tempfile_factory return value must respond to #<<" unless io.respond_to?(:<<)
257
- io
286
+ ## The <tt>SERVER_PORT</tt> must be an Integer if set.
287
+ server_port = env["SERVER_PORT"]
288
+ unless server_port.nil? || (Integer(server_port) rescue false)
289
+ raise LintError, "env[SERVER_PORT] is not an Integer"
258
290
  end
259
- end
260
291
 
261
- ## The server or the application can store their own data in the
262
- ## environment, too. The keys must contain at least one dot,
263
- ## and should be prefixed uniquely. The prefix <tt>rack.</tt>
264
- ## is reserved for use with the Rack core distribution and other
265
- ## accepted specifications and must not be used otherwise.
266
- ##
292
+ ## The <tt>SERVER_NAME</tt> must be a valid authority as defined by RFC7540.
293
+ unless (URI.parse("http://#{env[SERVER_NAME]}/") rescue false)
294
+ raise LintError, "#{env[SERVER_NAME]} must be a valid authority"
295
+ end
267
296
 
268
- %w[REQUEST_METHOD SERVER_NAME QUERY_STRING
269
- rack.version rack.input rack.errors
270
- rack.multithread rack.multiprocess rack.run_once].each { |header|
271
- raise LintError, "env missing required key #{header}" unless env.include? header
272
- }
297
+ ## The <tt>HTTP_HOST</tt> must be a valid authority as defined by RFC7540.
298
+ unless (URI.parse("http://#{env[HTTP_HOST]}/") rescue false)
299
+ raise LintError, "#{env[HTTP_HOST]} must be a valid authority"
300
+ end
273
301
 
274
- ## The <tt>SERVER_PORT</tt> must be an Integer if set.
275
- server_port = env["SERVER_PORT"]
276
- unless server_port.nil? || (Integer(server_port) rescue false)
277
- raise LintError, "env[SERVER_PORT] is not an Integer"
278
- end
302
+ ## The <tt>SERVER_PROTOCOL</tt> must match the regexp <tt>HTTP/\d(\.\d)?</tt>.
303
+ server_protocol = env['SERVER_PROTOCOL']
304
+ unless %r{HTTP/\d(\.\d)?}.match?(server_protocol)
305
+ raise LintError, "env[SERVER_PROTOCOL] does not match HTTP/\\d(\\.\\d)?"
306
+ end
279
307
 
280
- ## The <tt>SERVER_NAME</tt> must be a valid authority as defined by RFC7540.
281
- unless (URI.parse("http://#{env[SERVER_NAME]}/") rescue false)
282
- raise LintError, "#{env[SERVER_NAME]} must be a valid authority"
283
- end
308
+ ## The environment must not contain the keys
309
+ ## <tt>HTTP_CONTENT_TYPE</tt> or <tt>HTTP_CONTENT_LENGTH</tt>
310
+ ## (use the versions without <tt>HTTP_</tt>).
311
+ %w[HTTP_CONTENT_TYPE HTTP_CONTENT_LENGTH].each { |header|
312
+ if env.include? header
313
+ raise LintError, "env contains #{header}, must use #{header[5..-1]}"
314
+ end
315
+ }
284
316
 
285
- ## The <tt>HTTP_HOST</tt> must be a valid authority as defined by RFC7540.
286
- unless (URI.parse("http://#{env[HTTP_HOST]}/") rescue false)
287
- raise LintError, "#{env[HTTP_HOST]} must be a valid authority"
288
- end
317
+ ## The CGI keys (named without a period) must have String values.
318
+ ## If the string values for CGI keys contain non-ASCII characters,
319
+ ## they should use ASCII-8BIT encoding.
320
+ env.each { |key, value|
321
+ next if key.include? "." # Skip extensions
322
+ unless value.kind_of? String
323
+ raise LintError, "env variable #{key} has non-string value #{value.inspect}"
324
+ end
325
+ next if value.encoding == Encoding::ASCII_8BIT
326
+ unless value.b !~ /[\x80-\xff]/n
327
+ raise LintError, "env variable #{key} has value containing non-ASCII characters and has non-ASCII-8BIT encoding #{value.inspect} encoding: #{value.encoding}"
328
+ end
329
+ }
289
330
 
290
- ## The environment must not contain the keys
291
- ## <tt>HTTP_CONTENT_TYPE</tt> or <tt>HTTP_CONTENT_LENGTH</tt>
292
- ## (use the versions without <tt>HTTP_</tt>).
293
- %w[HTTP_CONTENT_TYPE HTTP_CONTENT_LENGTH].each { |header|
294
- if env.include? header
295
- raise LintError, "env contains #{header}, must use #{header[5, -1]}"
331
+ ## There are the following restrictions:
332
+
333
+ ## * <tt>rack.url_scheme</tt> must either be +http+ or +https+.
334
+ unless %w[http https].include?(env[RACK_URL_SCHEME])
335
+ raise LintError, "rack.url_scheme unknown: #{env[RACK_URL_SCHEME].inspect}"
336
+ end
337
+
338
+ ## * There may be a valid input stream in <tt>rack.input</tt>.
339
+ if rack_input = env[RACK_INPUT]
340
+ check_input_stream(rack_input)
341
+ @env[RACK_INPUT] = InputWrapper.new(rack_input)
342
+ end
343
+
344
+ ## * There must be a valid error stream in <tt>rack.errors</tt>.
345
+ rack_errors = env[RACK_ERRORS]
346
+ check_error_stream(rack_errors)
347
+ @env[RACK_ERRORS] = ErrorWrapper.new(rack_errors)
348
+
349
+ ## * There may be a valid hijack callback in <tt>rack.hijack</tt>
350
+ check_hijack env
351
+ ## * There may be a valid early hints callback in <tt>rack.early_hints</tt>
352
+ check_early_hints env
353
+
354
+ ## * The <tt>REQUEST_METHOD</tt> must be a valid token.
355
+ unless env[REQUEST_METHOD] =~ /\A[0-9A-Za-z!\#$%&'*+.^_`|~-]+\z/
356
+ raise LintError, "REQUEST_METHOD unknown: #{env[REQUEST_METHOD].dump}"
357
+ end
358
+
359
+ ## * The <tt>SCRIPT_NAME</tt>, if non-empty, must start with <tt>/</tt>
360
+ if env.include?(SCRIPT_NAME) && env[SCRIPT_NAME] != "" && env[SCRIPT_NAME] !~ /\A\//
361
+ raise LintError, "SCRIPT_NAME must start with /"
362
+ end
363
+
364
+ ## * The <tt>PATH_INFO</tt>, if provided, must be a valid request target or an empty string.
365
+ if env.include?(PATH_INFO)
366
+ case env[PATH_INFO]
367
+ when REQUEST_PATH_ASTERISK_FORM
368
+ ## * Only <tt>OPTIONS</tt> requests may have <tt>PATH_INFO</tt> set to <tt>*</tt> (asterisk-form).
369
+ unless env[REQUEST_METHOD] == OPTIONS
370
+ raise LintError, "Only OPTIONS requests may have PATH_INFO set to '*' (asterisk-form)"
371
+ end
372
+ when REQUEST_PATH_AUTHORITY_FORM
373
+ ## * Only <tt>CONNECT</tt> requests may have <tt>PATH_INFO</tt> set to an authority (authority-form). Note that in HTTP/2+, the authority-form is not a valid request target.
374
+ unless env[REQUEST_METHOD] == CONNECT
375
+ raise LintError, "Only CONNECT requests may have PATH_INFO set to an authority (authority-form)"
376
+ end
377
+ when REQUEST_PATH_ABSOLUTE_FORM
378
+ ## * <tt>CONNECT</tt> and <tt>OPTIONS</tt> requests must not have <tt>PATH_INFO</tt> set to a URI (absolute-form).
379
+ if env[REQUEST_METHOD] == CONNECT || env[REQUEST_METHOD] == OPTIONS
380
+ raise LintError, "CONNECT and OPTIONS requests must not have PATH_INFO set to a URI (absolute-form)"
381
+ end
382
+ when REQUEST_PATH_ORIGIN_FORM
383
+ ## * Otherwise, <tt>PATH_INFO</tt> must start with a <tt>/</tt> and must not include a fragment part starting with '#' (origin-form).
384
+ when ""
385
+ # Empty string is okay.
386
+ else
387
+ raise LintError, "PATH_INFO must start with a '/' and must not include a fragment part starting with '#' (origin-form)"
388
+ end
389
+ end
390
+
391
+ ## * The <tt>CONTENT_LENGTH</tt>, if given, must consist of digits only.
392
+ if env.include?("CONTENT_LENGTH") && env["CONTENT_LENGTH"] !~ /\A\d+\z/
393
+ raise LintError, "Invalid CONTENT_LENGTH: #{env["CONTENT_LENGTH"]}"
296
394
  end
297
- }
298
395
 
299
- ## The CGI keys (named without a period) must have String values.
300
- ## If the string values for CGI keys contain non-ASCII characters,
301
- ## they should use ASCII-8BIT encoding.
302
- env.each { |key, value|
303
- next if key.include? "." # Skip extensions
304
- unless value.kind_of? String
305
- raise LintError, "env variable #{key} has non-string value #{value.inspect}"
396
+ ## * One of <tt>SCRIPT_NAME</tt> or <tt>PATH_INFO</tt> must be
397
+ ## set. <tt>PATH_INFO</tt> should be <tt>/</tt> if
398
+ ## <tt>SCRIPT_NAME</tt> is empty.
399
+ unless env[SCRIPT_NAME] || env[PATH_INFO]
400
+ raise LintError, "One of SCRIPT_NAME or PATH_INFO must be set (make PATH_INFO '/' if SCRIPT_NAME is empty)"
306
401
  end
307
- next if value.encoding == Encoding::ASCII_8BIT
308
- unless value.b !~ /[\x80-\xff]/n
309
- raise LintError, "env variable #{key} has value containing non-ASCII characters and has non-ASCII-8BIT encoding #{value.inspect} encoding: #{value.encoding}"
402
+ ## <tt>SCRIPT_NAME</tt> never should be <tt>/</tt>, but instead be empty.
403
+ unless env[SCRIPT_NAME] != "/"
404
+ raise LintError, "SCRIPT_NAME cannot be '/', make it '' and PATH_INFO '/'"
310
405
  end
311
- }
312
406
 
313
- ## There are the following restrictions:
407
+ ## <tt>rack.response_finished</tt>:: An array of callables run by the server after the response has been
408
+ ## processed. This would typically be invoked after sending the response to the client, but it could also be
409
+ ## invoked if an error occurs while generating the response or sending the response; in that case, the error
410
+ ## argument will be a subclass of +Exception+.
411
+ ## The callables are invoked with +env, status, headers, error+ arguments and should not raise any
412
+ ## exceptions. They should be invoked in reverse order of registration.
413
+ if callables = env[RACK_RESPONSE_FINISHED]
414
+ raise LintError, "rack.response_finished must be an array of callable objects" unless callables.is_a?(Array)
314
415
 
315
- ## * <tt>rack.version</tt> must be an array of Integers.
316
- unless env[RACK_VERSION].kind_of? Array
317
- raise LintError, "rack.version must be an Array, was #{env[RACK_VERSION].class}"
416
+ callables.each do |callable|
417
+ raise LintError, "rack.response_finished values must respond to call(env, status, headers, error)" unless callable.respond_to?(:call)
418
+ end
419
+ end
318
420
  end
319
- ## * <tt>rack.url_scheme</tt> must either be +http+ or +https+.
320
- unless %w[http https].include?(env[RACK_URL_SCHEME])
321
- raise LintError, "rack.url_scheme unknown: #{env[RACK_URL_SCHEME].inspect}"
421
+
422
+ ##
423
+ ## === The Input Stream
424
+ ##
425
+ ## The input stream is an IO-like object which contains the raw HTTP
426
+ ## POST data.
427
+ def check_input_stream(input)
428
+ ## When applicable, its external encoding must be "ASCII-8BIT" and it
429
+ ## must be opened in binary mode.
430
+ if input.respond_to?(:external_encoding) && input.external_encoding != Encoding::ASCII_8BIT
431
+ raise LintError, "rack.input #{input} does not have ASCII-8BIT as its external encoding"
432
+ end
433
+ if input.respond_to?(:binmode?) && !input.binmode?
434
+ raise LintError, "rack.input #{input} is not opened in binary mode"
435
+ end
436
+
437
+ ## The input stream must respond to +gets+, +each+, and +read+.
438
+ [:gets, :each, :read].each { |method|
439
+ unless input.respond_to? method
440
+ raise LintError, "rack.input #{input} does not respond to ##{method}"
441
+ end
442
+ }
322
443
  end
323
444
 
324
- ## * There must be a valid input stream in <tt>rack.input</tt>.
325
- check_input env[RACK_INPUT]
326
- ## * There must be a valid error stream in <tt>rack.errors</tt>.
327
- check_error env[RACK_ERRORS]
328
- ## * There may be a valid hijack stream in <tt>rack.hijack_io</tt>
329
- check_hijack env
445
+ class InputWrapper
446
+ def initialize(input)
447
+ @input = input
448
+ end
330
449
 
331
- ## * The <tt>REQUEST_METHOD</tt> must be a valid token.
332
- unless env[REQUEST_METHOD] =~ /\A[0-9A-Za-z!\#$%&'*+.^_`|~-]+\z/
333
- raise LintError, "REQUEST_METHOD unknown: #{env[REQUEST_METHOD].dump}"
334
- end
450
+ ## * +gets+ must be called without arguments and return a string,
451
+ ## or +nil+ on EOF.
452
+ def gets(*args)
453
+ raise LintError, "rack.input#gets called with arguments" unless args.size == 0
454
+ v = @input.gets
455
+ unless v.nil? or v.kind_of? String
456
+ raise LintError, "rack.input#gets didn't return a String"
457
+ end
458
+ v
459
+ end
335
460
 
336
- ## * The <tt>SCRIPT_NAME</tt>, if non-empty, must start with <tt>/</tt>
337
- if env.include?(SCRIPT_NAME) && env[SCRIPT_NAME] != "" && env[SCRIPT_NAME] !~ /\A\//
338
- raise LintError, "SCRIPT_NAME must start with /"
339
- end
340
- ## * The <tt>PATH_INFO</tt>, if non-empty, must start with <tt>/</tt>
341
- if env.include?(PATH_INFO) && env[PATH_INFO] != "" && env[PATH_INFO] !~ /\A\//
342
- raise LintError, "PATH_INFO must start with /"
343
- end
344
- ## * The <tt>CONTENT_LENGTH</tt>, if given, must consist of digits only.
345
- if env.include?("CONTENT_LENGTH") && env["CONTENT_LENGTH"] !~ /\A\d+\z/
346
- raise LintError, "Invalid CONTENT_LENGTH: #{env["CONTENT_LENGTH"]}"
347
- end
461
+ ## * +read+ behaves like <tt>IO#read</tt>.
462
+ ## Its signature is <tt>read([length, [buffer]])</tt>.
463
+ ##
464
+ ## If given, +length+ must be a non-negative Integer (>= 0) or +nil+,
465
+ ## and +buffer+ must be a String and may not be nil.
466
+ ##
467
+ ## If +length+ is given and not nil, then this method reads at most
468
+ ## +length+ bytes from the input stream.
469
+ ##
470
+ ## If +length+ is not given or nil, then this method reads
471
+ ## all data until EOF.
472
+ ##
473
+ ## When EOF is reached, this method returns nil if +length+ is given
474
+ ## and not nil, or "" if +length+ is not given or is nil.
475
+ ##
476
+ ## If +buffer+ is given, then the read data will be placed
477
+ ## into +buffer+ instead of a newly created String object.
478
+ def read(*args)
479
+ unless args.size <= 2
480
+ raise LintError, "rack.input#read called with too many arguments"
481
+ end
482
+ if args.size >= 1
483
+ unless args.first.kind_of?(Integer) || args.first.nil?
484
+ raise LintError, "rack.input#read called with non-integer and non-nil length"
485
+ end
486
+ unless args.first.nil? || args.first >= 0
487
+ raise LintError, "rack.input#read called with a negative length"
488
+ end
489
+ end
490
+ if args.size >= 2
491
+ unless args[1].kind_of?(String)
492
+ raise LintError, "rack.input#read called with non-String buffer"
493
+ end
494
+ end
348
495
 
349
- ## * One of <tt>SCRIPT_NAME</tt> or <tt>PATH_INFO</tt> must be
350
- ## set. <tt>PATH_INFO</tt> should be <tt>/</tt> if
351
- ## <tt>SCRIPT_NAME</tt> is empty.
352
- unless env[SCRIPT_NAME] || env[PATH_INFO]
353
- raise LintError, "One of SCRIPT_NAME or PATH_INFO must be set (make PATH_INFO '/' if SCRIPT_NAME is empty)"
354
- end
355
- ## <tt>SCRIPT_NAME</tt> never should be <tt>/</tt>, but instead be empty.
356
- unless env[SCRIPT_NAME] != "/"
357
- raise LintError, "SCRIPT_NAME cannot be '/', make it '' and PATH_INFO '/'"
358
- end
359
- end
496
+ v = @input.read(*args)
360
497
 
361
- ## === The Input Stream
362
- ##
363
- ## The input stream is an IO-like object which contains the raw HTTP
364
- ## POST data.
365
- def check_input(input)
366
- ## When applicable, its external encoding must be "ASCII-8BIT" and it
367
- ## must be opened in binary mode, for Ruby 1.9 compatibility.
368
- if input.respond_to?(:external_encoding) && input.external_encoding != Encoding::ASCII_8BIT
369
- raise LintError, "rack.input #{input} does not have ASCII-8BIT as its external encoding"
498
+ unless v.nil? or v.kind_of? String
499
+ raise LintError, "rack.input#read didn't return nil or a String"
500
+ end
501
+ if args[0].nil?
502
+ unless !v.nil?
503
+ raise LintError, "rack.input#read(nil) returned nil on EOF"
504
+ end
505
+ end
506
+
507
+ v
508
+ end
509
+
510
+ ## * +each+ must be called without arguments and only yield Strings.
511
+ def each(*args)
512
+ raise LintError, "rack.input#each called with arguments" unless args.size == 0
513
+ @input.each { |line|
514
+ unless line.kind_of? String
515
+ raise LintError, "rack.input#each didn't yield a String"
516
+ end
517
+ yield line
518
+ }
519
+ end
520
+
521
+ ## * +close+ can be called on the input stream to indicate that
522
+ ## any remaining input is not needed.
523
+ def close(*args)
524
+ @input.close(*args)
525
+ end
370
526
  end
371
- if input.respond_to?(:binmode?) && !input.binmode?
372
- raise LintError, "rack.input #{input} is not opened in binary mode"
527
+
528
+ ##
529
+ ## === The Error Stream
530
+ ##
531
+ def check_error_stream(error)
532
+ ## The error stream must respond to +puts+, +write+ and +flush+.
533
+ [:puts, :write, :flush].each { |method|
534
+ unless error.respond_to? method
535
+ raise LintError, "rack.error #{error} does not respond to ##{method}"
536
+ end
537
+ }
373
538
  end
374
539
 
375
- ## The input stream must respond to +gets+, +each+, +read+ and +rewind+.
376
- [:gets, :each, :read, :rewind].each { |method|
377
- unless input.respond_to? method
378
- raise LintError, "rack.input #{input} does not respond to ##{method}"
540
+ class ErrorWrapper
541
+ def initialize(error)
542
+ @error = error
379
543
  end
380
- }
381
- end
382
544
 
383
- class InputWrapper
384
- include Assertion
545
+ ## * +puts+ must be called with a single argument that responds to +to_s+.
546
+ def puts(str)
547
+ @error.puts str
548
+ end
385
549
 
386
- def initialize(input)
387
- @input = input
388
- end
550
+ ## * +write+ must be called with a single argument that is a String.
551
+ def write(str)
552
+ raise LintError, "rack.errors#write not called with a String" unless str.kind_of? String
553
+ @error.write str
554
+ end
555
+
556
+ ## * +flush+ must be called without arguments and must be called
557
+ ## in order to make the error appear for sure.
558
+ def flush
559
+ @error.flush
560
+ end
389
561
 
390
- ## * +gets+ must be called without arguments and return a string,
391
- ## or +nil+ on EOF.
392
- def gets(*args)
393
- raise LintError, "rack.input#gets called with arguments" unless args.size == 0
394
- v = @input.gets
395
- unless v.nil? or v.kind_of? String
396
- raise LintError, "rack.input#gets didn't return a String"
562
+ ## * +close+ must never be called on the error stream.
563
+ def close(*args)
564
+ raise LintError, "rack.errors#close must not be called"
397
565
  end
398
- v
399
566
  end
400
567
 
401
- ## * +read+ behaves like IO#read.
402
- ## Its signature is <tt>read([length, [buffer]])</tt>.
403
568
  ##
404
- ## If given, +length+ must be a non-negative Integer (>= 0) or +nil+,
405
- ## and +buffer+ must be a String and may not be nil.
569
+ ## === Hijacking
406
570
  ##
407
- ## If +length+ is given and not nil, then this method reads at most
408
- ## +length+ bytes from the input stream.
571
+ ## The hijacking interfaces provides a means for an application to take
572
+ ## control of the HTTP connection. There are two distinct hijack
573
+ ## interfaces: full hijacking where the application takes over the raw
574
+ ## connection, and partial hijacking where the application takes over
575
+ ## just the response body stream. In both cases, the application is
576
+ ## responsible for closing the hijacked stream.
409
577
  ##
410
- ## If +length+ is not given or nil, then this method reads
411
- ## all data until EOF.
578
+ ## Full hijacking only works with HTTP/1. Partial hijacking is functionally
579
+ ## equivalent to streaming bodies, and is still optionally supported for
580
+ ## backwards compatibility with older Rack versions.
412
581
  ##
413
- ## When EOF is reached, this method returns nil if +length+ is given
414
- ## and not nil, or "" if +length+ is not given or is nil.
582
+ ## ==== Full Hijack
415
583
  ##
416
- ## If +buffer+ is given, then the read data will be placed
417
- ## into +buffer+ instead of a newly created String object.
418
- def read(*args)
419
- unless args.size <= 2
420
- raise LintError, "rack.input#read called with too many arguments"
421
- end
422
- if args.size >= 1
423
- unless args.first.kind_of?(Integer) || args.first.nil?
424
- raise LintError, "rack.input#read called with non-integer and non-nil length"
425
- end
426
- unless args.first.nil? || args.first >= 0
427
- raise LintError, "rack.input#read called with a negative length"
428
- end
429
- end
430
- if args.size >= 2
431
- unless args[1].kind_of?(String)
432
- raise LintError, "rack.input#read called with non-String buffer"
433
- end
434
- end
584
+ ## Full hijack is used to completely take over an HTTP/1 connection. It
585
+ ## occurs before any headers are written and causes the request to
586
+ ## ignores any response generated by the application.
587
+ ##
588
+ ## It is intended to be used when applications need access to raw HTTP/1
589
+ ## connection.
590
+ ##
591
+ def check_hijack(env)
592
+ ## If +rack.hijack+ is present in +env+, it must respond to +call+
593
+ if original_hijack = env[RACK_HIJACK]
594
+ raise LintError, "rack.hijack must respond to call" unless original_hijack.respond_to?(:call)
435
595
 
436
- v = @input.read(*args)
596
+ env[RACK_HIJACK] = proc do
597
+ io = original_hijack.call
437
598
 
438
- unless v.nil? or v.kind_of? String
439
- raise LintError, "rack.input#read didn't return nil or a String"
599
+ ## and return an +IO+ instance which can be used to read and write
600
+ ## to the underlying connection using HTTP/1 semantics and
601
+ ## formatting.
602
+ raise LintError, "rack.hijack must return an IO instance" unless io.is_a?(IO)
603
+
604
+ io
605
+ end
440
606
  end
441
- if args[0].nil?
442
- unless !v.nil?
443
- raise LintError, "rack.input#read(nil) returned nil on EOF"
607
+ end
608
+
609
+ ##
610
+ ## ==== Partial Hijack
611
+ ##
612
+ ## Partial hijack is used for bi-directional streaming of the request and
613
+ ## response body. It occurs after the status and headers are written by
614
+ ## the server and causes the server to ignore the Body of the response.
615
+ ##
616
+ ## It is intended to be used when applications need bi-directional
617
+ ## streaming.
618
+ ##
619
+ def check_hijack_response(headers, env)
620
+ ## If +rack.hijack?+ is present in +env+ and truthy,
621
+ if env[RACK_IS_HIJACK]
622
+ ## an application may set the special response header +rack.hijack+
623
+ if original_hijack = headers[RACK_HIJACK]
624
+ ## to an object that responds to +call+,
625
+ unless original_hijack.respond_to?(:call)
626
+ raise LintError, 'rack.hijack header must respond to #call'
627
+ end
628
+ ## accepting a +stream+ argument.
629
+ return proc do |io|
630
+ original_hijack.call StreamWrapper.new(io)
631
+ end
632
+ end
633
+ ##
634
+ ## After the response status and headers have been sent, this hijack
635
+ ## callback will be invoked with a +stream+ argument which follows the
636
+ ## same interface as outlined in "Streaming Body". Servers must
637
+ ## ignore the +body+ part of the response tuple when the
638
+ ## +rack.hijack+ response header is present. Using an empty +Array+
639
+ ## instance is recommended.
640
+ else
641
+ ##
642
+ ## The special response header +rack.hijack+ must only be set
643
+ ## if the request +env+ has a truthy +rack.hijack?+.
644
+ if headers.key?(RACK_HIJACK)
645
+ raise LintError, 'rack.hijack header must not be present if server does not support hijacking'
444
646
  end
445
647
  end
446
648
 
447
- v
649
+ nil
448
650
  end
449
651
 
450
- ## * +each+ must be called without arguments and only yield Strings.
451
- def each(*args)
452
- raise LintError, "rack.input#each called with arguments" unless args.size == 0
453
- @input.each { |line|
454
- unless line.kind_of? String
455
- raise LintError, "rack.input#each didn't yield a String"
652
+ ##
653
+ ## === Early Hints
654
+ ##
655
+ ## The application or any middleware may call the <tt>rack.early_hints</tt>
656
+ ## with an object which would be valid as the headers of a Rack response.
657
+ def check_early_hints(env)
658
+ if env[RACK_EARLY_HINTS]
659
+ ##
660
+ ## If <tt>rack.early_hints</tt> is present, it must respond to #call.
661
+ unless env[RACK_EARLY_HINTS].respond_to?(:call)
662
+ raise LintError, "rack.early_hints must respond to call"
456
663
  end
457
- yield line
458
- }
459
- end
460
664
 
461
- ## * +rewind+ must be called without arguments. It rewinds the input
462
- ## stream back to the beginning. It must not raise Errno::ESPIPE:
463
- ## that is, it may not be a pipe or a socket. Therefore, handler
464
- ## developers must buffer the input data into some rewindable object
465
- ## if the underlying input stream is not rewindable.
466
- def rewind(*args)
467
- raise LintError, "rack.input#rewind called with arguments" unless args.size == 0
468
- begin
469
- @input.rewind
470
- true
471
- rescue Errno::ESPIPE
472
- raise LintError, "rack.input#rewind raised Errno::ESPIPE"
665
+ original_callback = env[RACK_EARLY_HINTS]
666
+ env[RACK_EARLY_HINTS] = lambda do |headers|
667
+ ## If <tt>rack.early_hints</tt> is called, it must be called with
668
+ ## valid Rack response headers.
669
+ check_headers(headers)
670
+ original_callback.call(headers)
671
+ end
473
672
  end
474
673
  end
475
674
 
476
- ## * +close+ must never be called on the input stream.
477
- def close(*args)
478
- raise LintError, "rack.input#close must not be called"
675
+ ##
676
+ ## == The Response
677
+ ##
678
+ ## === The Status
679
+ ##
680
+ def check_status(status)
681
+ ## This is an HTTP status. It must be an Integer greater than or equal to
682
+ ## 100.
683
+ unless status.is_a?(Integer) && status >= 100
684
+ raise LintError, "Status must be an Integer >=100"
685
+ end
479
686
  end
480
- end
481
687
 
482
- ## === The Error Stream
483
- def check_error(error)
484
- ## The error stream must respond to +puts+, +write+ and +flush+.
485
- [:puts, :write, :flush].each { |method|
486
- unless error.respond_to? method
487
- raise LintError, "rack.error #{error} does not respond to ##{method}"
688
+ ##
689
+ ## === The Headers
690
+ ##
691
+ def check_headers(headers)
692
+ ## The headers must be a unfrozen Hash.
693
+ unless headers.kind_of?(Hash)
694
+ raise LintError, "headers object should be a hash, but isn't (got #{headers.class} as headers)"
488
695
  end
489
- }
490
- end
491
696
 
492
- class ErrorWrapper
493
- include Assertion
697
+ if headers.frozen?
698
+ raise LintError, "headers object should not be frozen, but is"
699
+ end
494
700
 
495
- def initialize(error)
496
- @error = error
497
- end
701
+ headers.each do |key, value|
702
+ ## The header keys must be Strings.
703
+ unless key.kind_of? String
704
+ raise LintError, "header key must be a string, was #{key.class}"
705
+ end
498
706
 
499
- ## * +puts+ must be called with a single argument that responds to +to_s+.
500
- def puts(str)
501
- @error.puts str
707
+ ## Special headers starting "rack." are for communicating with the
708
+ ## server, and must not be sent back to the client.
709
+ next if key.start_with?("rack.")
710
+
711
+ ## The header must not contain a +Status+ key.
712
+ raise LintError, "header must not contain status" if key == "status"
713
+ ## Header keys must conform to RFC7230 token specification, i.e. cannot
714
+ ## contain non-printable ASCII, DQUOTE or "(),/:;<=>?@[\]{}".
715
+ raise LintError, "invalid header name: #{key}" if key =~ /[\(\),\/:;<=>\?@\[\\\]{}[:cntrl:]]/
716
+ ## Header keys must not contain uppercase ASCII characters (A-Z).
717
+ raise LintError, "uppercase character in header name: #{key}" if key =~ /[A-Z]/
718
+
719
+ ## Header values must be either a String instance,
720
+ if value.kind_of?(String)
721
+ check_header_value(key, value)
722
+ elsif value.kind_of?(Array)
723
+ ## or an Array of String instances,
724
+ value.each{|value| check_header_value(key, value)}
725
+ else
726
+ raise LintError, "a header value must be a String or Array of Strings, but the value of '#{key}' is a #{value.class}"
727
+ end
728
+ end
502
729
  end
503
730
 
504
- ## * +write+ must be called with a single argument that is a String.
505
- def write(str)
506
- raise LintError, "rack.errors#write not called with a String" unless str.kind_of? String
507
- @error.write str
731
+ def check_header_value(key, value)
732
+ ## such that each String instance must not contain characters below 037.
733
+ if value =~ /[\000-\037]/
734
+ raise LintError, "invalid header value #{key}: #{value.inspect}"
735
+ end
508
736
  end
509
737
 
510
- ## * +flush+ must be called without arguments and must be called
511
- ## in order to make the error appear for sure.
512
- def flush
513
- @error.flush
738
+ ##
739
+ ## ==== The +content-type+ Header
740
+ ##
741
+ def check_content_type_header(status, headers)
742
+ headers.each { |key, value|
743
+ ## There must not be a <tt>content-type</tt> header key when the +Status+ is 1xx,
744
+ ## 204, or 304.
745
+ if key == "content-type"
746
+ if Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.key? status.to_i
747
+ raise LintError, "content-type header found in #{status} response, not allowed"
748
+ end
749
+ return
750
+ end
751
+ }
514
752
  end
515
753
 
516
- ## * +close+ must never be called on the error stream.
517
- def close(*args)
518
- raise LintError, "rack.errors#close must not be called"
754
+ ##
755
+ ## ==== The +content-length+ Header
756
+ ##
757
+ def check_content_length_header(status, headers)
758
+ headers.each { |key, value|
759
+ if key == 'content-length'
760
+ ## There must not be a <tt>content-length</tt> header key when the
761
+ ## +Status+ is 1xx, 204, or 304.
762
+ if Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.key? status.to_i
763
+ raise LintError, "content-length header found in #{status} response, not allowed"
764
+ end
765
+ @content_length = value
766
+ end
767
+ }
519
768
  end
520
- end
521
-
522
- class HijackWrapper
523
- include Assertion
524
- extend Forwardable
525
769
 
526
- REQUIRED_METHODS = [
527
- :read, :write, :read_nonblock, :write_nonblock, :flush, :close,
528
- :close_read, :close_write, :closed?
529
- ]
530
-
531
- def_delegators :@io, *REQUIRED_METHODS
532
-
533
- def initialize(io)
534
- @io = io
535
- REQUIRED_METHODS.each do |meth|
536
- raise LintError, "rack.hijack_io must respond to #{meth}" unless io.respond_to? meth
770
+ def verify_content_length(size)
771
+ if @head_request
772
+ unless size == 0
773
+ raise LintError, "Response body was given for HEAD request, but should be empty"
774
+ end
775
+ elsif @content_length
776
+ unless @content_length == size.to_s
777
+ raise LintError, "content-length header was #{@content_length}, but should be #{size}"
778
+ end
537
779
  end
538
780
  end
539
- end
540
781
 
541
- ## === Hijacking
542
- #
543
- # AUTHORS: n.b. The trailing whitespace between paragraphs is important and
544
- # should not be removed. The whitespace creates paragraphs in the RDoc
545
- # output.
546
- #
547
- ## ==== Request (before status)
548
- def check_hijack(env)
549
- if env[RACK_IS_HIJACK]
550
- ## If rack.hijack? is true then rack.hijack must respond to #call.
551
- original_hijack = env[RACK_HIJACK]
552
- raise LintError, "rack.hijack must respond to call" unless original_hijack.respond_to?(:call)
553
- env[RACK_HIJACK] = proc do
554
- ## rack.hijack must return the io that will also be assigned (or is
555
- ## already present, in rack.hijack_io.
556
- io = original_hijack.call
557
- HijackWrapper.new(io)
558
- ##
559
- ## rack.hijack_io must respond to:
560
- ## <tt>read, write, read_nonblock, write_nonblock, flush, close,
561
- ## close_read, close_write, closed?</tt>
562
- ##
563
- ## The semantics of these IO methods must be a best effort match to
564
- ## those of a normal ruby IO or Socket object, using standard
565
- ## arguments and raising standard exceptions. Servers are encouraged
566
- ## to simply pass on real IO objects, although it is recognized that
567
- ## this approach is not directly compatible with SPDY and HTTP 2.0.
568
- ##
569
- ## IO provided in rack.hijack_io should preference the
570
- ## IO::WaitReadable and IO::WaitWritable APIs wherever supported.
571
- ##
572
- ## There is a deliberate lack of full specification around
573
- ## rack.hijack_io, as semantics will change from server to server.
574
- ## Users are encouraged to utilize this API with a knowledge of their
575
- ## server choice, and servers may extend the functionality of
576
- ## hijack_io to provide additional features to users. The purpose of
577
- ## rack.hijack is for Rack to "get out of the way", as such, Rack only
578
- ## provides the minimum of specification and support.
579
- env[RACK_HIJACK_IO] = HijackWrapper.new(env[RACK_HIJACK_IO])
580
- io
581
- end
582
- else
583
- ##
584
- ## If rack.hijack? is false, then rack.hijack should not be set.
585
- raise LintError, "rack.hijack? is false, but rack.hijack is present" unless env[RACK_HIJACK].nil?
782
+ ##
783
+ ## ==== The +rack.protocol+ Header
784
+ ##
785
+ def check_rack_protocol_header(status, headers)
786
+ ## If the +rack.protocol+ header is present, it must be a +String+, and
787
+ ## must be one of the values from the +rack.protocol+ array from the
788
+ ## environment.
789
+ protocol = headers['rack.protocol']
790
+
791
+ if protocol
792
+ request_protocols = @env['rack.protocol']
793
+
794
+ if request_protocols.nil?
795
+ raise LintError, "rack.protocol header is #{protocol.inspect}, but rack.protocol was not set in request!"
796
+ elsif !request_protocols.include?(protocol)
797
+ raise LintError, "rack.protocol header is #{protocol.inspect}, but should be one of #{request_protocols.inspect} from the request!"
798
+ end
799
+ end
800
+ end
801
+ ##
802
+ ## Setting this value informs the server that it should perform a
803
+ ## connection upgrade. In HTTP/1, this is done using the +upgrade+
804
+ ## header. In HTTP/2, this is done by accepting the request.
805
+ ##
806
+ ## === The Body
807
+ ##
808
+ ## The Body is typically an +Array+ of +String+ instances, an enumerable
809
+ ## that yields +String+ instances, a +Proc+ instance, or a File-like
810
+ ## object.
811
+ ##
812
+ ## The Body must respond to +each+ or +call+. It may optionally respond
813
+ ## to +to_path+ or +to_ary+. A Body that responds to +each+ is considered
814
+ ## to be an Enumerable Body. A Body that responds to +call+ is considered
815
+ ## to be a Streaming Body.
816
+ ##
817
+ ## A Body that responds to both +each+ and +call+ must be treated as an
818
+ ## Enumerable Body, not a Streaming Body. If it responds to +each+, you
819
+ ## must call +each+ and not +call+. If the Body doesn't respond to
820
+ ## +each+, then you can assume it responds to +call+.
821
+ ##
822
+ ## The Body must either be consumed or returned. The Body is consumed by
823
+ ## optionally calling either +each+ or +call+.
824
+ ## Then, if the Body responds to +close+, it must be called to release
825
+ ## any resources associated with the generation of the body.
826
+ ## In other words, +close+ must always be called at least once; typically
827
+ ## after the web server has sent the response to the client, but also in
828
+ ## cases where the Rack application makes internal/virtual requests and
829
+ ## discards the response.
830
+ ##
831
+ def close
586
832
  ##
587
- ## If rack.hijack? is false, then rack.hijack_io should not be set.
588
- raise LintError, "rack.hijack? is false, but rack.hijack_io is present" unless env[RACK_HIJACK_IO].nil?
833
+ ## After calling +close+, the Body is considered closed and should not
834
+ ## be consumed again.
835
+ @closed = true
836
+
837
+ ## If the original Body is replaced by a new Body, the new Body must
838
+ ## also consume the original Body by calling +close+ if possible.
839
+ @body.close if @body.respond_to?(:close)
840
+
841
+ index = @lint.index(self)
842
+ unless @env['rack.lint'][0..index].all? {|lint| lint.instance_variable_get(:@closed)}
843
+ raise LintError, "Body has not been closed"
844
+ end
589
845
  end
590
- end
591
846
 
592
- ## ==== Response (after headers)
593
- ## It is also possible to hijack a response after the status and headers
594
- ## have been sent.
595
- def check_hijack_response(headers, env)
596
-
597
- # this check uses headers like a hash, but the spec only requires
598
- # headers respond to #each
599
- headers = Rack::Utils::HeaderHash[headers]
600
-
601
- ## In order to do this, an application may set the special header
602
- ## <tt>rack.hijack</tt> to an object that responds to <tt>call</tt>
603
- ## accepting an argument that conforms to the <tt>rack.hijack_io</tt>
604
- ## protocol.
605
- ##
606
- ## After the headers have been sent, and this hijack callback has been
607
- ## called, the application is now responsible for the remaining lifecycle
608
- ## of the IO. The application is also responsible for maintaining HTTP
609
- ## semantics. Of specific note, in almost all cases in the current SPEC,
610
- ## applications will have wanted to specify the header Connection:close in
611
- ## HTTP/1.1, and not Connection:keep-alive, as there is no protocol for
612
- ## returning hijacked sockets to the web server. For that purpose, use the
613
- ## body streaming API instead (progressively yielding strings via each).
614
- ##
615
- ## Servers must ignore the <tt>body</tt> part of the response tuple when
616
- ## the <tt>rack.hijack</tt> response API is in use.
617
-
618
- if env[RACK_IS_HIJACK] && headers[RACK_HIJACK]
619
- unless headers[RACK_HIJACK].respond_to? :call
620
- raise LintError, 'rack.hijack header must respond to #call'
621
- end
622
- original_hijack = headers[RACK_HIJACK]
623
- proc do |io|
624
- original_hijack.call HijackWrapper.new(io)
625
- end
626
- else
847
+ def verify_to_path
627
848
  ##
628
- ## The special response header <tt>rack.hijack</tt> must only be set
629
- ## if the request env has <tt>rack.hijack?</tt> <tt>true</tt>.
630
- unless headers[RACK_HIJACK].nil?
631
- raise LintError, 'rack.hijack header must not be present if server does not support hijacking'
849
+ ## If the Body responds to +to_path+, it must return a +String+
850
+ ## path for the local file system whose contents are identical
851
+ ## to that produced by calling +each+; this may be used by the
852
+ ## server as an alternative, possibly more efficient way to
853
+ ## transport the response. The +to_path+ method does not consume
854
+ ## the body.
855
+ if @body.respond_to?(:to_path)
856
+ unless ::File.exist? @body.to_path
857
+ raise LintError, "The file identified by body.to_path does not exist"
858
+ end
632
859
  end
633
-
634
- nil
635
860
  end
636
- end
637
- ## ==== Conventions
638
- ## * Middleware should not use hijack unless it is handling the whole
639
- ## response.
640
- ## * Middleware may wrap the IO object for the response pattern.
641
- ## * Middleware should not wrap the IO object for the request pattern. The
642
- ## request pattern is intended to provide the hijacker with "raw tcp".
643
-
644
- ## == The Response
645
-
646
- ## === The Status
647
- def check_status(status)
648
- ## This is an HTTP status. When parsed as integer (+to_i+), it must be
649
- ## greater than or equal to 100.
650
- unless status.to_i >= 100
651
- raise LintError, "Status must be >=100 seen as integer"
652
- end
653
- end
654
861
 
655
- ## === The Headers
656
- def check_headers(header)
657
- ## The header must respond to +each+, and yield values of key and value.
658
- unless header.respond_to? :each
659
- raise LintError, "headers object should respond to #each, but doesn't (got #{header.class} as headers)"
660
- end
862
+ ##
863
+ ## ==== Enumerable Body
864
+ ##
865
+ def each
866
+ ## The Enumerable Body must respond to +each+.
867
+ raise LintError, "Enumerable Body must respond to each" unless @body.respond_to?(:each)
661
868
 
662
- header.each { |key, value|
663
- ## The header keys must be Strings.
664
- unless key.kind_of? String
665
- raise LintError, "header key must be a string, was #{key.class}"
666
- end
869
+ ## It must only be called once.
870
+ raise LintError, "Response body must only be invoked once (#{@invoked})" unless @invoked.nil?
667
871
 
668
- ## Special headers starting "rack." are for communicating with the
669
- ## server, and must not be sent back to the client.
670
- next if key =~ /^rack\..+$/
872
+ ## It must not be called after being closed,
873
+ raise LintError, "Response body is already closed" if @closed
671
874
 
672
- ## The header must not contain a +Status+ key.
673
- raise LintError, "header must not contain Status" if key.downcase == "status"
674
- ## The header must conform to RFC7230 token specification, i.e. cannot
675
- ## contain non-printable ASCII, DQUOTE or "(),/:;<=>?@[\]{}".
676
- raise LintError, "invalid header name: #{key}" if key =~ /[\(\),\/:;<=>\?@\[\\\]{}[:cntrl:]]/
875
+ @invoked = :each
677
876
 
678
- ## The values of the header must be Strings,
679
- unless value.kind_of? String
680
- raise LintError, "a header value must be a String, but the value of '#{key}' is a #{value.class}"
681
- end
682
- ## consisting of lines (for multiple header values, e.g. multiple
683
- ## <tt>Set-Cookie</tt> values) separated by "\\n".
684
- value.split("\n").each { |item|
685
- ## The lines must not contain characters below 037.
686
- if item =~ /[\000-\037]/
687
- raise LintError, "invalid header value #{key}: #{item.inspect}"
877
+ @body.each do |chunk|
878
+ ## and must only yield String values.
879
+ unless chunk.kind_of? String
880
+ raise LintError, "Body yielded non-string value #{chunk.inspect}"
688
881
  end
689
- }
690
- }
691
- end
692
882
 
693
- ## === The Content-Type
694
- def check_content_type(status, headers)
695
- headers.each { |key, value|
696
- ## There must not be a <tt>Content-Type</tt>, when the +Status+ is 1xx,
697
- ## 204 or 304.
698
- if key.downcase == "content-type"
699
- if Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.key? status.to_i
700
- raise LintError, "Content-Type header found in #{status} response, not allowed"
883
+ ##
884
+ ## Middleware must not call +each+ directly on the Body.
885
+ ## Instead, middleware can return a new Body that calls +each+ on the
886
+ ## original Body, yielding at least once per iteration.
887
+ if @lint[0] == self
888
+ @env['rack.lint.body_iteration'] += 1
889
+ else
890
+ if (@env['rack.lint.body_iteration'] -= 1) > 0
891
+ raise LintError, "New body must yield at least once per iteration of old body"
892
+ end
701
893
  end
702
- return
703
- end
704
- }
705
- end
706
894
 
707
- ## === The Content-Length
708
- def check_content_length(status, headers)
709
- headers.each { |key, value|
710
- if key.downcase == 'content-length'
711
- ## There must not be a <tt>Content-Length</tt> header when the
712
- ## +Status+ is 1xx, 204 or 304.
713
- if Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.key? status.to_i
714
- raise LintError, "Content-Length header found in #{status} response, not allowed"
715
- end
716
- @content_length = value
895
+ @size += chunk.bytesize
896
+ yield chunk
717
897
  end
718
- }
719
- end
720
898
 
721
- def verify_content_length(bytes)
722
- if @head_request
723
- unless bytes == 0
724
- raise LintError, "Response body was given for HEAD request, but should be empty"
725
- end
726
- elsif @content_length
727
- unless @content_length == bytes.to_s
728
- raise LintError, "Content-Length header was #{@content_length}, but should be #{bytes}"
729
- end
899
+ verify_content_length(@size)
900
+
901
+ verify_to_path
730
902
  end
731
- end
732
903
 
733
- ## === The Body
734
- def each
735
- @closed = false
736
- bytes = 0
904
+ BODY_METHODS = {to_ary: true, each: true, call: true, to_path: true}
737
905
 
738
- ## The Body must respond to +each+
739
- unless @body.respond_to?(:each)
740
- raise LintError, "Response body must respond to each"
906
+ def to_path
907
+ @body.to_path
741
908
  end
742
909
 
743
- @body.each { |part|
744
- ## and must only yield String values.
745
- unless part.kind_of? String
746
- raise LintError, "Body yielded non-string value #{part.inspect}"
910
+ def respond_to?(name, *)
911
+ if BODY_METHODS.key?(name)
912
+ @body.respond_to?(name)
913
+ else
914
+ super
747
915
  end
748
- bytes += part.bytesize
749
- yield part
750
- }
751
- verify_content_length(bytes)
916
+ end
917
+
918
+ ##
919
+ ## If the Body responds to +to_ary+, it must return an +Array+ whose
920
+ ## contents are identical to that produced by calling +each+.
921
+ ## Middleware may call +to_ary+ directly on the Body and return a new
922
+ ## Body in its place. In other words, middleware can only process the
923
+ ## Body directly if it responds to +to_ary+. If the Body responds to both
924
+ ## +to_ary+ and +close+, its implementation of +to_ary+ must call
925
+ ## +close+.
926
+ def to_ary
927
+ @body.to_ary.tap do |content|
928
+ unless content == @body.enum_for.to_a
929
+ raise LintError, "#to_ary not identical to contents produced by calling #each"
930
+ end
931
+ end
932
+ ensure
933
+ close
934
+ end
752
935
 
753
936
  ##
754
- ## The Body itself should not be an instance of String, as this will
755
- ## break in Ruby 1.9.
937
+ ## ==== Streaming Body
756
938
  ##
757
- ## If the Body responds to +close+, it will be called after iteration. If
758
- ## the body is replaced by a middleware after action, the original body
759
- ## must be closed first, if it responds to close.
760
- # XXX howto: raise LintError, "Body has not been closed" unless @closed
939
+ def call(stream)
940
+ ## The Streaming Body must respond to +call+.
941
+ raise LintError, "Streaming Body must respond to call" unless @body.respond_to?(:call)
761
942
 
943
+ ## It must only be called once.
944
+ raise LintError, "Response body must only be invoked once (#{@invoked})" unless @invoked.nil?
762
945
 
763
- ##
764
- ## If the Body responds to +to_path+, it must return a String
765
- ## identifying the location of a file whose contents are identical
766
- ## to that produced by calling +each+; this may be used by the
767
- ## server as an alternative, possibly more efficient way to
768
- ## transport the response.
946
+ ## It must not be called after being closed.
947
+ raise LintError, "Response body is already closed" if @closed
769
948
 
770
- if @body.respond_to?(:to_path)
771
- unless ::File.exist? @body.to_path
772
- raise LintError, "The file identified by body.to_path does not exist"
773
- end
949
+ @invoked = :call
950
+
951
+ ## It takes a +stream+ argument.
952
+ ##
953
+ ## The +stream+ argument must implement:
954
+ ## <tt>read, write, <<, flush, close, close_read, close_write, closed?</tt>
955
+ ##
956
+ @body.call(StreamWrapper.new(stream))
774
957
  end
775
958
 
776
- ##
777
- ## The Body commonly is an Array of Strings, the application
778
- ## instance itself, or a File-like object.
779
- end
959
+ class StreamWrapper
960
+ extend Forwardable
780
961
 
781
- def close
782
- @closed = true
783
- @body.close if @body.respond_to?(:close)
784
- end
962
+ ## The semantics of these IO methods must be a best effort match to
963
+ ## those of a normal Ruby IO or Socket object, using standard arguments
964
+ ## and raising standard exceptions. Servers are encouraged to simply
965
+ ## pass on real IO objects, although it is recognized that this approach
966
+ ## is not directly compatible with HTTP/2.
967
+ REQUIRED_METHODS = [
968
+ :read, :write, :<<, :flush, :close,
969
+ :close_read, :close_write, :closed?
970
+ ]
971
+
972
+ def_delegators :@stream, *REQUIRED_METHODS
785
973
 
786
- # :startdoc:
974
+ def initialize(stream)
975
+ @stream = stream
787
976
 
977
+ REQUIRED_METHODS.each do |method_name|
978
+ raise LintError, "Stream must respond to #{method_name}" unless stream.respond_to?(method_name)
979
+ end
980
+ end
981
+ end
982
+
983
+ # :startdoc:
984
+ end
788
985
  end
789
986
  end
790
987
 
988
+ ##
791
989
  ## == Thanks
792
- ## Some parts of this specification are adopted from PEP333: Python
793
- ## Web Server Gateway Interface
794
- ## v1.0 (http://www.python.org/dev/peps/pep-0333/). I'd like to thank
795
- ## everyone involved in that effort.
990
+ ## Some parts of this specification are adopted from {PEP 333 – Python Web Server Gateway Interface v1.0}[https://peps.python.org/pep-0333/]
991
+ ## I'd like to thank everyone involved in that effort.