rack 0.1.0 → 0.2.0

data/AUTHORS

@@ -1,3 +1,5 @@
 * Christian Neukirchen <chneukirchen@gmail.com>
 * Rails adapter: Christoffer Sawicki <christoffer.sawicki@gmail.com>
+* HTTP authentication: Tim Fletcher <twoggle@gmail.com>
+* Cookie sessions, Static handler: Luc Heinrich <luc@honk-honk.com>
 * Official Logo: Armin Ronacher

data/RDOX

@@ -1,4 +1,21 @@
 
+== Rack::Auth::Basic
+* should challenge correctly when no credentials are specified
+* should rechallenge if incorrect credentials are specified
+* should return application output if correct credentials are specified
+* should return 400 Bad Request if different auth scheme used
+
+== Rack::Auth::Digest::MD5
+* should challenge when no credentials are specified
+* should return application output if correct credentials given
+* should return application output if correct credentials given (hashed passwords)
+* should rechallenge if incorrect username given
+* should rechallenge if incorrect password given
+* should rechallenge with stale parameter if nonce is stale
+* should return 400 Bad Request if incorrect qop given
+* should return 400 Bad Request if incorrect uri given
+* should return 400 Bad Request if different auth scheme used
+
 == Rack::Adapter::Camping
 * works with GET
 * works with POST
@@ -82,6 +99,7 @@
 * should have CGI headers on POST
 * should support HTTP auth
 * should set status
+* should provide a .run
 
 == Rack::Recursive
 * should allow for subrequests
@@ -93,12 +111,17 @@
 * can figure out the correct host
 * can parse the query string
 * can parse POST data
+* can get value by key from params with #[]
+* can set value to key on params with #[]=
+* values_at answers values by keys in order given
+* referrer should be extracted correct
 * can cache, but invalidates the cache
 * can figure out if called via XHR
 * can parse cookies
 * provides setters
 * provides the original env
 * can restore the URL
+* can restore the full path
 * can parse multipart form data
 * can parse big multipart form data
 * can detect invalid multipart form data
@@ -112,10 +135,31 @@
 * has a useful constructor
 * has a constructor that can take a block
 * doesn't return invalid responses
+* knows if it's empty
+* should provide access to the HTTP status
+* should provide access to the HTTP headers
+
+== Rack::Session::Cookie
+* creates a new cookie
+* loads from a cookie
+* survives broken cookies
+* barks on too big cookies
 
 == Rack::ShowExceptions
 * catches exceptions
 
+== Rack::ShowStatus
+* should provide a default status message
+* should let the app provide additional information
+* should not replace existing messages
+* should pass on original headers
+* should replace existing messages if there is detail
+
+== Rack::Static
+* serves files
+* 404s if url root is known but it can't find the file
+* calls down the chain if url root is not known
+
 == Rack::URLMap
 * dispatches paths correctly
 * dispatches hosts correctly
@@ -140,5 +184,6 @@
 * should have CGI headers on POST
 * should support HTTP auth
 * should set status
+* should provide a .run
 
-102 specifications (428 requirements), 0 failures
+137 specifications (546 requirements), 0 failures

data/README

@@ -1,6 +1,6 @@
 = Rack, a modular Ruby webserver interface
 
-Rack provides minimal, modular and adaptable interface for developing
+Rack provides a minimal, modular and adaptable interface for developing
 web applications in Ruby.  By wrapping HTTP requests and responses in
 the simplest way possible, it unifies and distills the API for web
 servers, web frameworks, and software in between (the so-called
@@ -13,6 +13,7 @@ which all Rack applications should conform to.
 
 The included *handlers* connect all kinds of web servers to Rack:
 * Mongrel
+* Mongrel/Swiftcore (require it before Rack.)
 * WEBrick
 * FCGI
 * CGI
@@ -76,11 +77,11 @@ Try the lobster!
 
 Either with the embedded WEBrick starter:
 
-  ruby -Ilib lib/rack/lobster.rb
+    ruby -Ilib lib/rack/lobster.rb
 
 Or with rackup:
 
-  bin/rackup -Ilib example/lobster.ru 
+    bin/rackup -Ilib example/lobster.ru 
 
 By default, the lobster is found at http://localhost:9292.
 
@@ -99,6 +100,16 @@ at my site:
 
 * March 3rd, 2007: First public release 0.1.
 
+* May 16th, 2007: Second public release 0.2.
+  * HTTP Basic authentication.
+  * Cookie Sessions.
+  * Static file handler.
+  * Improved Rack::Request.
+  * Improved Rack::Response.
+  * Added Rack::ShowStatus, for better default error messages.
+  * Bug fixes in the Camping adapter.
+  * Removed Rails adapter, was too alpha.
+
 == Contact
 
 Please mail bugs, suggestions and patches to
@@ -111,9 +122,13 @@ You are also welcome to join the #rack channel on irc.freenode.net.
 
 == Thanks to
 
-* Michael Fellinger, for the helpful discussion.
+* Michael Fellinger, for the helpful discussion, bugfixes and a better
+  Rack::Request interface.
 * Christoffer Sawicki, for the Rails adapter.
+* Tim Fletcher, for the HTTP authentication code.
 * Armin Ronacher, for the logo and racktools.
+* Aredridel, for bug fixing.
+* Gary Wright, for proposing a better Rack::Response interface.
 * Alexander Kellett for testing the Gem and reviewing the announce.
 * Marcus Rückert, for help with configuring and debugging lighttpd.
 * The WSGI team for the well-done and documented work they've done and

data/Rakefile

@@ -12,13 +12,14 @@ task :predist => [:chmod, :changelog, :rdoc]
 
 desc "Make an archive as .tar.gz"
 task :dist => :fulltest do
-  system "export DARCS_REPO=#{File.expand_path "."}; " +
-         "darcs dist -d rack-#{get_darcs_tree_version}"
+  sh "export DARCS_REPO=#{File.expand_path "."}; " +
+     "darcs dist -d rack-#{get_darcs_tree_version}"
 end
 
 # Helper to retrieve the "revision number" of the darcs tree.
 def get_darcs_tree_version
   unless File.directory? "_darcs"
+    $: << "lib"
     require 'rack'
     return Rack.version
   end
@@ -58,13 +59,13 @@ end
 
 desc "Generate a ChangeLog"
 task :changelog do
-  system "darcs changes --repo=#{ENV["DARCS_REPO"] || "."} >ChangeLog"
+  sh "darcs changes --repo=#{ENV["DARCS_REPO"] || "."} >ChangeLog"
 end
 
 
 desc "Generate RDox"
 task "RDOX" do
-  system "specrb -Ilib:test -a --rdox >RDOX"
+  sh "specrb -Ilib:test -a --rdox >RDOX"
 end
 
 desc "Generate Rack Specification"
@@ -80,12 +81,12 @@ end
 
 desc "Run all the fast tests"
 task :test do
-  system "specrb -Ilib:test -w #{ENV['TEST'] || '-a'} #{ENV['TESTOPTS'] || '-t "^(?!Rack::Handler|Rack::Adapter)"'}"
+  sh "specrb -Ilib:test -w #{ENV['TEST'] || '-a'} #{ENV['TESTOPTS'] || '-t "^(?!Rack::Handler|Rack::Adapter)"'}"
 end
 
 desc "Run all the tests"
 task :fulltest do
-  system "specrb -Ilib:test -w #{ENV['TEST'] || '-a'} #{ENV['TESTOPTS']}"
+  sh "specrb -Ilib:test -w #{ENV['TEST'] || '-a'} #{ENV['TESTOPTS']}"
 end
 
 begin
@@ -155,8 +156,8 @@ end
 task :rdoc => ["SPEC", "RDOX"]
 
 task :pushsite => [:rdoc] do
-  system "rsync -avz doc/ chneukirchen@rack.rubyforge.org:/var/www/gforge-projects/rack/doc/"
-  system "rsync -avz site/ chneukirchen@rack.rubyforge.org:/var/www/gforge-projects/rack/"
+  sh "rsync -avz doc/ chneukirchen@rack.rubyforge.org:/var/www/gforge-projects/rack/doc/"
+  sh "rsync -avz site/ chneukirchen@rack.rubyforge.org:/var/www/gforge-projects/rack/"
 end
 
 begin

data/bin/rackup

@@ -72,6 +72,8 @@ opts = OptionParser.new("", 24, '  ') { |opts|
   opts.parse! ARGV
 }
 
+require 'pp'  if $DEBUG
+
 config = ARGV[0] || "config.ru"
 if !File.exist? config
   abort "configuration #{config} not found"

data/example/protectedlobster.rb

@@ -0,0 +1,14 @@
+require 'rack'
+require 'rack/lobster'
+
+lobster = Rack::Lobster.new
+
+protected_lobster = Rack::Auth::Basic.new(lobster) do |username, password|
+  'secret' == password
+end
+
+protected_lobster.realm = 'Lobster 2.0'
+
+pretty_protected_lobster = Rack::ShowStatus.new(Rack::ShowExceptions.new(protected_lobster))
+
+Rack::Handler::WEBrick.run pretty_protected_lobster, :Port => 9292

data/lib/rack.rb

@@ -22,6 +22,7 @@ module Rack
   end
 
   autoload :Builder, "rack/builder"
+  autoload :Cascade, "rack/cascade"
   autoload :CommonLogger, "rack/commonlogger"
   autoload :File, "rack/file"
   autoload :ForwardRequest, "rack/recursive"
@@ -29,6 +30,8 @@ module Rack
   autoload :Recursive, "rack/recursive"
   autoload :Reloader, "rack/reloader"
   autoload :ShowExceptions, "rack/showexceptions"
+  autoload :ShowStatus, "rack/showstatus"
+  autoload :Static, "rack/static"
   autoload :URLMap, "rack/urlmap"
   autoload :Utils, "rack/utils"
 
@@ -38,6 +41,22 @@ module Rack
   autoload :Request, "rack/request"
   autoload :Response, "rack/response"
 
+  module Auth
+    autoload :Basic, "rack/auth/basic"
+    autoload :AbstractRequest, "rack/auth/abstract/request"
+    autoload :AbstractHandler, "rack/auth/abstract/handler"
+    module Digest
+      autoload :MD5, "rack/auth/digest/md5"
+      autoload :Nonce, "rack/auth/digest/nonce"
+      autoload :Params, "rack/auth/digest/params"
+      autoload :Request, "rack/auth/digest/request"
+    end
+  end
+
+  module Session
+    autoload :Cookie, "rack/session/cookie"
+  end
+
   # *Adapters* connect Rack with third party web frameworks.
   #
   # Rack includes adapters for Camping and Rails.

data/lib/rack/adapter/camping.rb

@@ -9,6 +9,12 @@ module Rack
         env["PATH_INFO"] ||= ""
         env["SCRIPT_NAME"] ||= ""
         controller = @app.run(env['rack.input'], env)
+        h = controller.headers
+        h.each_pair do |k,v|
+          if v.kind_of? URI
+            h[k] = v.to_s
+          end
+        end
         [controller.status, controller.headers, controller.body]
       end
     end

data/lib/rack/auth/abstract/handler.rb

@@ -0,0 +1,28 @@
+module Rack
+  module Auth
+    # Rack::Auth::AbstractHandler implements common authentication functionality.
+    #
+    # +realm+ should be set for all handlers.
+
+    class AbstractHandler
+
+      attr_accessor :realm
+
+      def initialize(app, &authenticator)
+        @app, @authenticator = app, authenticator
+      end
+
+
+      private
+
+      def unauthorized(www_authenticate = challenge)
+        return [ 401, { 'WWW-Authenticate' => www_authenticate.to_s }, [] ]
+      end
+
+      def bad_request
+        [ 400, {}, [] ]
+      end
+
+    end
+  end
+end

data/lib/rack/auth/abstract/request.rb

@@ -0,0 +1,39 @@
+require 'base64'
+
+module Rack
+  module Auth
+    class AbstractRequest
+
+      def initialize(env)
+        @env = env
+      end
+
+      def provided?
+        !authorization_key.nil?
+      end
+
+      def parts
+        @parts ||= @env[authorization_key].split(' ', 2)
+      end
+
+      def scheme
+        @scheme ||= parts.first.downcase.to_sym
+      end
+
+      def params
+        @params ||= parts.last
+      end
+
+
+      private
+
+      AUTHORIZATION_KEYS = ['HTTP_AUTHORIZATION', 'X-HTTP_AUTHORIZATION', 'X_HTTP_AUTHORIZATION']
+
+      def authorization_key
+        @authorization_key ||= AUTHORIZATION_KEYS.detect { |key| @env.has_key?(key) }
+      end
+
+    end
+
+  end
+end

data/lib/rack/auth/basic.rb

@@ -0,0 +1,58 @@
+require 'rack/auth/abstract/handler'
+require 'rack/auth/abstract/request'
+
+module Rack
+  module Auth
+    # Rack::Auth::Basic implements HTTP Basic Authentication, as per RFC 2617.
+    #
+    # Initialize with the Rack application that you want protecting,
+    # and a block that checks if a username and password pair are valid.
+    #
+    # See also: <tt>example/protectedlobster.rb</tt>
+
+    class Basic < AbstractHandler
+
+      def call(env)
+        auth = Basic::Request.new(env)
+
+        return unauthorized unless auth.provided?
+
+        return bad_request unless auth.basic?
+
+        if valid?(auth)
+          env['REMOTE_USER'] = auth.username
+
+          return @app.call(env)
+        end
+
+        unauthorized
+      end
+
+
+      private
+
+      def challenge
+        'Basic realm="%s"' % realm
+      end
+
+      def valid?(auth)
+        @authenticator.call(*auth.credentials)
+      end
+
+      class Request < Auth::AbstractRequest
+        def basic?
+          :basic == scheme
+        end
+
+        def credentials
+          @credentials ||= Base64.decode64(params).split(/:/, 2)
+        end
+
+        def username
+          credentials.first
+        end
+      end
+
+    end
+  end
+end

data/lib/rack/auth/digest/md5.rb

@@ -0,0 +1,124 @@
+require 'rack/auth/abstract/handler'
+require 'rack/auth/digest/request'
+require 'rack/auth/digest/params'
+require 'rack/auth/digest/nonce'
+require 'digest/md5'
+
+module Rack
+  module Auth
+    module Digest
+      # Rack::Auth::Digest::MD5 implements the MD5 algorithm version of
+      # HTTP Digest Authentication, as per RFC 2617.
+      #
+      # Initialize with the [Rack] application that you want protecting,
+      # and a block that looks up a plaintext password for a given username.
+      #
+      # +opaque+ needs to be set to a constant base64/hexadecimal string.
+      #
+      class MD5 < AbstractHandler
+
+        attr_accessor :opaque
+
+        attr_writer :passwords_hashed
+
+        def initialize(app)
+          super
+          @passwords_hashed = nil
+        end
+
+        def passwords_hashed?
+          !!@passwords_hashed
+        end
+
+        def call(env)
+          auth = Request.new(env)
+
+          unless auth.provided?
+            return unauthorized
+          end
+
+          if !auth.digest? || !auth.correct_uri? || !valid_qop?(auth)
+            return bad_request
+          end
+
+          if valid?(auth)
+            if auth.nonce.stale?
+              return unauthorized(challenge(:stale => true))
+            else
+              env['REMOTE_USER'] = auth.username
+
+              return @app.call(env)
+            end
+          end
+
+          unauthorized
+        end
+
+
+        private
+
+        QOP = 'auth'.freeze
+
+        def params(hash = {})
+          Params.new do |params|
+            params['realm'] = realm
+            params['nonce'] = Nonce.new.to_s
+            params['opaque'] = H(opaque)
+            params['qop'] = QOP
+
+            hash.each { |k, v| params[k] = v }
+          end
+        end
+
+        def challenge(hash = {})
+          "Digest #{params(hash)}"
+        end
+
+        def valid?(auth)
+          valid_opaque?(auth) && valid_nonce?(auth) && valid_digest?(auth)
+        end
+
+        def valid_qop?(auth)
+          QOP == auth.qop
+        end
+
+        def valid_opaque?(auth)
+          H(opaque) == auth.opaque
+        end
+
+        def valid_nonce?(auth)
+          auth.nonce.valid?
+        end
+
+        def valid_digest?(auth)
+          digest(auth, @authenticator.call(auth.username)) == auth.response
+        end
+
+        def md5(data)
+          ::Digest::MD5.hexdigest(data)
+        end
+
+        alias :H :md5
+
+        def KD(secret, data)
+          H([secret, data] * ':')
+        end
+
+        def A1(auth, password)
+          [ auth.username, auth.realm, password ] * ':'
+        end
+
+        def A2(auth)
+          [ auth.method, auth.uri ] * ':'
+        end
+
+        def digest(auth, password)
+          password_hash = passwords_hashed? ? password : H(A1(auth, password))
+
+          KD(password_hash, [ auth.nonce, auth.nc, auth.cnonce, QOP, H(A2(auth)) ] * ':')
+        end
+
+      end
+    end
+  end
+end