ramaze 0.0.6

data/lib/ramaze/trinity.rb

@@ -0,0 +1,38 @@
+#          Copyright (c) 2006 Michael Fellinger m.fellinger@gmail.com
+# All files in this distribution are subject to the terms of the Ruby license.
+
+require 'ramaze/trinity/request'
+require 'ramaze/trinity/response'
+require 'ramaze/trinity/session'
+
+module Ramaze
+
+  # The module to be included into the Controller it basically just provides
+  # #request, #response and #session, each accessing Thread.current to
+  # retrieve the demanded object
+
+  module Trinity
+    private
+
+    # same as
+    #   Thread.current[:request]
+
+    def request
+      Thread.current[:request]
+    end
+
+    # same as
+    #   Thread.current[:response]
+
+    def response
+      Thread.current[:response]
+    end
+
+    # same as
+    #   Thread.current[:session]
+
+    def session
+      Thread.current[:session]
+    end
+  end
+end

data/lib/ramaze/trinity/request.rb

@@ -0,0 +1,244 @@
+#          Copyright (c) 2006 Michael Fellinger m.fellinger@gmail.com
+# All files in this distribution are subject to the terms of the Ruby license.
+
+require 'cgi'
+require 'tmpdir'
+require 'digest/md5'
+
+module Ramaze
+
+  # This class is used for processing the information coming in from a request
+  # to the dispatcher, it takes the original request-object, processes it and
+  # is later available in the controller or as Thread.current[:request]
+  #
+  # Please note that the implementation is lacking performance and security
+  # in favor of simplicity. Hopefully I (or some CGI-guru) will come along
+  # and implement this properly, until then consider it unsafe, but functional.
+  #
+  # Most information you will need is in the #params, which is a compound of
+  # all the information available from POST, GET, DELETE and PUT.
+
+  class Request
+    attr_accessor :request, :post_query, :get_query, :puts_query, :get_query
+
+    class << self
+
+      # get the current request out of Thread.current[:request]
+      #
+      # You can call this from everywhere with Ramaze::Request.current
+
+      def current
+        Thread.current[:request]
+      end
+    end
+
+    # create a new instance of Request, takes the original request-object
+    # and runs #parse_queries to extract/process the information inside
+
+    def initialize request = {}
+      @request = request
+      parse_queries
+    end
+
+    # you can access the original @request via this method_missing,
+    # first it tries to match your method with any of the HTTP parameters
+    # then, in case that fails, it will relay to @request
+
+    def method_missing meth, *args, &block
+      if value = @request.params[meth.to_s.upcase] rescue false
+        value
+      else
+        @request.send(meth, *args, &block)
+      end
+    end
+
+    # containts all the parameters given, no matter wheter with
+    # POST, GET, PUT or DELETE
+    # answers with a hash that is generated from the respective
+    # _query instance-variables and cached subsequently in @params
+
+    def params
+      @params ||= [
+        @get_query, @post_query, @put_query, @delete_query
+      ].inject({}) do |sum, hash|
+        sum.merge(hash || {})
+      end
+    end
+
+    # this parses stuff like post-requests (very untested)
+    # and also ?foo=bar stuff (get-query)
+    # WEBrick uses body as a streaming-object, so we have to #read.
+    # Mongrel has a normal string as body, we just call to_s in case
+    # it's no POST
+
+    def parse_queries
+      case request_method
+      when 'GET'    : process_get
+      when 'POST'   : process_post
+      when 'PUT'    : process_put
+      when 'DELETE' : process_delete
+      end
+    end
+
+    # very naive implementation of POST-body parsing, this won't withstand
+    # any serious testing or multiple simultanous huge posts...
+    # However, it just extracts the information inside the @request.body
+    # and puts it into proper form
+    # you can access its contents via #post_query
+
+    def process_post
+      @post_query = {}
+
+      type, boundary = content_type.split(';')
+
+      if type.downcase == 'multipart/form-data' and not boundary.empty?
+        parse_multipart(body, boundary.split('=').last)
+      else
+        post_query = query_parse(body.respond_to?(:read) ? body.read : body)
+        post_query.each do |key, value|
+          @post_query[CGI.unescape(key)] = CGI.unescape(value)
+        end
+      end
+    end
+
+    # processing incoming GET, stuffing the results into @get_query,
+    # you can access the information via #get_query
+
+    def process_get
+      @get_query = {}
+
+      get_query = query_parse(query_string) rescue {}
+      get_query.each do |key, value|
+        @get_query[CGI.unescape(key)] = CGI.unescape(value)
+      end
+    end
+
+    # TODO
+    # - implement and test DELETE
+
+    def process_delete
+      @delete_query = {}
+      raise "Implement me"
+    end
+
+    # again, rather naive, it just gives you the control over what to do
+    # with the #body but will parse the parameters from the URL
+
+    def process_put
+      @pust_query = {}
+
+      put_query = query_parse(query_string) rescue {}
+      put_query.each do |key, value|
+        @put_query[CGI.unescape(key)] = CGI.unescape(value)
+      end
+    end
+
+    # process the parameters passed over the URL, they look like
+    #
+    # http://foo.bar/action?eins=one&zwei=two
+    #
+    # that would result in #params containing {'eins' => 'one', 'zwei' => 'two'}
+
+    def query_parse str
+      str = str.split('?').last.to_s rescue ''
+      hash = CGI.parse(str)
+      hash.each do |key, values|
+        key = CGI.unescape(key)
+        values = values.map{|v| CGI.unescape(v)}
+        hash[key] = values.size == 1 ? values.first : values
+      end
+      hash
+    end
+
+    # parse multipart-requests, just pass it something that responds to .read
+    # and a boundary for the parts.
+    # again a naive implementation without any guarantee against DoS.
+    #
+    # TODO:
+    #  - rewrite parsing of multipart
+    #  - chunk through the body and pipe into tempfile
+    #  - look at merb for example of correct parsing
+
+    def parse_multipart(body, boundary)
+      text = body.read
+      text.split("--" << boundary).each do |chunk|
+        header = chunk.split("\r\n\r\n").first
+        next if (!header or !body) || (header.strip.empty? or chunk.strip.empty?)
+        head = parse_multipart_head(header)
+        next if head.empty?
+        chunk = chunk[(header.size + 4)..-3]
+        hash = Digest::MD5.hexdigest([head['name'], chunk.size, head.hash].inspect)
+        filename = File.join(Dir.tmpdir, hash)
+        File.open(filename, "w+") do |file|
+          file.print(chunk)
+        end
+        @post_query[head['name']] = File.open(filename)
+      end
+      body.rewind
+    end
+
+    # parse the head of the one part of multipart
+    # you most likely won't have to use this on your own :)
+
+    def parse_multipart_head(string)
+      string.gsub("\r\n", ";").split(';').inject({}) do |sum, param|
+        key, value = param.strip.split('=')
+        sum[key] = value[1..-2] if key and value
+        sum
+      end
+    end
+
+    # like request.params[key]
+
+    def [](key)
+      params[key]
+    end
+
+    # like reuqest.params[key] = value
+
+    def []=(key, value)
+      params[key] = value
+    end
+
+    # request_method == 'GET'
+    def get?()    request_method == 'GET'    end
+    # request_method == 'POST'
+    def post?()   request_method == 'POST'   end
+    # request_method == 'PUT'
+    def put?()    request_method == 'PUT'    end
+    # request_method == 'DELETE'
+    def delete?() request_method == 'DELETE' end
+
+    # remote_addr == '127.0.0.1'
+
+    def local?
+      remote_addr == '127.0.0.1'
+    end
+
+    # Is the request coming from a local network?
+
+    def local_net?(ip = remote_addr)
+      bip = ip.split('.').map{ |x| x.to_i }.pack('C4').unpack('N')[0]
+
+      # 127.0.0.1/32    => 2130706433
+      # 192.168.0.0/16  => 49320
+      # 172.16.0.0/12   => 2753
+      # 10.0.0.0/8      => 10
+
+      { 0 => 2130706433, 16 => 49320, 20 => 2753, 24 => 10}.each do |s,c|
+        return true if (bip >> s) == c
+      end
+
+      return false
+    end
+
+    # check the referer from which the browser came
+    # '/' if no referer given.
+
+    def referer
+      headers['HTTP_REFERER'] || '/'
+    rescue
+      params['HTTP_REFERER'] || '/'
+    end
+  end
+end

data/lib/ramaze/trinity/response.rb

@@ -0,0 +1,41 @@
+#          Copyright (c) 2006 Michael Fellinger m.fellinger@gmail.com
+# All files in this distribution are subject to the terms of the Ruby license.
+
+module Ramaze
+  # The Response given back to the adapter, this is the center of every request
+  # made.
+  #
+  # In case you do a custom response, just make sure you implement all three
+  # properties: #out, #code, #head
+  # where head has to #respond_to? #[]
+  #
+  # code is the status-code ( http://en.wikipedia.org/wiki/List_of_HTTP_status_codes )
+  # and out should be something very String-like
+
+  class ResponseStruct < Struct
+
+    # get the current response out of Thread.current[:response]
+    #
+    # You can call this from everywhere with Ramaze::Response.current
+
+    def current
+      Thread.current[:response]
+    end
+
+    # just #inspect for this class in the format of
+    #   <Response#324543 @code => 200, @head => {'Content-Type'=>'text/html', @out.size => 234>
+
+    def inspect
+      "<Response##{object_id} @code => #{code}, @head => #{head.inspect}, @out.size => #{out.size}>"
+    end
+    alias pretty_inspect inspect
+
+    # same as #head['Content-Type']
+
+    def content_type
+      head['Content-Type']
+    end
+  end
+
+  Response = ResponseStruct.new(:out, :code, :head)
+end

data/lib/ramaze/trinity/session.rb

@@ -0,0 +1,129 @@
+#          Copyright (c) 2006 Michael Fellinger m.fellinger@gmail.com
+# All files in this distribution are subject to the terms of the Ruby license.
+
+require 'digest/sha2'
+
+module Ramaze
+
+  # Session is the object that stores all the session-information of the user.
+  # It is heavily based on cookies storing the key to the information stored
+  # on the server.
+  #
+  # It uses caching as set in Global.cache and tries to set a cookie in case
+  # there is none set yet.
+
+  class Session
+    SESSION_KEY = '_ramaze_session_id'
+    attr_accessor :session
+
+    class << self
+
+      # Get the current session out of Thread.current[:session]
+      #
+      # You can call this from everywhere with Ramaze::Session.current
+
+      def current
+        Thread.current[:session]
+      end
+    end
+
+    # pass the request-object and it will extract the session-id (which is
+    # stored in the cookie with the key of SESSION_KEY
+
+    def initialize request
+      @session_id = parse(request)[SESSION_KEY]
+    end
+
+    # current session_id, will generate a new one based on #hash if no session
+    # is currently active
+
+    def session_id
+      @session_id ||= hash
+    end
+
+    # the current contents of session
+
+    def current
+      sessions[session_id] ||= {}
+    end
+
+    # all the sessions currently stored, in case there are none yet it will
+    # set the constant Ramaze::SessionCache and from then on start populating
+    # it with the sessions. SessionCache is an instance of Global.cache as
+    # well.
+
+    def sessions
+      Thread.main[:session_cache] ||= Global.cache.new
+    end
+
+    # this runs before #parse and will extract the information stored in the cookie
+    # of the client, in case there is none it will try to set one.
+    # Unfortunatly we have to go seperate paths here for mongrel and webrick,
+    # since they do not share the same API.
+    #
+    # ARGH, 3 different ways for webrick to hand us cookies!? (and counting)
+
+    def pre_parse request
+      if Global.adapter == :webrick
+        # input looks like this:
+        #   "Set-Cookie: _ramaze__session_id=fa8cc88dafcb0973b48d4d65ef57e7d3\r\n"
+        cookie = request.raw_header.grep(/Set-Cookie/).first rescue ''
+        cookie = request.post_query.delete('Set-Cookie') if cookie.to_s.empty? and request.post?
+        cookie = request.header['cookie'] unless cookie
+        cookie.to_s.gsub(/Set-Cookie: (.*?)\r\n/, '\1')
+      else
+        cookie = (request.http_cookie rescue request.http_set_cookie rescue '') || ''
+      end
+    end
+
+    # parse the cookie and extract all the variables stored in there.
+
+    def parse request
+      cookie = pre_parse(request)
+
+      return cookie if cookie.respond_to?(:to_hash)
+
+      cookie.split('; ').inject({}) do |s,v|
+        key, value = v.split('=')
+        s.merge key.strip => value
+      end
+    rescue => ex
+      Informer.error ex
+      {SESSION_KEY => hash}
+    end
+
+    # tries to catch all methods and proxy them to the #current
+    # this makes it easier to do i.e. hash-manipulation directly
+    # on #session in the controller.
+
+    def method_missing meth, *args, &block
+      current.send(meth, *args, &block)
+    end
+
+    # show the contents of the session without key/value of the cookie
+
+    def inspect
+      tmp = current.clone
+      tmp.delete SESSION_KEY
+      tmp.inspect
+    end
+
+    # show only the key/value of the cookie, useful for debugging.
+
+    def export
+      "#{SESSION_KEY}=#{session_id}"
+    end
+
+    # generate an unique #hash for the current session
+
+    def hash
+      h = [
+        Time.now.to_f.to_s.reverse, rand,
+        Thread.current[:request].hash, rand,
+        Process.pid, rand,
+        object_id, rand
+      ].join
+      Digest::SHA512.hexdigest(h)
+    end
+  end
+end