ramaze 0.0.7 → 0.0.8

data/lib/ramaze/trinity/request.rb

@@ -7,20 +7,10 @@ require 'digest/md5'
 
 module Ramaze
 
-  # This class is used for processing the information coming in from a request
-  # to the dispatcher, it takes the original request-object, processes it and
-  # is later available in the controller or as Thread.current[:request]
-  #
-  # Please note that the implementation is lacking performance and security
-  # in favor of simplicity. Hopefully I (or some CGI-guru) will come along
-  # and implement this properly, until then consider it unsafe, but functional.
-  #
-  # Most information you will need is in the #params, which is a compound of
-  # all the information available from POST, GET, DELETE and PUT.
+  # The purpose of this class is to act as a simple wrapper for Rack::Request
+  # and provide some convinient methods for our own use.
 
   class Request
-    attr_accessor :request, :post_query, :get_query, :puts_query, :get_query
-
     class << self
 
       # get the current request out of Thread.current[:request]
@@ -32,213 +22,47 @@ module Ramaze
       end
     end
 
-    # create a new instance of Request, takes the original request-object
-    # and runs #parse_queries to extract/process the information inside
+    # create a new instance of Request, takes the original Rack::Request
+    # instance
 
     def initialize request = {}
       @request = request
-      parse_queries
     end
 
-    # you can access the original @request via this method_missing,
-    # first it tries to match your method with any of the HTTP parameters
-    # then, in case that fails, it will relay to @request
-
-    def method_missing meth, *args, &block
-      if value = @request.params[meth.to_s.upcase] rescue false
-        value
-      else
-        @request.send(meth, *args, &block)
-      end
-    end
-
-    # containts all the parameters given, no matter wheter with
-    # POST, GET, PUT or DELETE
-    # answers with a hash that is generated from the respective
-    # _query instance-variables and cached subsequently in @params
-
-    def params
-      @params ||= [
-        @get_query, @post_query, @put_query, @delete_query
-      ].inject({}) do |sum, hash|
-        sum.merge(hash || {})
-      end
-    end
-
-    # this parses stuff like post-requests (very untested)
-    # and also ?foo=bar stuff (get-query)
-    # WEBrick uses body as a streaming-object, so we have to #read.
-    # Mongrel has a normal string as body, we just call to_s in case
-    # it's no POST
-
-    def parse_queries
-      case request_method
-      when 'GET'    : process_get
-      when 'POST'   : process_post
-      when 'PUT'    : process_put
-      when 'DELETE' : process_delete
-      end
-    end
-
-    # very naive implementation of POST-body parsing, this won't withstand
-    # any serious testing or multiple simultanous huge posts...
-    # However, it just extracts the information inside the @request.body
-    # and puts it into proper form
-    # you can access its contents via #post_query
-
-    def process_post
-      @post_query = {}
-
-      type, boundary = content_type.split(';')
-
-      if type.downcase == 'multipart/form-data' and not boundary.empty?
-        parse_multipart(body, boundary.split('=').last)
-      else
-        post_query = query_parse(body.respond_to?(:read) ? body.read : body)
-        post_query.each do |key, value|
-          @post_query[CGI.unescape(key)] = CGI.unescape(value)
-        end
-      end
-    end
-
-    # processing incoming GET, stuffing the results into @get_query,
-    # you can access the information via #get_query
-
-    def process_get
-      @get_query = {}
-
-      get_query = query_parse(query_string) rescue {}
-      get_query.each do |key, value|
-        @get_query[CGI.unescape(key)] = CGI.unescape(value)
-      end
-    end
-
-    # TODO
-    # - implement and test DELETE
-
-    def process_delete
-      @delete_query = {}
-      raise "Implement me"
-    end
-
-    # again, rather naive, it just gives you the control over what to do
-    # with the #body but will parse the parameters from the URL
-
-    def process_put
-      @pust_query = {}
-
-      put_query = query_parse(query_string) rescue {}
-      put_query.each do |key, value|
-        @put_query[CGI.unescape(key)] = CGI.unescape(value)
-      end
-    end
-
-    # process the parameters passed over the URL, they look like
-    #
-    # http://foo.bar/action?eins=one&zwei=two
-    #
-    # that would result in #params containing {'eins' => 'one', 'zwei' => 'two'}
-
-    def query_parse str
-      str = str.split('?').last.to_s rescue ''
-      hash = CGI.parse(str)
-      hash.each do |key, values|
-        key = CGI.unescape(key)
-        values = values.map{|v| CGI.unescape(v)}
-        hash[key] = values.size == 1 ? values.first : values
-      end
-      hash
-    end
-
-    # parse multipart-requests, just pass it something that responds to .read
-    # and a boundary for the parts.
-    # again a naive implementation without any guarantee against DoS.
-    #
-    # TODO:
-    #  - rewrite parsing of multipart
-    #  - chunk through the body and pipe into tempfile
-    #  - look at merb for example of correct parsing
-
-    def parse_multipart(body, boundary)
-      text = body.read
-      text.split("--" << boundary).each do |chunk|
-        header = chunk.split("\r\n\r\n").first
-        next if (!header or !body) || (header.strip.empty? or chunk.strip.empty?)
-        head = parse_multipart_head(header)
-        next if head.empty?
-        chunk = chunk[(header.size + 4)..-3]
-        hash = Digest::MD5.hexdigest([head['name'], chunk.size, head.hash].inspect)
-        filename = File.join(Dir.tmpdir, hash)
-        File.open(filename, "w+") do |file|
-          file.print(chunk)
-        end
-        @post_query[head['name']] = File.open(filename)
-      end
-      body.rewind
-    end
-
-    # parse the head of the one part of multipart
-    # you most likely won't have to use this on your own :)
-
-    def parse_multipart_head(string)
-      string.gsub("\r\n", ";").split(';').inject({}) do |sum, param|
-        key, value = param.strip.split('=')
-        sum[key] = value[1..-2] if key and value
-        sum
-      end
-    end
-
-    # like request.params[key]
+    # shortcut for request.params[key]
 
     def [](key)
       params[key]
     end
 
-    # like reuqest.params[key] = value
+    # shortcut for request.params[key] = value
 
     def []=(key, value)
       params[key] = value
     end
 
-    # request_method == 'GET'
-    def get?()    request_method == 'GET'    end
-    # request_method == 'POST'
-    def post?()   request_method == 'POST'   end
-    # request_method == 'PUT'
-    def put?()    request_method == 'PUT'    end
-    # request_method == 'DELETE'
-    def delete?() request_method == 'DELETE' end
+    # like Hash#values_at
 
-    # remote_addr == '127.0.0.1'
-
-    def local?
-      remote_addr == '127.0.0.1'
+    def values_at(*keys)
+      keys.map{|key| params[key] }
     end
 
-    # Is the request coming from a local network?
-
-    def local_net?(ip = remote_addr)
-      bip = ip.split('.').map{ |x| x.to_i }.pack('C4').unpack('N')[0]
-
-      # 127.0.0.1/32    => 2130706433
-      # 192.168.0.0/16  => 49320
-      # 172.16.0.0/12   => 2753
-      # 10.0.0.0/8      => 10
-
-      { 0 => 2130706433, 16 => 49320, 20 => 2753, 24 => 10}.each do |s,c|
-        return true if (bip >> s) == c
-      end
+    # the referer of the client or '/'
 
-      return false
+    def referer
+      @request.env['HTTP_REFERER'] || '/'
     end
 
-    # check the referer from which the browser came
-    # '/' if no referer given.
+    alias referrer referer
 
-    def referer
-      headers['HTTP_REFERER'] || '/'
+    # you can access the original @request via this method_missing,
+    # first it tries to match your method with any of the HTTP parameters
+    # then, in case that fails, it will relay to @request
+
+    def method_missing meth, *args, &block
+      @request.send(meth, *args, &block)
     rescue
-      params['HTTP_REFERER'] || '/'
+      @request.env[meth.to_s.upcase]
     end
   end
 end

data/lib/ramaze/trinity/response.rb

@@ -2,40 +2,11 @@
 # All files in this distribution are subject to the terms of the Ruby license.
 
 module Ramaze
-  # The Response given back to the adapter, this is the center of every request
-  # made.
+  # get the current response out of Thread.current[:response]
   #
-  # In case you do a custom response, just make sure you implement all three
-  # properties: #out, #code, #head
-  # where head has to #respond_to? #[]
-  #
-  # code is the status-code ( http://en.wikipedia.org/wiki/List_of_HTTP_status_codes )
-  # and out should be something very String-like
-
-  class ResponseStruct < Struct
-
-    # get the current response out of Thread.current[:response]
-    #
-    # You can call this from everywhere with Ramaze::Response.current
-
-    def current
-      Thread.current[:response]
-    end
+  # You can call this from everywhere with Ramaze::Response.current
 
-    # just #inspect for this class in the format of
-    #   <Response#324543 @code => 200, @head => {'Content-Type'=>'text/html', @out.size => 234>
-
-    def inspect
-      "<Response##{object_id} @code => #{code}, @head => #{head.inspect}, @out.size => #{out.size}>"
-    end
-    alias pretty_inspect inspect
-
-    # same as #head['Content-Type']
-
-    def content_type
-      head['Content-Type']
-    end
+  def self.Response
+    Thread.current[:response]
   end
-
-  Response = ResponseStruct.new(:out, :code, :head)
 end

data/lib/ramaze/trinity/session.rb

@@ -5,125 +5,203 @@ require 'digest/sha2'
 
 module Ramaze
 
-  # Session is the object that stores all the session-information of the user.
-  # It is heavily based on cookies storing the key to the information stored
-  # on the server.
+  # The SessionHash acts as the wrapper for a simple Hash
   #
-  # It uses caching as set in Global.cache and tries to set a cookie in case
-  # there is none set yet.
+  # Its purpose is to notify the underlying cache, in which the sessions
+  # are stored, about updates.
+
+  class SessionHash
+    def initialize
+      @hash = {}
+    end
+
+    # relays all the methods to the @hash and updates the session_cache in
+    # Session.current.sessions if anything changes.
+
+    def method_missing(*args, &block)
+      old = @hash.dup
+      result = @hash.send(*args, &block)
+      unless old == @hash
+        Session.current.sessions[Session.current.session_id] = self
+      end
+      result
+    end
+
+    def inspect
+      @hash.inspect
+    end
+  end
+
+  # The purpose of Session is to hold key/value pairs like a Hash for a series
+  # of # request/response cycles from the same client.
+  #
+  # The persistence is achieved by setting a cookie with the session_id to
+  # the client, which is then passed back and forth until the cookie is either
+  # deleted or expires.
 
   class Session
+
+    # The unique id for the current session which is also passed on to the cookie.
+
+    attr_accessor :session_id
+
+    # This variable holds the current SessionFlash
+
+    attr_accessor :flash
+
+    # the key used for the cookie
+
     SESSION_KEY = '_ramaze_session_id'
-    attr_accessor :session
+
+    trait :finalize => [:finalize_flash]
 
     class << self
 
-      # Get the current session out of Thread.current[:session]
-      #
-      # You can call this from everywhere with Ramaze::Session.current
+      # answers with Thread.current[:session] which holds the current session
+      # set by the Dispatcher#setup_environment.
 
       def current
         Thread.current[:session]
       end
     end
 
-    # pass the request-object and it will extract the session-id (which is
-    # stored in the cookie with the key of SESSION_KEY
+    # Initialize a new Session, requires the original Rack::Request instance
+    # given to us from Dispatcher#setup_environment.
+    #
+    # sets @session_id and @session_flash
+    #
+    # will set Thread.main[:session_cache] to an instance of
+    # Ramaze::Global.cache if no cache for the sessions is initialized yet
 
     def initialize request
-      @session_id = parse(request)[SESSION_KEY]
+      @session_id = (request.cookies[SESSION_KEY] || random_key)
+      @flash = Ramaze::SessionFlash.new
+
+      unless sessions
+        global_cache = Ramaze::Global.cache
+
+        if global_cache.respond_to?(:new)
+          cache = global_cache.new
+        else
+          cache = constant("::Ramaze::#{global_cache}")
+          cache = cache.new if cache.respond_to?(:new)
+        end
+
+        Thread.main[:session_cache] = cache
+      end
     end
 
-    # current session_id, will generate a new one based on #hash if no session
-    # is currently active
+    # relay all messages we don't understand to the currently active session
 
-    def session_id
-      @session_id ||= hash
+    def method_missing(*args, &block)
+      current.send(*args, &block)
     end
 
-    # the current contents of session
+    # answers with the currently active session, which is set unless it is
+    # existing already, the session itself is an instance of SessionHash
 
     def current
-      sessions[session_id] ||= {}
+      sessions[session_id] ||= SessionHash.new
     end
 
-    # all the sessions currently stored, in case there are none yet it will
-    # set the constant Ramaze::SessionCache and from then on start populating
-    # it with the sessions. SessionCache is an instance of Global.cache as
-    # well.
+    # shortcut to Thread.main[:session_cache]
 
     def sessions
-      Thread.main[:session_cache] ||= Global.cache.new
+      Thread.main[:session_cache]
     end
 
-    # this runs before #parse and will extract the information stored in the cookie
-    # of the client, in case there is none it will try to set one.
-    # Unfortunatly we have to go seperate paths here for mongrel and webrick,
-    # since they do not share the same API.
+    # generate a random (and hopefully unique) id for the current session.
     #
-    # ARGH, 3 different ways for webrick to hand us cookies!? (and counting)
-
-    def pre_parse request
-      if Global.adapter == :webrick
-        # input looks like this:
-        #   "Set-Cookie: _ramaze__session_id=fa8cc88dafcb0973b48d4d65ef57e7d3\r\n"
-        cookie = request.raw_header.grep(/Set-Cookie/).first rescue ''
-        cookie = request.post_query.delete('Set-Cookie') if cookie.to_s.empty? and request.post?
-        cookie = request.header['cookie'] unless cookie
-        cookie.to_s.gsub(/Set-Cookie: (.*?)\r\n/, '\1')
-      else
-        cookie = (request.http_cookie rescue request.http_set_cookie rescue '') || ''
+    # It consists of the current time, the current request, the current PID of
+    # ruby and object_id of this instance.
+    #
+    # All this is joined by some calls to Kernel#rand and returned as a
+    # Digest::SHA256::hexdigest
+
+    def random_key
+      h = [
+        Time.now.to_f.to_s.reverse, rand,
+        Thread.current[:request].hash, rand,
+        Process.pid, rand,
+        object_id, rand
+      ].join
+      Digest::SHA256.hexdigest(h)
+    end
+
+    # send each element of the trait[:finalize]
+    # this is at the moment used for flash_finalize.
+
+    def finalize
+      ancestral_trait[:finalize].each do |meth|
+        send meth
       end
     end
 
-    # parse the cookie and extract all the variables stored in there.
+    def inspect
+      current.inspect
+    end
 
-    def parse request
-      cookie = pre_parse(request)
+    private
 
-      return cookie if cookie.respond_to?(:to_hash)
+    # at the end of a request delete the current[:FLASH] and assign it to
+    # current[:FLASH_PREVIOUS]
+    #
+    # this is needed so flash can iterate over requests
+    # and always just keep the current and previous key/value pairs.
 
-      cookie.split('; ').inject({}) do |s,v|
-        key, value = v.split('=')
-        s.merge key.strip => value
-      end
-    rescue => ex
-      Informer.error ex
-      {SESSION_KEY => hash}
+    def finalize_flash
+      old = delete(:FLASH)
+      current[:FLASH_PREVIOUS] = old if old
+    end
+  end
+
+  # The purpose of this class is to act as a unifier of the previous
+  # and current flash.
+  #
+  # Flash means pairs of keys and values that are held only over one
+  # request/response cycle. So you can assign a key/value in the current
+  # session and retrieve it in the current and following request.
+  #
+  # Please see the FlashHelper for details on the usage as you won't need
+  # to touch this class at all.
+
+  class SessionFlash
+
+    # the current session[:FLASH_PREVIOUS]
+
+    def previous
+      session[:FLASH_PREVIOUS] || {}
     end
 
-    # tries to catch all methods and proxy them to the #current
-    # this makes it easier to do i.e. hash-manipulation directly
-    # on #session in the controller.
+    # the current session[:FLASH]
 
-    def method_missing meth, *args, &block
-      current.send(meth, *args, &block)
+    def current
+      session[:FLASH] ||= {}
     end
 
-    # show the contents of the session without key/value of the cookie
+    # combined key/value pairs of previous and current
+    # current keys overshadow the old ones.
 
-    def inspect
-      tmp = current.clone
-      tmp.delete SESSION_KEY
-      tmp.inspect
+    def combined
+      previous.merge(current)
     end
 
-    # show only the key/value of the cookie, useful for debugging.
+    def [](key)
+      combined[key]
+    end
 
-    def export
-      "#{SESSION_KEY}=#{session_id}"
+    def []=(key, value)
+      current[key] = value
     end
 
-    # generate an unique #hash for the current session
+    def inspect
+      combined.inspect
+    end
 
-    def hash
-      h = [
-        Time.now.to_f.to_s.reverse, rand,
-        Thread.current[:request].hash, rand,
-        Process.pid, rand,
-        object_id, rand
-      ].join
-      Digest::SHA512.hexdigest(h)
+    private
+
+    def session
+      Ramaze::Session.current
     end
   end
 end