roda 3.55.0 → 3.56.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1b862c4eb1dcca9fbbf0ccacc130779fdecf610a5a064ef94c17384d073e29dd
-  data.tar.gz: 1e9a991190a6572283350bf1941fca8b83f8496bc519156d5ec3cc5d613d2407
+  metadata.gz: 25ca2a1c88af9f7305cdcdb21e3b5983f879386f07c296d7ea0e8f863fddfeac
+  data.tar.gz: 24d9dbfeaa438c859b2b3fcecd2170d55e9d4335b1b57ca06c140b900d4a8283
 SHA512:
-  metadata.gz: 55fdc91ab21dbb1cf6884ee6b0384ef15db41f830d704ec6c445435ec76e302cb166f18c6f032390193c6d43d6922c7762d03768fd5c22188c3c7f937dc21d4a
-  data.tar.gz: d1272f1fc0e2707d2daf590ea71a4970ae2b133f0b4ba669e60296d6900422d3746bff8722d44eb636df5aefab0bd6b51382b88de1265924c4243322646335e7
+  metadata.gz: 8c1b58f0a4ac491533eebb08e83c5801d095d94dbf4270d5834fb3511c82fd305244c0c02e23ba51dba1479e81b361faf556ad85698ea77ebd8a130f471b9527
+  data.tar.gz: b18e88e98b3c42a83f0e66891e48b03b9b641ecaf5963e5e5fd71d086c92176cefd5642464c790ed5edde30459c4a1d78b62864b1f14cd38f3bea1c9b6cefa30

data/CHANGELOG

@@ -1,3 +1,19 @@
+= 3.56.0 (2022-05-13)
+
+* Make status_303 plugin use 303 responses for HTTP/2 and higher versions (jeremyevans)
+
+* Add RodaRequest#http_version for determining the HTTP version in use (jeremyevans)
+
+* Do not set a body for 405 responses when using the verb methods in the not_allowed plugin (jeremyevans) (#267)
+
+* Support status_handler method :keep_headers option in status_handler plugin (jeremyevans) (#267)
+
+* Make not_allowed plugin have r.root return 405 responses for non-GET requests (jeremyevans) (#266)
+
+* In Rack 3, only require the parts of rack used by Roda, instead of requiring rack itself and relying on autoload (jeremyevans)
+ 
+* Add run_require_slash plugin, for skipping application dispatch for remaining paths that would violate Rack SPEC (jeremyevans)
+
 = 3.55.0 (2022-04-12)
 
 * Allow passing blocks to the view method in the render plugin (jeremyevans) (#262)

data/doc/release_notes/3.56.0.txt

@@ -0,0 +1,33 @@
+= New Features
+
+* RodaRequest#http_version has been added for determining the HTTP
+  version the request was submitted with.  This will be a string
+  such as "HTTP/1.0", "HTTP/1.1", "HTTP/2", etc. This will use the
+  SERVER_PROTOCOL and HTTP_VERSION entries from the environment to
+  determine which HTTP version is in use.
+
+* The status_handler method in the status_handler plugin now supports
+  a :keep_headers option.  The value for this option should be an
+  array of header names to keep.  All other headers are removed. The
+  default behavior without the option is still to remove all headers.
+
+* A run_require_slash plugin has been added, which will skip
+  dispatching to another rack application if the remaining path is not
+  empty and does not start with a slash.
+
+= Other Improvements
+
+* The status_303 plugin will use 303 as the default redirect status
+  for non-GET requests for HTTP/2 and higher HTTP versions. Previously,
+  it only used 303 for HTTP/1.1.
+
+* The not_allowed plugin now overrides the r.root method to return
+  405 responses to non-GET requests to the root.
+
+* The not_allowed plugin no longer sets the body when returning 405
+  responses using methods such as r.get and r.post. Previously, the
+  body was unintentionally set to the same value as the Allow header.
+
+* When using the Rack master branch (what will become Rack 3), Roda
+  only requires the parts of rack that it uses, instead of requiring
+  rack and relying on autoload to load the parts of rack in use.

data/lib/roda/plugins/chunked.rb

@@ -226,7 +226,7 @@ class Roda
         # an overview.  If a block is given, it is passed to #delay.
         def chunked(template, opts=OPTS, &block)
           unless defined?(@_chunked)
-            @_chunked = !self.opts[:force_chunked_encoding] || env['HTTP_VERSION'] == "HTTP/1.1" 
+            @_chunked = !self.opts[:force_chunked_encoding] || @_request.http_version == "HTTP/1.1" 
           end
 
           if block

data/lib/roda/plugins/common_logger.rb

@@ -53,7 +53,7 @@ class Roda
 
           env = @_request.env
 
-          opts[:common_logger_meth].call("#{env['HTTP_X_FORWARDED_FOR'] || env["REMOTE_ADDR"] || "-"} - #{env["REMOTE_USER"] || "-"} [#{Time.now.strftime("%d/%b/%Y:%H:%M:%S %z")}] \"#{env["REQUEST_METHOD"]} #{env["SCRIPT_NAME"]}#{env["PATH_INFO"]}#{"?#{env["QUERY_STRING"]}" if ((qs = env["QUERY_STRING"]) && !qs.empty?)} #{env["HTTP_VERSION"]}\" #{result[0]} #{((length = result[1]['Content-Length']) && (length unless length == '0')) || '-'} #{elapsed_time}\n")
+          opts[:common_logger_meth].call("#{env['HTTP_X_FORWARDED_FOR'] || env["REMOTE_ADDR"] || "-"} - #{env["REMOTE_USER"] || "-"} [#{Time.now.strftime("%d/%b/%Y:%H:%M:%S %z")}] \"#{env["REQUEST_METHOD"]} #{env["SCRIPT_NAME"]}#{env["PATH_INFO"]}#{"?#{env["QUERY_STRING"]}" if ((qs = env["QUERY_STRING"]) && !qs.empty?)} #{@_request.http_version}\" #{result[0]} #{((length = result[1]['Content-Length']) && (length unless length == '0')) || '-'} #{elapsed_time}\n")
         end
 
         # Create timer instance used for timing

data/lib/roda/plugins/cookies.rb

@@ -1,5 +1,7 @@
 # frozen-string-literal: true
 
+require 'rack/utils'
+
 #
 class Roda
   module RodaPlugins

data/lib/roda/plugins/json_parser.rb

@@ -4,12 +4,16 @@ require 'json'
 
 class Roda
   module RodaPlugins
-    # The json_parser plugin parses request bodies in json format
+    # The json_parser plugin parses request bodies in JSON format
     # if the request's content type specifies json. This is mostly
     # designed for use with JSON API sites.
     #
     # This only parses the request body as JSON if the Content-Type
     # header for the request includes "json".
+    #
+    # The parsed JSON body will be available in +r.POST+, just as a
+    # parsed HTML form body would be. It will also be available in
+    # +r.params+ (which merges +r.GET+ with +r.POST+).
     module JsonParser
       DEFAULT_ERROR_HANDLER = proc{|r| r.halt [400, {}, []]}
 
@@ -25,7 +29,7 @@ class Roda
       #                     object as the second argument, so the parser needs
       #                     to respond to +call(str, request)+.
       # :wrap :: Whether to wrap uploaded JSON data in a hash with a "_json"
-      #          key.  Without this, calls to r.params will fail if a non-Hash
+      #          key.  Without this, calls to +r.params+ will fail if a non-Hash
       #          (such as an array) is uploaded in JSON format.  A value of
       #          :always will wrap all values, and a value of :unless_hash will
       #          only wrap values that are not already hashes.

data/lib/roda/plugins/multi_public.rb

@@ -1,5 +1,13 @@
 # frozen-string-literal: true
 
+begin
+  require 'rack/files'
+rescue LoadError
+  # :nocov:
+  require 'rack/file'
+  # :nocov:
+end
+
 #
 class Roda
   module RodaPlugins

data/lib/roda/plugins/not_allowed.rb

@@ -17,6 +17,9 @@ class Roda
     # will return a 200 response for <tt>GET /</tt> and a 405
     # response for <tt>POST /</tt>.
     #
+    # This plugin changes the +r.root+ method to return a 405 status
+    # for non-GET requests to +/+.
+    #
     # This plugin also changes the +r.is+ method so that if you use
     # a verb method inside +r.is+, it returns a 405 status if none
     # of the verb methods match.  So this code:
@@ -100,6 +103,15 @@ class Roda
           end
         end
 
+        # Treat +r.root+ similar to <tt>r.get ''</tt>, using a 405
+        # response for non-GET requests.
+        def root
+          super
+          if @remaining_path == "/"  && !is_get?
+            always{method_not_allowed("GET")}
+          end
+        end
+
         # Setup methods for all verbs.  If inside an is block and not given
         # arguments, record the verb used.  If given an argument, add an is
         # check with the arguments.
@@ -129,6 +141,7 @@ class Roda
           res = response
           res.status = 405
           res['Allow'] = verbs
+          nil
         end
       end
     end

data/lib/roda/plugins/public.rb

@@ -2,6 +2,14 @@
 
 require 'uri'
 
+begin
+  require 'rack/files'
+rescue LoadError
+  # :nocov:
+  require 'rack/file'
+  # :nocov:
+end
+
 #
 class Roda
   module RodaPlugins

data/lib/roda/plugins/route_csrf.rb

@@ -4,6 +4,7 @@ require 'base64'
 require 'openssl'
 require 'securerandom'
 require 'uri'
+require 'rack/utils'
 
 class Roda
   module RodaPlugins

data/lib/roda/plugins/run_append_slash.rb

@@ -34,7 +34,7 @@ class Roda
         # path internally, or a redirect is issued when configured with
         # <tt>use_redirects: true</tt>.
         def run(*)
-          if remaining_path.empty?
+          if @remaining_path.empty?
             if scope.opts[:run_append_slash_redirect]
               redirect("#{path}/")
             else

data/lib/roda/plugins/run_require_slash.rb

@@ -0,0 +1,46 @@
+# frozen-string-literal: true
+
+#
+class Roda
+  module RodaPlugins
+    # The run_require_slash plugin makes +r.run+ a no-op if the remaining
+    # path is not empty and does not start with +/+. The Rack SPEC requires that
+    # +PATH_INFO+ start with a slash if not empty, so this plugin prevents
+    # dispatching to the application with an environment that would violate the
+    # Rack SPEC.
+    #
+    # You are unlikely to want to use this plugin unless are consuming partial
+    # segments of the request path, or using the match_affix plugin to change
+    # how routing is done:
+    #
+    #   plugin :match_affix, "", /(\/|\z)/
+    #   route do |r|
+    #     r.on "/a" do
+    #       r.on "b" do
+    #         r.run App
+    #       end
+    #     end
+    #   end
+    #
+    #   # with run_require_slash: 
+    #   # GET /a/b/e => App not dispatched to
+    #   # GET /a/b => App gets "" as PATH_INFO
+    #
+    #   # with run_require_slash: 
+    #   # GET /a/b/e => App gets "e" as PATH_INFO, violating rack SPEC
+    #   # GET /a/b => App gets "" as PATH_INFO
+    module RunRequireSlash
+      module RequestMethods
+        # Calls the given rack app only if the remaining patch is empty or
+        # starts with a slash.
+        def run(*)
+          if @remaining_path.empty? || @remaining_path.start_with?('/')
+            super
+          end
+        end
+      end
+    end
+
+    register_plugin(:run_require_slash, RunRequireSlash)
+  end
+end

data/lib/roda/plugins/sessions.rb

@@ -14,6 +14,7 @@ require 'base64'
 require 'json'
 require 'securerandom'
 require 'zlib'
+require 'rack/utils'
 
 class Roda
   module RodaPlugins

data/lib/roda/plugins/sinatra_helpers.rb

@@ -1,5 +1,15 @@
 # frozen-string-literal: true
 
+require 'rack/mime'
+begin
+  require 'rack/files'
+rescue LoadError
+  # :nocov:
+  require 'rack/file'
+  # :nocov:
+end
+
+
 #
 class Roda
   module RodaPlugins

data/lib/roda/plugins/static.rb

@@ -1,5 +1,7 @@
 # frozen-string-literal: true
 
+require 'rack/static'
+
 #
 class Roda
   module RodaPlugins

data/lib/roda/plugins/status_303.rb

@@ -17,10 +17,13 @@ class Roda
         private
 
         def default_redirect_status
-          if env['HTTP_VERSION'] == 'HTTP/1.1' && !is_get?
-            303
-          else
+          return super if is_get?
+
+          case http_version
+          when 'HTTP/1.0', 'HTTP/0.9', nil
             super
+          else
+            303
           end
         end
       end

data/lib/roda/plugins/status_handler.rb

@@ -15,24 +15,53 @@ class Roda
     #   status_handler(403) do
     #     "You are forbidden from seeing that!"
     #   end
+    #
     #   status_handler(404) do
     #     "Where did it go?"
     #   end
     #
+    #   status_handler(405, keep_headers: ['Accept']) do
+    #     "Use a different method!"
+    #   end
+    #
     # Before a block is called, any existing headers on the response will be
-    # cleared.  So if you want to be sure the headers are set even in your block,
-    # you need to reset them in the block.
+    # cleared, unless the +:keep_headers+ option is used.  If the +:keep_headers+
+    # option is used, the value should be an array, and only the headers listed
+    # in the array will be kept.
     module StatusHandler
+      CLEAR_HEADERS = :clear.to_proc
+      private_constant :CLEAR_HEADERS
+
       def self.configure(app)
         app.opts[:status_handler] ||= {}
       end
 
       module ClassMethods
         # Install the given block as a status handler for the given HTTP response code.
-        def status_handler(code, &block)
+        def status_handler(code, opts=OPTS, &block)
           # For backwards compatibility, pass request argument if block accepts argument
           arity = block.arity == 0 ? 0 : 1
-          opts[:status_handler][code] = [define_roda_method(:"_roda_status_handler_#{code}", arity, &block), arity]
+          handle_headers = case keep_headers = opts[:keep_headers]
+          when nil, false
+            CLEAR_HEADERS
+          when Array
+            # :nocov:
+            if Rack.release >= '2.3'
+              keep_headers = keep_headers.map(&:downcase)
+            end
+            # :nocov:
+            lambda{|headers| headers.delete_if{|k,_| !keep_headers.include?(k)}}
+          else
+            raise RodaError, "Invalid :keep_headers option"
+          end
+
+          meth = define_roda_method(:"_roda_status_handler__#{code}", arity, &block)
+          self.opts[:status_handler][code] = define_roda_method(:"_roda_status_handler_#{code}", 1) do |result|
+            res = @_response
+            res.status = result[0]
+            handle_headers.call(res.headers)
+            result.replace(_roda_handle_route{arity == 1 ? send(meth, @_request) : send(meth)})
+          end
         end
 
         # Freeze the hash of status handlers so that there can be no thread safety issues at runtime.
@@ -47,11 +76,8 @@ class Roda
 
         # If routing returns a response we have a handler for, call that handler.
         def _roda_after_20__status_handler(result)
-          if result && (meth, arity = opts[:status_handler][result[0]]; meth) && (v = result[2]).is_a?(Array) && v.empty?
-            res = @_response
-            res.headers.clear
-            res.status = result[0]
-            result.replace(_roda_handle_route{arity == 1 ? send(meth, @_request) : send(meth)})
+          if result && (meth = opts[:status_handler][result[0]]) && (v = result[2]).is_a?(Array) && v.empty?
+            send(meth, result)
           end
         end
       end

data/lib/roda/plugins/symbol_status.rb

@@ -1,5 +1,7 @@
 # frozen-string-literal: true
 
+require 'rack/utils'
+
 class Roda
   module RodaPlugins
     # The symbol_status plugin patches the +status=+ response method to

data/lib/roda/plugins/unescape_path.rb

@@ -1,5 +1,7 @@
 # frozen-string-literal: true
 
+require 'rack/utils'
+
 #
 class Roda
   module RodaPlugins

data/lib/roda/request.rb

@@ -1,6 +1,19 @@
 # frozen-string-literal: true
 
-require "rack"
+# :nocov:
+begin
+  require "rack/version"
+rescue LoadError
+  require "rack"
+else
+  if Rack.release >= '2.3'
+    require "rack/request"
+  else
+    require "rack"
+  end
+end
+# :nocov:
+
 require_relative "cache"
 
 class Roda
@@ -116,6 +129,27 @@ class Roda
           "#<#{self.class.inspect} #{@env["REQUEST_METHOD"]} #{path}>"
         end
 
+        # :nocov:
+        if Rack.release >= '2.3'
+          def http_version
+            # Prefer SERVER_PROTOCOL as it is required in Rack 3.
+            # Still fall back to HTTP_VERSION if SERVER_PROTOCOL
+            # is not set, in case the server in use is not Rack 3
+            # compliant.
+            @env['SERVER_PROTOCOL'] || @env['HTTP_VERSION']
+          end
+        else
+        # :nocov:
+          # What HTTP version the request was submitted with.
+          def http_version
+            # Prefer HTTP_VERSION as it is backwards compatible
+            # with previous Roda versions. Fallback to
+            # SERVER_PROTOCOL for servers that do not set
+            # HTTP_VERSION.
+            @env['HTTP_VERSION'] || @env['SERVER_PROTOCOL']
+          end
+        end
+
         # Does a terminal match on the current path, matching only if the arguments
         # have fully matched the path.  If it matches, the match block is
         # executed, and when the match block returns, the rack response is

data/lib/roda/response.rb

@@ -1,5 +1,10 @@
 # frozen-string-literal: true
 
+begin
+  require 'rack/headers'
+rescue LoadError
+end
+
 class Roda
   # Base class used for Roda responses.  The instance methods for this
   # class are added by Roda::RodaPlugins::Base::ResponseMethods, the class

data/lib/roda/version.rb

@@ -4,7 +4,7 @@ class Roda
   RodaMajorVersion = 3
 
   # The minor version of Roda, updated for new feature releases of Roda.
-  RodaMinorVersion = 55
+  RodaMinorVersion = 56
 
   # The patch version of Roda, updated only for bug fixes from the last
   # feature release.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: roda
 version: !ruby/object:Gem::Version
-  version: 3.55.0
+  version: 3.56.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-04-12 00:00:00.000000000 Z
+date: 2022-05-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -52,6 +52,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 5.7.0
+- !ruby/object:Gem::Dependency
+  name: minitest-hooks
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest-global_expectations
   requirement: !ruby/object:Gem::Requirement
@@ -213,6 +227,7 @@ extra_rdoc_files:
 - doc/release_notes/3.53.0.txt
 - doc/release_notes/3.54.0.txt
 - doc/release_notes/3.55.0.txt
+- doc/release_notes/3.56.0.txt
 - doc/release_notes/3.6.0.txt
 - doc/release_notes/3.7.0.txt
 - doc/release_notes/3.8.0.txt
@@ -275,6 +290,7 @@ files:
 - doc/release_notes/3.53.0.txt
 - doc/release_notes/3.54.0.txt
 - doc/release_notes/3.55.0.txt
+- doc/release_notes/3.56.0.txt
 - doc/release_notes/3.6.0.txt
 - doc/release_notes/3.7.0.txt
 - doc/release_notes/3.8.0.txt
@@ -374,6 +390,7 @@ files:
 - lib/roda/plugins/route_csrf.rb
 - lib/roda/plugins/run_append_slash.rb
 - lib/roda/plugins/run_handler.rb
+- lib/roda/plugins/run_require_slash.rb
 - lib/roda/plugins/sessions.rb
 - lib/roda/plugins/shared_vars.rb
 - lib/roda/plugins/sinatra_helpers.rb
@@ -396,13 +413,13 @@ files:
 - lib/roda/response.rb
 - lib/roda/session_middleware.rb
 - lib/roda/version.rb
-homepage: http://roda.jeremyevans.net
+homepage: https://roda.jeremyevans.net
 licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/jeremyevans/roda/issues
-  changelog_uri: http://roda.jeremyevans.net/rdoc/files/CHANGELOG.html
-  documentation_uri: http://roda.jeremyevans.net/documentation.html
+  changelog_uri: https://roda.jeremyevans.net/rdoc/files/CHANGELOG.html
+  documentation_uri: https://roda.jeremyevans.net/documentation.html
   mailing_list_uri: https://github.com/jeremyevans/roda/discussions
   source_code_uri: https://github.com/jeremyevans/roda
 post_install_message: