serverside 0.4.1 → 0.4.3

data/README

@@ -38,32 +38,6 @@ To run the server without forking, use the 'serve' command:
 
   serverside serve .
 
-=== Serving ERb Templates
-
-ServerSide can render ERb[http://www.ruby-doc.org/stdlib/libdoc/erb/rdoc/] 
-templates in a fashion similar to PHP. You can store templates in .rhtml files, 
-and ServerSide takes care of all the rest. ServerSide is also smart enough to 
-allow you to use nice looking URL's with your templates, and automatically adds 
-the .rhtml extension if the file is there.
- 
-=== Serving Dynamic Content
-
-By default ServerSide serves static files, but you can change the behavior by
-creating custom {routing rules}[classes/ServerSide/Connection/Router.html].
-Here's a simple routing rule:
-
-route :path => '/hello/:name' do
-  send_response(200, 'text', "Hello #{@params[:name]}")
-end
-
-The ServerSide framework also lets you route requests based on any attribute of
-incoming requests, such as host name, path, URL parameters etc.
-
-To run your custom rules, you can either put them in a file called serverside.rb,
-or tell serverside to explicitly load a specific file:
-
-  serverside start ~/myapp/myapp.rb
-
 === Running a Cluster of Servers
 
 ServerSide makes it easy to control a cluster of servers. Just supply a range of

data/Rakefile

@@ -6,7 +6,7 @@ require 'fileutils'
 include FileUtils
 
 NAME = "serverside"
-VERS = "0.4.1"
+VERS = "0.4.3"
 CLEAN.include ['**/.*.sw?', 'pkg/*', '.config', 'doc/*', 'coverage/*']
 RDOC_OPTS = ['--quiet', '--title', "ServerSide: a Fast Ruby Web Framework",
   "--opname", "index.html",
@@ -64,6 +64,11 @@ task :install do
   sh %{sudo gem install pkg/#{NAME}-#{VERS}}
 end
 
+task :install_no_docs do
+  sh %{rake package}
+  sh %{sudo gem install pkg/#{NAME}-#{VERS} --no-rdoc --no-ri}
+end
+
 task :uninstall => [:clean] do
   sh %{sudo gem uninstall #{NAME}}
 end
@@ -76,15 +81,15 @@ end
 
 require 'spec/rake/spectask'
 
-desc "Run specs"
+desc "Run specs with coverage"
 Spec::Rake::SpecTask.new('spec') do |t|
   t.spec_files = FileList['spec/*_spec.rb']
+  t.rcov = true
 end
 
-desc "Run specs with coverage"
-Spec::Rake::SpecTask.new('spec_coverage') do |t|
+desc "Run specs without coverage"
+Spec::Rake::SpecTask.new('spec_no_rcov') do |t|
   t.spec_files = FileList['spec/*_spec.rb']
-  t.rcov = true
 end
 
 ##############################################################################

data/bin/serverside

@@ -64,13 +64,14 @@ elsif File.file?($path/'serverside.rb')
   app_code = IO.read($path/'serverside.rb')
 end
 
+ServerSide::HTTP::Static.static_root = File.expand_path($path)
+
 $server = ServerSide::HTTP::Server.new do
   if app_code
     module_eval(app_code)
   else
-    include ServerSide::HTTP::Static
-    def handle
-      serve_static($path/@uri)
+    def handle(req)
+      ServerSide::HTTP::Response.static(req.path)
     end
   end
 end

data/lib/serverside/core_ext.rb

@@ -67,6 +67,11 @@ class Symbol
   def /(o)
     File.join(self, o.to_s)
   end
+  
+  # Converts a symbol into an HTTP header name
+  def to_header_name
+    to_s.split('_').map {|p| p.capitalize}.join('-')
+  end
 end
 
 class Proc

data/lib/serverside/http/caching.rb

@@ -1,42 +1,45 @@
 module ServerSide::HTTP
   # HTTP Caching behavior
   module Caching
-    # Sets caching-related headers and validates If-Modified-Since and
-    # If-None-Match headers. If a match is found, a 304 response is sent.
-    # Otherwise, the supplied block is invoked.
+    # Sets caching-related headers (Cache-Control and Expires).
     def cache(opts)
-      not_modified = false
+      # check cache-control
+      remove_cache_control
+      if cache_control = opts[:cache_control]
+        add_header(CACHE_CONTROL, cache_control)
+      end
+      
+      # add an expires header
+      if expires = opts[:expires] || (opts[:ttl] && (Time.now + opts[:ttl]))
+        add_header(EXPIRES, expires.httpdate)
+      end
+    end
+    
+    # Validates the supplied request against specified validators (etag and
+    # last-modified stamp). If a match is found, the status is changed to
+    # 304 Not Modified. Otherwise, the supplied block is invoked.
+    def validate_cache(opts, &block)
+      valid_cache = false
       
       # check etag
       if etag = opts[:etag]
         etag = "\"#{etag}\""
         add_header(ETAG, etag) if etag
-        not_modified = etag_match(etag)
+        valid_cache = etag_match(etag)
       end
       
       # check last_modified
       if last_modified = opts[:last_modified]
-        add_header(LAST_MODIFIED, last_modified)
-        not_modified ||= modified_match(last_modified)
+        add_header(LAST_MODIFIED, last_modified.httpdate)
+        valid_cache ||= modified_match(last_modified)
       end
       
-      # check cache-control
-      remove_cache_control
-      if cache_control = opts[:cache_control]
-        add_header(CACHE_CONTROL, cache_control)
-      end
+      # set cache-related headers
+      cache(opts)
       
-      # add an expires header
-      if expires = opts[:expires]
-        add_header(EXPIRES, expires.httpdate)
-      elsif age = opts[:age]
-        add_header(EXPIRES, (Time.now + age).httpdate)
-      end
-      
-      # if not modified, send a 304 response. Otherwise we yield to the
+      # if not modified, we have a 304 response. Otherwise we yield to the
       # supplied block.
-      not_modified ? 
-        send_response(STATUS_NOT_MODIFIED, nil) : yield
+      valid_cache ? (@status = STATUS_NOT_MODIFIED) : yield(self)
     end
     
     COMMA = ','.freeze
@@ -44,10 +47,10 @@ module ServerSide::HTTP
     # Matches the supplied etag against any of the entities in the
     # If-None-Match header.
     def etag_match(etag)
-      matches = @request_headers[IF_NONE_MATCH]
+      return false unless @request
+      matches = @request.headers[IF_NONE_MATCH]
       if matches
         matches.split(COMMA).each do |e|
-          
           return true if e.strip == etag
         end
       end
@@ -57,13 +60,14 @@ module ServerSide::HTTP
     # Matches the supplied last modified date against the If-Modified-Since
     # header.
     def modified_match(last_modified)
-      if modified_since = @request_headers[IF_MODIFIED_SINCE]
+      return false unless @request
+      if modified_since = @request.headers[IF_MODIFIED_SINCE]
         last_modified.to_i == Time.parse(modified_since).to_i
       else
         false
       end
     rescue => e
-      raise MalformedRequestError, "Invalid value in If-Modified-Since header"
+      raise BadRequestError, "Invalid value in If-Modified-Since header"
     end
     
     # Sets the Cache-Control header.
@@ -71,8 +75,12 @@ module ServerSide::HTTP
       add_header(CACHE_CONTROL, directive)
     end
     
+    def set_no_cache
+      set_cache_control(NO_CACHE)
+    end
+    
     def remove_cache_control
-      @response_headers.reject! {|h| h =~ /^#{CACHE_CONTROL}/}
+      @headers.reject! {|h| h =~ /^#{CACHE_CONTROL}/}
     end
   end
 end

data/lib/serverside/http/const.rb

@@ -4,9 +4,13 @@ module ServerSide::HTTP
   VERSION_1_1 = '1.1'.freeze
   
   # maximum sizes
-  MAX_REQUEST_LINE_SIZE = 8192
-  MAX_HEADER_SIZE = 8192
+  # compare to http://mongrel.rubyforge.org/security.html
+  MAX_REQUEST_LINE_SIZE = 1024
+  MAX_HEADER_SIZE = 112 * 1024 # 112KB
+  MAX_HEADER_NAME_SIZE = 256
   MAX_HEADER_COUNT = 256 # should be enough methinks
+  MAX_PARAMETER_VALUE_SIZE = 10240 # 10KB
+  MAX_PARAMETER_NAME_SIZE = 64 # should be enough
   
   # request body and response body
   CONTENT_LENGTH = 'Content-Length'.freeze
@@ -27,6 +31,8 @@ module ServerSide::HTTP
   X_FORWARDED_FOR = 'X-Forwarded-For'.freeze
   DATE = 'Date'.freeze
   LOCATION = 'Location'.freeze
+  ACCEPT = 'Accept'.freeze
+  USER_AGENT = 'User-Agent'.freeze
   
   # caching
   IF_NONE_MATCH = 'If-None-Match'.freeze

data/lib/serverside/http/error.rb

@@ -13,12 +13,17 @@ end
 
 module ServerSide::HTTP
   # This error is raised when a malformed request is encountered.
-  class MalformedRequestError < RuntimeError
+  class BadRequestError < RuntimeError
     set_http_status STATUS_BAD_REQUEST
   end
   
-  # This error is raised when an invalid file is referenced.
-  class FileNotFoundError <  RuntimeError
+  # This error is raised when an invalid resource is referenced.
+  class NotFoundError <  RuntimeError
     set_http_status STATUS_NOT_FOUND
   end
+  
+  # This error is raised when access is not allowed.
+  class ForbiddenError < RuntimeError
+    set_http_status STATUS_FORBIDDEN
+  end
 end

data/lib/serverside/http/parsing.rb

@@ -7,28 +7,46 @@ module ServerSide::HTTP
     def parse_request_line(line)
       if line =~ REQUEST_LINE_RE
         @request_line = line
-        @method, @uri, @query, @http_version = $1.downcase.to_sym, $2, $3, $4
+        @method, @path, @query, @http_version = $1.downcase.to_sym, $2, $3, $4
         @params = @query ? parse_query_parameters(@query) : {}
+        
+        # HTTP 1.1 connections are persistent by default.
+        @persistent = @http_version == VERSION_1_1
       else
-        raise MalformedRequestError, "Invalid request format"
+        raise BadRequestError, "Invalid request format"
       end
     end
 
     HEADER_RE = /([^:]+):\s*(.*)/.freeze
     
+    HYPHEN = '-'.freeze
+    UNDERSCORE = '_'.freeze
+    
+    def header_to_sym(h)
+      h.downcase.gsub(HYPHEN, UNDERSCORE).to_sym
+    end
+    
     # Parses an HTTP header.
     def parse_header(line)
+      # check header count
+      if (@header_count += 1) > MAX_HEADER_COUNT
+        raise BadRequestError, "Too many headers"
+      end
+
       if line =~ HEADER_RE
-        k = $1.freeze
+        if $1.size > MAX_HEADER_NAME_SIZE
+          raise BadRequestError, "Invalid header size"
+        end
+        k = header_to_sym($1)
         v = $2.freeze
         case k
-        when CONTENT_LENGTH: @content_length = v.to_i
-        when CONNECTION: @persistent = v == KEEP_ALIVE
-        when COOKIE: parse_cookies(v)
+        when :content_length: @content_length = v.to_i
+        when :connection: @persistent = v == KEEP_ALIVE
+        when :cookie: parse_cookies(v)
         end
-        @request_headers[k] = v
+        @headers[k] = v
       else
-        raise MalformedRequestError, "Invalid header format"
+        raise BadRequestError, "Invalid header format"
       end
     end
     
@@ -40,9 +58,17 @@ module ServerSide::HTTP
     def parse_query_parameters(query)
       query.split(AMPERSAND).inject({}) do |m, i|
         if i =~ PARAMETER_RE
-          m[$1.to_sym] = $2.uri_unescape
+          k = $1
+          if k.size > MAX_PARAMETER_NAME_SIZE
+            raise BadRequestError, "Invalid parameter size"
+          end
+          v = $2
+          if v.size > MAX_PARAMETER_VALUE_SIZE
+            raise BadRequestError, "Invalid parameter size"
+          end
+          m[k.to_sym] = v.uri_unescape
         else
-          raise MalformedRequestError, "Invalid parameter format"
+          raise BadRequestError, "Invalid parameter format"
         end
         m
       end
@@ -55,9 +81,9 @@ module ServerSide::HTTP
     def parse_cookies(cookies)
       cookies.split(SEMICOLON).each do |c|
         if c.strip =~ COOKIE_RE
-          @request_cookies[$1.to_sym] = $2.uri_unescape
+          @cookies[$1.to_sym] = $2.uri_unescape
         else
-          raise MalformedRequestError, "Invalid cookie format"
+          raise BadRequestError, "Invalid cookie format"
         end
       end
     end
@@ -65,8 +91,9 @@ module ServerSide::HTTP
     BOUNDARY_FIX = '--'.freeze
     
     # Parses the request body.
-    def parse_request_body(body)
-      case @request_headers[CONTENT_TYPE]
+    def parse_body(body)
+      @body = body
+      case @headers[:content_type]
       when MULTIPART_FORM_DATA_RE:
         parse_multi_part(body, BOUNDARY_FIX + $1) # body.dup so we keep the original request body?
       when FORM_URL_ENCODED:
@@ -106,12 +133,12 @@ module ServerSide::HTTP
             file_type = v
           end
         else
-          raise MalformedRequestError, "Invalid header in part"
+          raise BadRequestError, "Invalid header in part"
         end
       end
       # check if we got the content name
       unless part_name
-        raise MalformedRequestError, "Invalid part content"
+        raise BadRequestError, "Invalid part content"
       end
       # part body
       part_body = part.chomp! # what's left of it
@@ -126,50 +153,5 @@ module ServerSide::HTTP
       @params ||= {}
       @params.merge!(parse_query_parameters(body))
     end
-    
-    # Returns the host specified in the Host header.
-    def host
-      parse_host_header unless @host_header_parsed
-      @host
-    end
-    
-    # Returns the port number if specified in the Host header.
-    def port
-      parse_host_header unless @host_header_parsed
-      @port
-    end
-    
-    HOST_PORT_RE = /^([^:]+):(.+)$/.freeze
-
-    # Parses the Host header.
-    def parse_host_header
-      h = @request_headers[HOST]
-      if h =~ HOST_PORT_RE
-        @host = $1
-        @port = $2.to_i
-      else
-        @host = h
-      end
-      @host_header_parsed = true
-    end
-    
-    # Returns the client name. The client name is either the value of the
-    # X-Forwarded-For header, or the result of get_peername.
-    def client_name
-      unless @client_name
-        @client_name = @request_headers[X_FORWARDED_FOR]
-        unless @client_name
-          if addr = get_peername
-            p, @client_name = Socket.unpack_sockaddr_in(addr)
-          end
-        end
-      end
-      @client_name
-    end
-    
-    # Returns the request content type.
-    def content_type
-      @content_type ||= @request_headers[CONTENT_TYPE]
-    end
   end
 end

data/lib/serverside/http/request.rb

@@ -0,0 +1,75 @@
+module ServerSide::HTTP
+  class Request
+    include ServerSide::HTTP::Parsing
+    
+    attr_reader :request_line, :method, :path, :query, :http_version, :params
+    attr_reader :content_length, :headers, :header_count, :persistent
+    attr_reader :cookies, :body
+
+    def initialize(conn)
+      @conn = conn
+      @headers = {}
+      @header_count = 0
+      @cookies = {}
+    end
+    
+    # Returns the host specified in the Host header.
+    def host
+      parse_host_header unless @host_header_parsed
+      @host
+    end
+    
+    # Returns the port number if specified in the Host header.
+    def port
+      parse_host_header unless @host_header_parsed
+      @port
+    end
+    
+    # Returns true if the request was received on port 443
+    def encrypted?
+      port == 443
+    end
+    
+    HOST_PORT_RE = /^([^:]+):(.+)$/.freeze
+
+    # Parses the Host header.
+    def parse_host_header
+      h = @headers[:host]
+      if h =~ HOST_PORT_RE
+        @host = $1
+        @port = $2.to_i
+      else
+        @host = h
+      end
+      @host_header_parsed = true
+    end
+
+    # Returns the client name. The client name is either the value of the
+    # X-Forwarded-For header, or the result of get_peername.
+    def client_name
+      unless @client_name
+        @client_name = @headers[:x_forwarded_for]
+        unless @client_name
+          if addr = @conn.get_peername
+            p, @client_name = Socket.unpack_sockaddr_in(addr)
+          end
+        end
+      end
+      @client_name
+    end
+
+    # Returns true if the accept header contains the supplied pattern.
+    def accept?(re)
+      re = Regexp.new(re) unless Regexp === re
+      (h = @headers[:accept]) && (h =~ re) && true
+    end
+    
+    def user_agent
+      @headers[:user_agent]
+    end
+    
+    def content_type
+      @headers[:content_type]
+    end
+  end
+end

data/lib/serverside/http/response.rb

@@ -1,91 +1,123 @@
 module ServerSide::HTTP
-  module Response
+  class Response
+    include Caching
+    include Static
+    
+    attr_accessor :status, :body, :request
+    attr_reader :headers, :stream_period, :stream_proc
+    
+    def initialize(opts = nil)
+      @status = STATUS_OK
+      @headers = []
+      @body = ''
+      if opts
+        opts.each do |k, v|
+          case k
+          when :status: @status = v
+          when :body: @body = v
+          when :close: @close = v
+          when :request: @request = v
+          when :static: serve_static(v)
+          else add_header(k, v)
+          end
+        end
+      end
+    end
+    
+    def disable_response
+      @disable_response = true
+    end
+    
+    def enable_response
+      @disable_response = false
+    end
+    
+    def persistent?
+      !@close && !@stream_proc && @body
+    end
+    
     # Adds a header to the response.
     def add_header(k, v)
-      @response_headers << "#{k}: #{v}\r\n"
+      k = k.to_header_name if (k.class == Symbol)
+      @headers << "#{k}: #{v}\r\n"
     end
     
-    # Sends a representation with a content type and a body.
-    def send_representation(status, content_type, body)
-      add_header(CONTENT_TYPE, content_type)
-      send_response(status, body)
+    ROOT_PATH = '/'.freeze
+    
+    # Adds a cookie to the response headers.
+    def set_cookie(name, value, opts = {})
+      path = opts[:path] || ROOT_PATH
+      expires = opts[:expires] || (opts[:ttl] && (Time.now + opts[:ttl])) || \
+        (Time.now + 86400) # if no expiry is specified we assume one day
+
+      v = "#{name}=#{value.to_s.uri_escape}; path=#{path}; expires=#{expires.httpdate}"
+      if domain = opts[:domain]
+        v << "; domain=#{domain}"
+      end
+      add_header(SET_COOKIE, v)
     end
     
-    # Sends a file representation. If the request method is HEAD, the response
-    # body is ommitted.
-    def send_file(status, content_type, fn)
-      add_header(CONTENT_TYPE, content_type)
-      if @method == :head
-        send_response(status, nil, File.size(fn))
+    # Adds an expired cookie to the response headers.
+    def delete_cookie(name, opts = {})
+      set_cookie(name, nil, opts.merge(:expires => COOKIE_EXPIRED_TIME))
+    end
+
+    EMPTY = ''.freeze
+    
+    def to_s
+      if @disable_response
+        EMPTY
       else
-        send_response(status, IO.read(fn))
+        if !streaming? && (content_length = @body && @body.size)
+          add_header(CONTENT_LENGTH, content_length)
+        end
+        "HTTP/1.1 #{@status}\r\nDate: #{Time.now.httpdate}\r\n#{@headers.join}\r\n#{@body}"
       end
     end
     
-    def send_template(status, content_type, template, binding)
-      body = ServerSide::Template.render(template, binding)
-      send_representation(status, content_type, body)
+    def stream(period, &block)
+      @stream_period = period
+      @stream_proc = block
+      self
     end
     
-    # Sends an error response. The HTTP status code is derived from the error
-    # class.
-    def send_error_response(e)
-      send_response(e.http_status, e.message)
+    def streaming?
+      @stream_proc
     end
     
-    # Sends an HTTP response.
-    def send_response(status, body = nil, content_length = nil)
-      # if the connection is to be closed, we add the Connection: close header.
-      # prepare date and other headers
-      add_header(DATE, Time.now.httpdate)
-      if (content_length ||= body && body.size)
-        add_header(CONTENT_LENGTH, content_length)
-      else
-        @persistent = false
-      end
-      unless @persistent
-        @response_headers << CONNECTION_CLOSE
-      end
-      @response_sent = true
-      send_data "HTTP/1.1 #{status}\r\n#{@response_headers.join}\r\n#{body}"
+    def self.blank
+      new(:body => nil)
     end
     
-    def redirect(location, permanent = false)
-      add_header(LOCATION, location)
-      send_response(permanent ? STATUS_MOVED_PERMANENTLY : STATUS_FOUND,'')
+    def self.redirect(location, status = STATUS_FOUND)
+      new(:status => status, :location => location)
     end
     
-    # Starts a stream
-    def start_stream(status, content_type = nil, body = nil)
-      @streaming = true
-      if content_type
-        add_header(CONTENT_TYPE, content_type)
-      end
-      send_response(status)
-      if body
-        send_data(body)
-      end
+    def self.static(path, options = {})
+      new(options.merge(:static => path))
     end
     
-    def stream(body)
-      send_data(body)
+    def self.error(e)
+      new(:status => e.http_status, :close => true,
+        :body => "#{e.message}\r\n#{e.backtrace.join("\r\n")}")
     end
     
-    ROOT_PATH = '/'.freeze
+    def self.streaming(opts = nil, &block)
+      new(opts).stream(1, &block)
+    end
     
-    # Adds a cookie to the response headers.
-    def set_cookie(name, value, expires, path = nil, domain = nil)
-      path ||= ROOT_PATH
-      v = "#{name}=#{value.to_s.uri_escape}; path=#{path}; expires=#{expires.rfc2822}"
-      if domain
-        v << "; domain=#{domain}"
-      end
-      add_header(SET_COOKIE, v)
+    def set_representation(body, content_type)
+      @body = body
+      add_header(CONTENT_TYPE, content_type)
     end
     
-    # Adds an expired cookie to the response headers.
-    def delete_cookie(name, path = nil, domain = nil)
-      set_cookie(name, nil, COOKIE_EXPIRED_TIME, path, domain)
+    def redirect(location, status = STATUS_FOUND)
+      @status = status
+      add_header(:location, location)
+    end
+    
+    def content_type=(v)
+      add_header(CONTENT_TYPE, v)
     end
   end
 end