RubyGems - sidekiq - Versions diffs - 4.2.2 → 6.3.1 - Mend

sidekiq 4.2.2 → 6.3.1

Potentially problematic release.

This version of sidekiq might be problematic. Click here for more details.

Files changed (138) hide show

checksums.yaml +5 -5
data/Changes.md +516 -0
data/LICENSE +2 -2
data/README.md +23 -36
data/bin/sidekiq +26 -2
data/bin/sidekiqload +28 -38
data/bin/sidekiqmon +8 -0
data/lib/generators/sidekiq/templates/worker_spec.rb.erb +1 -1
data/lib/generators/sidekiq/templates/worker_test.rb.erb +2 -2
data/lib/generators/sidekiq/worker_generator.rb +21 -13
data/lib/sidekiq/api.rb +401 -243
data/lib/sidekiq/cli.rb +228 -212
data/lib/sidekiq/client.rb +76 -53
data/lib/sidekiq/delay.rb +41 -0
data/lib/sidekiq/exception_handler.rb +12 -16
data/lib/sidekiq/extensions/action_mailer.rb +13 -22
data/lib/sidekiq/extensions/active_record.rb +13 -10
data/lib/sidekiq/extensions/class_methods.rb +14 -11
data/lib/sidekiq/extensions/generic_proxy.rb +12 -4
data/lib/sidekiq/fetch.rb +39 -31
data/lib/sidekiq/job.rb +13 -0
data/lib/sidekiq/job_logger.rb +63 -0
data/lib/sidekiq/job_retry.rb +259 -0
data/lib/sidekiq/launcher.rb +170 -71
data/lib/sidekiq/logger.rb +166 -0
data/lib/sidekiq/manager.rb +17 -20
data/lib/sidekiq/middleware/chain.rb +20 -8
data/lib/sidekiq/middleware/current_attributes.rb +52 -0
data/lib/sidekiq/middleware/i18n.rb +5 -7
data/lib/sidekiq/monitor.rb +133 -0
data/lib/sidekiq/paginator.rb +18 -14
data/lib/sidekiq/processor.rb +169 -78
data/lib/sidekiq/rails.rb +41 -36
data/lib/sidekiq/redis_connection.rb +65 -20
data/lib/sidekiq/scheduled.rb +85 -34
data/lib/sidekiq/sd_notify.rb +149 -0
data/lib/sidekiq/systemd.rb +24 -0
data/lib/sidekiq/testing/inline.rb +2 -1
data/lib/sidekiq/testing.rb +52 -26
data/lib/sidekiq/util.rb +48 -15
data/lib/sidekiq/version.rb +2 -1
data/lib/sidekiq/web/action.rb +15 -17
data/lib/sidekiq/web/application.rb +114 -92
data/lib/sidekiq/web/csrf_protection.rb +180 -0
data/lib/sidekiq/web/helpers.rb +151 -83
data/lib/sidekiq/web/router.rb +27 -19
data/lib/sidekiq/web.rb +85 -76
data/lib/sidekiq/worker.rb +233 -43
data/lib/sidekiq.rb +88 -64
data/sidekiq.gemspec +24 -22
data/web/assets/images/apple-touch-icon.png +0 -0
data/web/assets/javascripts/application.js +86 -59
data/web/assets/javascripts/dashboard.js +81 -85
data/web/assets/stylesheets/application-dark.css +147 -0
data/web/assets/stylesheets/application-rtl.css +242 -0
data/web/assets/stylesheets/application.css +319 -141
data/web/assets/stylesheets/bootstrap-rtl.min.css +9 -0
data/web/assets/stylesheets/bootstrap.css +2 -2
data/web/locales/ar.yml +87 -0
data/web/locales/de.yml +14 -2
data/web/locales/en.yml +8 -1
data/web/locales/es.yml +22 -5
data/web/locales/fa.yml +80 -0
data/web/locales/fr.yml +10 -3
data/web/locales/he.yml +79 -0
data/web/locales/ja.yml +12 -4
data/web/locales/lt.yml +83 -0
data/web/locales/pl.yml +4 -4
data/web/locales/ru.yml +4 -0
data/web/locales/ur.yml +80 -0
data/web/locales/vi.yml +83 -0
data/web/views/_footer.erb +5 -2
data/web/views/_job_info.erb +4 -3
data/web/views/_nav.erb +4 -18
data/web/views/_paging.erb +1 -1
data/web/views/_poll_link.erb +2 -5
data/web/views/_summary.erb +7 -7
data/web/views/busy.erb +60 -22
data/web/views/dashboard.erb +23 -15
data/web/views/dead.erb +3 -3
data/web/views/layout.erb +14 -3
data/web/views/morgue.erb +19 -12
data/web/views/queue.erb +24 -14
data/web/views/queues.erb +14 -4
data/web/views/retries.erb +22 -13
data/web/views/retry.erb +4 -4
data/web/views/scheduled.erb +7 -4
metadata +44 -194
data/.github/contributing.md +0 -32
data/.github/issue_template.md +0 -4
data/.gitignore +0 -12
data/.travis.yml +0 -12
data/3.0-Upgrade.md +0 -70
data/4.0-Upgrade.md +0 -53
data/COMM-LICENSE +0 -95
data/Ent-Changes.md +0 -146
data/Gemfile +0 -29
data/Pro-2.0-Upgrade.md +0 -138
data/Pro-3.0-Upgrade.md +0 -44
data/Pro-Changes.md +0 -570
data/Rakefile +0 -9
data/bin/sidekiqctl +0 -99
data/code_of_conduct.md +0 -50
data/lib/sidekiq/core_ext.rb +0 -106
data/lib/sidekiq/logging.rb +0 -106
data/lib/sidekiq/middleware/server/active_record.rb +0 -13
data/lib/sidekiq/middleware/server/logging.rb +0 -40
data/lib/sidekiq/middleware/server/retry_jobs.rb +0 -205
data/test/config.yml +0 -9
data/test/env_based_config.yml +0 -11
data/test/fake_env.rb +0 -1
data/test/fixtures/en.yml +0 -2
data/test/helper.rb +0 -75
data/test/test_actors.rb +0 -138
data/test/test_api.rb +0 -528
data/test/test_cli.rb +0 -418
data/test/test_client.rb +0 -266
data/test/test_exception_handler.rb +0 -56
data/test/test_extensions.rb +0 -127
data/test/test_fetch.rb +0 -50
data/test/test_launcher.rb +0 -95
data/test/test_logging.rb +0 -35
data/test/test_manager.rb +0 -50
data/test/test_middleware.rb +0 -158
data/test/test_processor.rb +0 -201
data/test/test_rails.rb +0 -22
data/test/test_redis_connection.rb +0 -132
data/test/test_retry.rb +0 -326
data/test/test_retry_exhausted.rb +0 -149
data/test/test_scheduled.rb +0 -115
data/test/test_scheduling.rb +0 -50
data/test/test_sidekiq.rb +0 -107
data/test/test_testing.rb +0 -143
data/test/test_testing_fake.rb +0 -357
data/test/test_testing_inline.rb +0 -94
data/test/test_util.rb +0 -13
data/test/test_web.rb +0 -666
data/test/test_web_helpers.rb +0 -54

data/lib/sidekiq/web/action.rb CHANGED Viewed

@@ -2,9 +2,7 @@
 module Sidekiq
   class WebAction
-    RACK_SESSION = 'rack.session'.freeze
-    TEXT_HTML = { "Content-Type" => "text/html", "Cache-Control" => "no-cache" }.freeze
-    APPLICATION_JSON = { "Content-Type" => "application/json", "Cache-Control" => "no-cache" }.freeze
+    RACK_SESSION = "rack.session"
     attr_accessor :env, :block, :type
@@ -17,18 +15,18 @@ module Sidekiq
     end
     def halt(res)
-      throw :halt, res
+      throw :halt, [res, {"Content-Type" => "text/plain"}, [res.to_s]]
     end
     def redirect(location)
-      throw :halt, [302, { "Location" => "#{request.base_url}#{location}" }, []]
+      throw :halt, [302, {"Location" => "#{request.base_url}#{location}"}, []]
     end
     def params
-      indifferent_hash = Hash.new {|hash,key| hash[key.to_s] if Symbol === key }
+      indifferent_hash = Hash.new { |hash, key| hash[key.to_s] if Symbol === key }
       indifferent_hash.merge! request.params
-      route_params.each {|k,v| indifferent_hash[k.to_s] = v }
+      route_params.each { |k, v| indifferent_hash[k.to_s] = v }
       indifferent_hash
     end
@@ -41,15 +39,15 @@ module Sidekiq
       env[RACK_SESSION]
     end
-    def content_type(type)
-      @type = type
-    end
     def erb(content, options = {})
-      if content.kind_of? Symbol
+      if content.is_a? Symbol
         unless respond_to?(:"_erb_#{content}")
           src = ERB.new(File.read("#{Web.settings.views}/#{content}.erb")).src
-          WebAction.class_eval("def _erb_#{content}\n#{src}\n end")
+          WebAction.class_eval <<-RUBY, __FILE__, __LINE__ + 1
+            def _erb_#{content}
+              #{src}
+            end
+          RUBY
         end
       end
@@ -70,22 +68,22 @@ module Sidekiq
     end
     def json(payload)
-      [200, APPLICATION_JSON, [Sidekiq.dump_json(payload)]]
+      [200, {"Content-Type" => "application/json", "Cache-Control" => "private, no-store"}, [Sidekiq.dump_json(payload)]]
     end
     def initialize(env, block)
       @_erb = false
       @env = env
       @block = block
-      @@files ||= {}
+      @files ||= {}
     end
     private
     def _erb(file, locals)
-      locals.each {|k, v| define_singleton_method(k){ v } } if locals
+      locals&.each { |k, v| define_singleton_method(k) { v } unless singleton_methods.include? k }
-      if file.kind_of?(String)
+      if file.is_a?(String)
         ERB.new(file).result(binding)
       else
         send(:"_erb_#{file}")

data/lib/sidekiq/web/application.rb CHANGED Viewed

@@ -4,10 +4,22 @@ module Sidekiq
   class WebApplication
     extend WebRouter
-    CONTENT_LENGTH = "Content-Length".freeze
-    CONTENT_TYPE = "Content-Type".freeze
-    REDIS_KEYS = %w(redis_version uptime_in_days connected_clients used_memory_human used_memory_peak_human)
-    NOT_FOUND = [404, {"Content-Type" => "text/plain", "X-Cascade" => "pass" }.freeze, ["Not Found"]]
+    REDIS_KEYS = %w[redis_version uptime_in_days connected_clients used_memory_human used_memory_peak_human]
+    CSP_HEADER = [
+      "default-src 'self' https: http:",
+      "child-src 'self'",
+      "connect-src 'self' https: http: wss: ws:",
+      "font-src 'self' https: http:",
+      "frame-src 'self'",
+      "img-src 'self' https: http: data:",
+      "manifest-src 'self'",
+      "media-src 'self'",
+      "object-src 'none'",
+      "script-src 'self' https: http: 'unsafe-inline'",
+      "style-src 'self' https: http: 'unsafe-inline'",
+      "worker-src 'self'",
+      "base-uri 'self'"
+    ].join("; ").freeze
     def initialize(klass)
       @klass = klass
@@ -28,14 +40,17 @@ module Sidekiq
     def self.set(key, val)
       # nothing, backwards compatibility
     end
-    get "" do
-      redirect(root_path)
+    head "/" do
+      # HEAD / is the cheapest heartbeat possible,
+      # it hits Redis to ensure connectivity
+      Sidekiq.redis { |c| c.llen("queue:default") }
+      ""
     end
     get "/" do
-      @redis_info = redis_info.select{ |k, v| REDIS_KEYS.include? k }
-      stats_history = Sidekiq::Stats::History.new((params['days'] || 30).to_i)
+      @redis_info = redis_info.select { |k, v| REDIS_KEYS.include? k }
+      stats_history = Sidekiq::Stats::History.new((params["days"] || 30).to_i)
       @processed_history = stats_history.processed
       @failed_history = stats_history.failed
@@ -47,14 +62,14 @@ module Sidekiq
     end
     post "/busy" do
-      if params['identity']
-        p = Sidekiq::Process.new('identity' => params['identity'])
-        p.quiet! if params['quiet']
-        p.stop! if params['stop']
+      if params["identity"]
+        p = Sidekiq::Process.new("identity" => params["identity"])
+        p.quiet! if params["quiet"]
+        p.stop! if params["stop"]
       else
         processes.each do |pro|
-          pro.quiet! if params['quiet']
-          pro.stop! if params['stop']
+          pro.quiet! if params["quiet"]
+          pro.stop! if params["stop"]
         end
       end
@@ -67,42 +82,53 @@ module Sidekiq
       erb(:queues)
     end
+    QUEUE_NAME = /\A[a-z_:.\-0-9]+\z/i
     get "/queues/:name" do
       @name = route_params[:name]
-      halt(404) unless @name
+      halt(404) if !@name || @name !~ QUEUE_NAME
-      @count = (params['count'] || 25).to_i
+      @count = (params["count"] || 25).to_i
       @queue = Sidekiq::Queue.new(@name)
-      (@current_page, @total_size, @messages) = page("queue:#{@name}", params['page'], @count)
-      @messages = @messages.map { |msg| Sidekiq::Job.new(msg, @name) }
+      (@current_page, @total_size, @jobs) = page("queue:#{@name}", params["page"], @count, reverse: params["direction"] == "asc")
+      @jobs = @jobs.map { |msg| Sidekiq::JobRecord.new(msg, @name) }
       erb(:queue)
     end
     post "/queues/:name" do
-      Sidekiq::Queue.new(route_params[:name]).clear
+      queue = Sidekiq::Queue.new(route_params[:name])
+      if Sidekiq.pro? && params["pause"]
+        queue.pause!
+      elsif Sidekiq.pro? && params["unpause"]
+        queue.unpause!
+      else
+        queue.clear
+      end
       redirect "#{root_path}queues"
     end
     post "/queues/:name/delete" do
       name = route_params[:name]
-      Sidekiq::Job.new(params['key_val'], name).delete
+      Sidekiq::JobRecord.new(params["key_val"], name).delete
-      redirect_with_query("#{root_path}queues/#{name}")
+      redirect_with_query("#{root_path}queues/#{CGI.escape(name)}")
     end
-    get '/morgue' do
-      @count = (params['count'] || 25).to_i
-      (@current_page, @total_size, @dead) = page("dead", params['page'], @count, reverse: true)
+    get "/morgue" do
+      @count = (params["count"] || 25).to_i
+      (@current_page, @total_size, @dead) = page("dead", params["page"], @count, reverse: true)
       @dead = @dead.map { |msg, score| Sidekiq::SortedEntry.new(nil, score, msg) }
       erb(:morgue)
     end
     get "/morgue/:key" do
-      halt(404) unless key = route_params[:key]
+      key = route_params[:key]
+      halt(404) unless key
       @dead = Sidekiq::DeadSet.new.fetch(*parse_params(key)).first
@@ -113,10 +139,10 @@ module Sidekiq
       end
     end
-    post '/morgue' do
-      redirect(request.path) unless params['key']
+    post "/morgue" do
+      redirect(request.path) unless params["key"]
-      params['key'].each do |key|
+      params["key"].each do |key|
         job = Sidekiq::DeadSet.new.fetch(*parse_params(key)).first
         retry_or_delete_or_kill job, params if job
       end
@@ -137,7 +163,8 @@ module Sidekiq
     end
     post "/morgue/:key" do
-      halt(404) unless key = route_params[:key]
+      key = route_params[:key]
+      halt(404) unless key
       job = Sidekiq::DeadSet.new.fetch(*parse_params(key)).first
       retry_or_delete_or_kill job, params if job
@@ -145,9 +172,9 @@ module Sidekiq
       redirect_with_query("#{root_path}morgue")
     end
-    get '/retries' do
-      @count = (params['count'] || 25).to_i
-      (@current_page, @total_size, @retries) = page("retry", params['page'], @count)
+    get "/retries" do
+      @count = (params["count"] || 25).to_i
+      (@current_page, @total_size, @retries) = page("retry", params["page"], @count)
       @retries = @retries.map { |msg, score| Sidekiq::SortedEntry.new(nil, score, msg) }
       erb(:retries)
@@ -163,10 +190,10 @@ module Sidekiq
       end
     end
-    post '/retries' do
-      redirect(request.path) unless params['key']
+    post "/retries" do
+      redirect(request.path) unless params["key"]
-      params['key'].each do |key|
+      params["key"].each do |key|
         job = Sidekiq::RetrySet.new.fetch(*parse_params(key)).first
         retry_or_delete_or_kill job, params if job
       end
@@ -186,6 +213,12 @@ module Sidekiq
       redirect "#{root_path}retries"
     end
+    post "/retries/all/kill" do
+      Sidekiq::RetrySet.new.kill_all
+      redirect "#{root_path}retries"
+    end
     post "/retries/:key" do
       job = Sidekiq::RetrySet.new.fetch(*parse_params(route_params[:key])).first
@@ -194,9 +227,9 @@ module Sidekiq
       redirect_with_query("#{root_path}retries")
     end
-    get '/scheduled' do
-      @count = (params['count'] || 25).to_i
-      (@current_page, @total_size, @scheduled) = page("schedule", params['page'], @count)
+    get "/scheduled" do
+      @count = (params["count"] || 25).to_i
+      (@current_page, @total_size, @scheduled) = page("schedule", params["page"], @count)
       @scheduled = @scheduled.map { |msg, score| Sidekiq::SortedEntry.new(nil, score, msg) }
       erb(:scheduled)
@@ -212,10 +245,10 @@ module Sidekiq
       end
     end
-    post '/scheduled' do
-      redirect(request.path) unless params['key']
+    post "/scheduled" do
+      redirect(request.path) unless params["key"]
-      params['key'].each do |key|
+      params["key"].each do |key|
         job = Sidekiq::ScheduledSet.new.fetch(*parse_params(key)).first
         delete_or_add_queue job, params if job
       end
@@ -224,7 +257,8 @@ module Sidekiq
     end
     post "/scheduled/:key" do
-      halt(404) unless key = route_params[:key]
+      key = route_params[:key]
+      halt(404) unless key
       job = Sidekiq::ScheduledSet.new.fetch(*parse_params(key)).first
       delete_or_add_queue job, params if job
@@ -232,88 +266,76 @@ module Sidekiq
       redirect_with_query("#{root_path}scheduled")
     end
-    get '/dashboard/stats' do
+    get "/dashboard/stats" do
       redirect "#{root_path}stats"
     end
-    get '/stats' do
+    get "/stats" do
       sidekiq_stats = Sidekiq::Stats.new
-      redis_stats   = redis_info.select { |k, v| REDIS_KEYS.include? k }
+      redis_stats = redis_info.select { |k, v| REDIS_KEYS.include? k }
       json(
         sidekiq: {
-          processed:       sidekiq_stats.processed,
-          failed:          sidekiq_stats.failed,
-          busy:            sidekiq_stats.workers_size,
-          processes:       sidekiq_stats.processes_size,
-          enqueued:        sidekiq_stats.enqueued,
-          scheduled:       sidekiq_stats.scheduled_size,
-          retries:         sidekiq_stats.retry_size,
-          dead:            sidekiq_stats.dead_size,
+          processed: sidekiq_stats.processed,
+          failed: sidekiq_stats.failed,
+          busy: sidekiq_stats.workers_size,
+          processes: sidekiq_stats.processes_size,
+          enqueued: sidekiq_stats.enqueued,
+          scheduled: sidekiq_stats.scheduled_size,
+          retries: sidekiq_stats.retry_size,
+          dead: sidekiq_stats.dead_size,
           default_latency: sidekiq_stats.default_queue_latency
         },
-        redis: redis_stats
+        redis: redis_stats,
+        server_utc_time: server_utc_time
       )
     end
-    get '/stats/queues' do
+    get "/stats/queues" do
       json Sidekiq::Stats::Queues.new.lengths
     end
     def call(env)
       action = self.class.match(env)
-      return NOT_FOUND unless action
+      return [404, {"Content-Type" => "text/plain", "X-Cascade" => "pass"}, ["Not Found"]] unless action
-      resp = catch(:halt) do
-        app = @klass
+      app = @klass
+      resp = catch(:halt) do # rubocop:disable Standard/SemanticBlocks
         self.class.run_befores(app, action)
-        begin
-          resp = action.instance_exec env, &action.block
-        ensure
-          self.class.run_afters(app, action)
-        end
-        resp
+        action.instance_exec env, &action.block
+      ensure
+        self.class.run_afters(app, action)
       end
-      resp = case resp
+      case resp
       when Array
+        # redirects go here
         resp
-      when Fixnum
-        [resp, {}, []]
       else
-        type_header = case action.type
-        when :json
-          WebAction::APPLICATION_JSON
-        when String
-          { WebAction::CONTENT_TYPE => action.type, "Cache-Control" => "no-cache" }
-        else
-          WebAction::TEXT_HTML
-        end
-        [200, type_header, [resp]]
+        # rendered content goes here
+        headers = {
+          "Content-Type" => "text/html",
+          "Cache-Control" => "private, no-store",
+          "Content-Language" => action.locale,
+          "Content-Security-Policy" => CSP_HEADER
+        }
+        # we'll let Rack calculate Content-Length for us.
+        [200, headers, [resp]]
       end
-      resp[1] = resp[1].dup
-      resp[1][CONTENT_LENGTH] = resp[2].inject(0) { |l, p| l + p.bytesize }.to_s
-      resp
     end
-    def self.helpers(mod=nil, &block)
-      if block_given?
+    def self.helpers(mod = nil, &block)
+      if block
         WebAction.class_eval(&block)
       else
         WebAction.send(:include, mod)
       end
     end
-    def self.before(path=nil, &block)
+    def self.before(path = nil, &block)
       befores << [path && Regexp.new("\\A#{path.gsub("*", ".*")}\\z"), block]
     end
-    def self.after(path=nil, &block)
+    def self.after(path = nil, &block)
       afters << [path && Regexp.new("\\A#{path.gsub("*", ".*")}\\z"), block]
     end
@@ -326,8 +348,8 @@ module Sidekiq
     end
     def self.run_hooks(hooks, app, action)
-      hooks.select { |p,_| !p || p =~ action.env[WebRouter::PATH_INFO] }.
-            each {|_,b| action.instance_exec(action.env, app, &b) }
+      hooks.select { |p, _| !p || p =~ action.env[WebRouter::PATH_INFO] }
+        .each { |_, b| action.instance_exec(action.env, app, &b) }
     end
     def self.befores

data/lib/sidekiq/web/csrf_protection.rb ADDED Viewed

@@ -0,0 +1,180 @@
+# frozen_string_literal: true
+# this file originally based on authenticity_token.rb from the sinatra/rack-protection project
+#
+# The MIT License (MIT)
+#
+# Copyright (c) 2011-2017 Konstantin Haase
+# Copyright (c) 2015-2017 Zachary Scott
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# 'Software'), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+require "securerandom"
+require "base64"
+require "rack/request"
+module Sidekiq
+  class Web
+    class CsrfProtection
+      def initialize(app, options = nil)
+        @app = app
+      end
+      def call(env)
+        accept?(env) ? admit(env) : deny(env)
+      end
+      private
+      def admit(env)
+        # On each successful request, we create a fresh masked token
+        # which will be used in any forms rendered for this request.
+        s = session(env)
+        s[:csrf] ||= SecureRandom.base64(TOKEN_LENGTH)
+        env[:csrf_token] = mask_token(s[:csrf])
+        @app.call(env)
+      end
+      def safe?(env)
+        %w[GET HEAD OPTIONS TRACE].include? env["REQUEST_METHOD"]
+      end
+      def logger(env)
+        @logger ||= (env["rack.logger"] || ::Logger.new(env["rack.errors"]))
+      end
+      def deny(env)
+        logger(env).warn "attack prevented by #{self.class}"
+        [403, {"Content-Type" => "text/plain"}, ["Forbidden"]]
+      end
+      def session(env)
+        env["rack.session"] || fail(<<~EOM)
+          Sidekiq::Web needs a valid Rack session for CSRF protection. If this is a Rails app,
+          make sure you mount Sidekiq::Web *inside* your application routes:
+          Rails.application.routes.draw do
+            mount Sidekiq::Web => "/sidekiq"
+            ....
+          end
+          If this is a Rails app in API mode, you need to enable sessions.
+            https://guides.rubyonrails.org/api_app.html#using-session-middlewares
+          If this is a bare Rack app, use a session middleware before Sidekiq::Web:
+            # first, use IRB to create a shared secret key for sessions and commit it
+            require 'securerandom'; File.open(".session.key", "w") {|f| f.write(SecureRandom.hex(32)) }
+            # now use the secret with a session cookie middleware
+            use Rack::Session::Cookie, secret: File.read(".session.key"), same_site: true, max_age: 86400
+            run Sidekiq::Web
+        EOM
+      end
+      def accept?(env)
+        return true if safe?(env)
+        giventoken = ::Rack::Request.new(env).params["authenticity_token"]
+        valid_token?(env, giventoken)
+      end
+      TOKEN_LENGTH = 32
+      # Checks that the token given to us as a parameter matches
+      # the token stored in the session.
+      def valid_token?(env, giventoken)
+        return false if giventoken.nil? || giventoken.empty?
+        begin
+          token = decode_token(giventoken)
+        rescue ArgumentError # client input is invalid
+          return false
+        end
+        sess = session(env)
+        localtoken = sess[:csrf]
+        # Checks that Rack::Session::Cookie actualy contains the csrf toekn
+        return false if localtoken.nil?
+        # Rotate the session token after every use
+        sess[:csrf] = SecureRandom.base64(TOKEN_LENGTH)
+        # See if it's actually a masked token or not. We should be able
+        # to handle any unmasked tokens that we've issued without error.
+        if unmasked_token?(token)
+          compare_with_real_token token, localtoken
+        elsif masked_token?(token)
+          unmasked = unmask_token(token)
+          compare_with_real_token unmasked, localtoken
+        else
+          false # Token is malformed
+        end
+      end
+      # Creates a masked version of the authenticity token that varies
+      # on each request. The masking is used to mitigate SSL attacks
+      # like BREACH.
+      def mask_token(token)
+        token = decode_token(token)
+        one_time_pad = SecureRandom.random_bytes(token.length)
+        encrypted_token = xor_byte_strings(one_time_pad, token)
+        masked_token = one_time_pad + encrypted_token
+        Base64.strict_encode64(masked_token)
+      end
+      # Essentially the inverse of +mask_token+.
+      def unmask_token(masked_token)
+        # Split the token into the one-time pad and the encrypted
+        # value and decrypt it
+        token_length = masked_token.length / 2
+        one_time_pad = masked_token[0...token_length]
+        encrypted_token = masked_token[token_length..-1]
+        xor_byte_strings(one_time_pad, encrypted_token)
+      end
+      def unmasked_token?(token)
+        token.length == TOKEN_LENGTH
+      end
+      def masked_token?(token)
+        token.length == TOKEN_LENGTH * 2
+      end
+      def compare_with_real_token(token, local)
+        ::Rack::Utils.secure_compare(token.to_s, decode_token(local).to_s)
+      end
+      def decode_token(token)
+        Base64.strict_decode64(token)
+      end
+      def xor_byte_strings(s1, s2)
+        s1.bytes.zip(s2.bytes).map { |(c1, c2)| c1 ^ c2 }.pack("c*")
+      end
+    end
+  end
+end