RubyGems - sidekiq - Versions diffs - 6.0.7 → 6.5.0 - Mend

sidekiq 6.0.7 → 6.5.0

Potentially problematic release.

This version of sidekiq might be problematic. Click here for more details.

Files changed (107) hide show

checksums.yaml +4 -4
data/Changes.md +209 -2
data/LICENSE +3 -3
data/README.md +11 -10
data/bin/sidekiq +8 -3
data/bin/sidekiqload +70 -66
data/bin/sidekiqmon +1 -1
data/lib/generators/sidekiq/job_generator.rb +57 -0
data/lib/generators/sidekiq/templates/{worker.rb.erb → job.rb.erb} +2 -2
data/lib/generators/sidekiq/templates/{worker_spec.rb.erb → job_spec.rb.erb} +1 -1
data/lib/generators/sidekiq/templates/{worker_test.rb.erb → job_test.rb.erb} +1 -1
data/lib/sidekiq/api.rb +180 -123
data/lib/sidekiq/cli.rb +80 -45
data/lib/sidekiq/client.rb +52 -71
data/lib/sidekiq/{util.rb → component.rb} +11 -14
data/lib/sidekiq/delay.rb +2 -0
data/lib/sidekiq/extensions/action_mailer.rb +3 -2
data/lib/sidekiq/extensions/active_record.rb +4 -3
data/lib/sidekiq/extensions/class_methods.rb +5 -4
data/lib/sidekiq/extensions/generic_proxy.rb +4 -2
data/lib/sidekiq/fetch.rb +41 -30
data/lib/sidekiq/job.rb +13 -0
data/lib/sidekiq/job_logger.rb +16 -28
data/lib/sidekiq/job_retry.rb +36 -36
data/lib/sidekiq/job_util.rb +71 -0
data/lib/sidekiq/launcher.rb +123 -63
data/lib/sidekiq/logger.rb +11 -20
data/lib/sidekiq/manager.rb +35 -34
data/lib/sidekiq/middleware/chain.rb +28 -17
data/lib/sidekiq/middleware/current_attributes.rb +61 -0
data/lib/sidekiq/middleware/i18n.rb +6 -4
data/lib/sidekiq/middleware/modules.rb +19 -0
data/lib/sidekiq/monitor.rb +1 -1
data/lib/sidekiq/paginator.rb +8 -8
data/lib/sidekiq/processor.rb +41 -41
data/lib/sidekiq/rails.rb +38 -22
data/lib/sidekiq/redis_client_adapter.rb +154 -0
data/lib/sidekiq/redis_connection.rb +87 -53
data/lib/sidekiq/ring_buffer.rb +29 -0
data/lib/sidekiq/scheduled.rb +60 -24
data/lib/sidekiq/sd_notify.rb +1 -1
data/lib/sidekiq/testing/inline.rb +4 -4
data/lib/sidekiq/testing.rb +39 -40
data/lib/sidekiq/transaction_aware_client.rb +45 -0
data/lib/sidekiq/version.rb +1 -1
data/lib/sidekiq/web/action.rb +2 -2
data/lib/sidekiq/web/application.rb +21 -12
data/lib/sidekiq/web/csrf_protection.rb +180 -0
data/lib/sidekiq/web/helpers.rb +40 -34
data/lib/sidekiq/web/router.rb +5 -2
data/lib/sidekiq/web.rb +36 -72
data/lib/sidekiq/worker.rb +136 -16
data/lib/sidekiq.rb +107 -30
data/sidekiq.gemspec +11 -4
data/web/assets/images/apple-touch-icon.png +0 -0
data/web/assets/javascripts/application.js +113 -65
data/web/assets/javascripts/dashboard.js +51 -51
data/web/assets/stylesheets/application-dark.css +64 -43
data/web/assets/stylesheets/application-rtl.css +0 -4
data/web/assets/stylesheets/application.css +42 -239
data/web/locales/ar.yml +8 -2
data/web/locales/en.yml +4 -1
data/web/locales/es.yml +18 -2
data/web/locales/fr.yml +8 -1
data/web/locales/ja.yml +3 -0
data/web/locales/lt.yml +1 -1
data/web/locales/pl.yml +4 -4
data/web/locales/pt-br.yml +27 -9
data/web/locales/ru.yml +4 -0
data/web/views/_footer.erb +1 -1
data/web/views/_job_info.erb +1 -1
data/web/views/_poll_link.erb +2 -5
data/web/views/_summary.erb +7 -7
data/web/views/busy.erb +51 -20
data/web/views/dashboard.erb +22 -14
data/web/views/dead.erb +1 -1
data/web/views/layout.erb +2 -1
data/web/views/morgue.erb +6 -6
data/web/views/queue.erb +11 -11
data/web/views/queues.erb +4 -4
data/web/views/retries.erb +7 -7
data/web/views/retry.erb +1 -1
data/web/views/scheduled.erb +1 -1
metadata +29 -51
data/.circleci/config.yml +0 -60
data/.github/contributing.md +0 -32
data/.github/issue_template.md +0 -11
data/.gitignore +0 -13
data/.standard.yml +0 -20
data/3.0-Upgrade.md +0 -70
data/4.0-Upgrade.md +0 -53
data/5.0-Upgrade.md +0 -56
data/6.0-Upgrade.md +0 -72
data/COMM-LICENSE +0 -97
data/Ent-2.0-Upgrade.md +0 -37
data/Ent-Changes.md +0 -256
data/Gemfile +0 -24
data/Gemfile.lock +0 -208
data/Pro-2.0-Upgrade.md +0 -138
data/Pro-3.0-Upgrade.md +0 -44
data/Pro-4.0-Upgrade.md +0 -35
data/Pro-5.0-Upgrade.md +0 -25
data/Pro-Changes.md +0 -782
data/Rakefile +0 -10
data/code_of_conduct.md +0 -50
data/lib/generators/sidekiq/worker_generator.rb +0 -57
data/lib/sidekiq/exception_handler.rb +0 -27

data/lib/sidekiq/web/csrf_protection.rb ADDED Viewed

@@ -0,0 +1,180 @@
+# frozen_string_literal: true
+# this file originally based on authenticity_token.rb from the sinatra/rack-protection project
+#
+# The MIT License (MIT)
+#
+# Copyright (c) 2011-2017 Konstantin Haase
+# Copyright (c) 2015-2017 Zachary Scott
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# 'Software'), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+require "securerandom"
+require "base64"
+require "rack/request"
+module Sidekiq
+  class Web
+    class CsrfProtection
+      def initialize(app, options = nil)
+        @app = app
+      end
+      def call(env)
+        accept?(env) ? admit(env) : deny(env)
+      end
+      private
+      def admit(env)
+        # On each successful request, we create a fresh masked token
+        # which will be used in any forms rendered for this request.
+        s = session(env)
+        s[:csrf] ||= SecureRandom.base64(TOKEN_LENGTH)
+        env[:csrf_token] = mask_token(s[:csrf])
+        @app.call(env)
+      end
+      def safe?(env)
+        %w[GET HEAD OPTIONS TRACE].include? env["REQUEST_METHOD"]
+      end
+      def logger(env)
+        @logger ||= (env["rack.logger"] || ::Logger.new(env["rack.errors"]))
+      end
+      def deny(env)
+        logger(env).warn "attack prevented by #{self.class}"
+        [403, {"Content-Type" => "text/plain"}, ["Forbidden"]]
+      end
+      def session(env)
+        env["rack.session"] || fail(<<~EOM)
+          Sidekiq::Web needs a valid Rack session for CSRF protection. If this is a Rails app,
+          make sure you mount Sidekiq::Web *inside* your application routes:
+          Rails.application.routes.draw do
+            mount Sidekiq::Web => "/sidekiq"
+            ....
+          end
+          If this is a Rails app in API mode, you need to enable sessions.
+            https://guides.rubyonrails.org/api_app.html#using-session-middlewares
+          If this is a bare Rack app, use a session middleware before Sidekiq::Web:
+            # first, use IRB to create a shared secret key for sessions and commit it
+            require 'securerandom'; File.open(".session.key", "w") {|f| f.write(SecureRandom.hex(32)) }
+            # now use the secret with a session cookie middleware
+            use Rack::Session::Cookie, secret: File.read(".session.key"), same_site: true, max_age: 86400
+            run Sidekiq::Web
+        EOM
+      end
+      def accept?(env)
+        return true if safe?(env)
+        giventoken = ::Rack::Request.new(env).params["authenticity_token"]
+        valid_token?(env, giventoken)
+      end
+      TOKEN_LENGTH = 32
+      # Checks that the token given to us as a parameter matches
+      # the token stored in the session.
+      def valid_token?(env, giventoken)
+        return false if giventoken.nil? || giventoken.empty?
+        begin
+          token = decode_token(giventoken)
+        rescue ArgumentError # client input is invalid
+          return false
+        end
+        sess = session(env)
+        localtoken = sess[:csrf]
+        # Checks that Rack::Session::Cookie actualy contains the csrf toekn
+        return false if localtoken.nil?
+        # Rotate the session token after every use
+        sess[:csrf] = SecureRandom.base64(TOKEN_LENGTH)
+        # See if it's actually a masked token or not. We should be able
+        # to handle any unmasked tokens that we've issued without error.
+        if unmasked_token?(token)
+          compare_with_real_token token, localtoken
+        elsif masked_token?(token)
+          unmasked = unmask_token(token)
+          compare_with_real_token unmasked, localtoken
+        else
+          false # Token is malformed
+        end
+      end
+      # Creates a masked version of the authenticity token that varies
+      # on each request. The masking is used to mitigate SSL attacks
+      # like BREACH.
+      def mask_token(token)
+        token = decode_token(token)
+        one_time_pad = SecureRandom.random_bytes(token.length)
+        encrypted_token = xor_byte_strings(one_time_pad, token)
+        masked_token = one_time_pad + encrypted_token
+        Base64.urlsafe_encode64(masked_token)
+      end
+      # Essentially the inverse of +mask_token+.
+      def unmask_token(masked_token)
+        # Split the token into the one-time pad and the encrypted
+        # value and decrypt it
+        token_length = masked_token.length / 2
+        one_time_pad = masked_token[0...token_length]
+        encrypted_token = masked_token[token_length..-1]
+        xor_byte_strings(one_time_pad, encrypted_token)
+      end
+      def unmasked_token?(token)
+        token.length == TOKEN_LENGTH
+      end
+      def masked_token?(token)
+        token.length == TOKEN_LENGTH * 2
+      end
+      def compare_with_real_token(token, local)
+        ::Rack::Utils.secure_compare(token.to_s, decode_token(local).to_s)
+      end
+      def decode_token(token)
+        Base64.urlsafe_decode64(token)
+      end
+      def xor_byte_strings(s1, s2)
+        s1.bytes.zip(s2.bytes).map { |(c1, c2)| c1 ^ c2 }.pack("c*")
+      end
+    end
+  end
+end

data/lib/sidekiq/web/helpers.rb CHANGED Viewed

@@ -10,18 +10,25 @@ module Sidekiq
   module WebHelpers
     def strings(lang)
       @strings ||= {}
-      @strings[lang] ||= begin
-        # Allow sidekiq-web extensions to add locale paths
-        # so extensions can be localized
-        settings.locales.each_with_object({}) do |path, global|
-          find_locale_files(lang).each do |file|
-            strs = YAML.load(File.open(file))
-            global.merge!(strs[lang])
-          end
+      # Allow sidekiq-web extensions to add locale paths
+      # so extensions can be localized
+      @strings[lang] ||= settings.locales.each_with_object({}) do |path, global|
+        find_locale_files(lang).each do |file|
+          strs = YAML.load(File.open(file))
+          global.merge!(strs[lang])
         end
       end
     end
+    def singularize(str, count)
+      if count == 1 && str.respond_to?(:singularize) # rails
+        str.singularize
+      else
+        str
+      end
+    end
     def clear_caches
       @strings = nil
       @locale_files = nil
@@ -63,17 +70,6 @@ module Sidekiq
       @head_html.join if defined?(@head_html)
     end
-    def poll_path
-      if current_path != "" && params["poll"]
-        path = root_path + current_path
-        query_string = to_query_string(params.slice(*params.keys - %w[page poll]))
-        path += "?#{query_string}" unless query_string.empty?
-        path
-      else
-        ""
-      end
-    end
     def text_direction
       get_locale["TextDirection"] || "ltr"
     end
@@ -118,7 +114,7 @@ module Sidekiq
     # within is used by Sidekiq Pro
     def display_tags(job, within = nil)
       job.tags.map { |tag|
-        "<span class='jobtag label label-info'>#{::Rack::Utils.escape_html(tag)}</span>"
+        "<span class='label label-info jobtag'>#{::Rack::Utils.escape_html(tag)}</span>"
       }.join(" ")
     end
@@ -144,8 +140,8 @@ module Sidekiq
       params[:direction] == "asc" ? "&uarr;" : "&darr;"
     end
-    def workers
-      @workers ||= Sidekiq::Workers.new
+    def workset
+      @work ||= Sidekiq::WorkSet.new
     end
     def processes
@@ -158,8 +154,7 @@ module Sidekiq
     def redis_connection
       Sidekiq.redis do |conn|
-        c = conn.connection
-        "redis://#{c[:location]}/#{c[:db]}"
+        conn.connection[:id]
       end
     end
@@ -180,7 +175,7 @@ module Sidekiq
     end
     def current_status
-      workers.size == 0 ? "idle" : "active"
+      workset.size == 0 ? "idle" : "active"
     end
     def relative_time(time)
@@ -197,16 +192,13 @@ module Sidekiq
       [score.to_f, jid]
     end
-    SAFE_QPARAMS = %w[page poll direction]
+    SAFE_QPARAMS = %w[page direction]
     # Merge options with current params, filter safe params, and stringify to query string
     def qparams(options)
-      # stringify
-      options.keys.each do |key|
-        options[key.to_s] = options.delete(key)
-      end
+      stringified_options = options.transform_keys(&:to_s)
-      to_query_string(params.merge(options))
+      to_query_string(params.merge(stringified_options))
     end
     def to_query_string(params)
@@ -233,7 +225,7 @@ module Sidekiq
     end
     def csrf_tag
-      "<input type='hidden' name='authenticity_token' value='#{session[:csrf]}'/>"
+      "<input type='hidden' name='authenticity_token' value='#{env[:csrf_token]}'/>"
     end
     def to_display(arg)
@@ -250,7 +242,7 @@ module Sidekiq
       queue class args retry_count retried_at failed_at
       jid error_message error_class backtrace
       error_backtrace enqueued_at retry wrapped
-      created_at tags
+      created_at tags display_class
     ])
     def retry_extra_items(retry_job)
@@ -261,7 +253,21 @@ module Sidekiq
       end
     end
+    def format_memory(rss_kb)
+      return "0" if rss_kb.nil? || rss_kb == 0
+      if rss_kb < 100_000
+        "#{number_with_delimiter(rss_kb)} KB"
+      elsif rss_kb < 10_000_000
+        "#{number_with_delimiter((rss_kb / 1024.0).to_i)} MB"
+      else
+        "#{number_with_delimiter((rss_kb / (1024.0 * 1024.0)).round(1))} GB"
+      end
+    end
     def number_with_delimiter(number)
+      return "" if number.nil?
       begin
         Float(number)
       rescue ArgumentError, TypeError
@@ -295,7 +301,7 @@ module Sidekiq
     end
     def environment_title_prefix
-      environment = Sidekiq.options[:environment] || ENV["APP_ENV"] || ENV["RAILS_ENV"] || ENV["RACK_ENV"] || "development"
+      environment = Sidekiq[:environment] || ENV["APP_ENV"] || ENV["RAILS_ENV"] || ENV["RACK_ENV"] || "development"
       "[#{environment.upcase}] " unless environment == "production"
     end

data/lib/sidekiq/web/router.rb CHANGED Viewed

@@ -15,6 +15,10 @@ module Sidekiq
     REQUEST_METHOD = "REQUEST_METHOD"
     PATH_INFO = "PATH_INFO"
+    def head(path, &block)
+      route(HEAD, path, &block)
+    end
     def get(path, &block)
       route(GET, path, &block)
     end
@@ -39,7 +43,6 @@ module Sidekiq
       @routes ||= {GET => [], POST => [], PUT => [], PATCH => [], DELETE => [], HEAD => []}
       @routes[method] << WebRoute.new(method, path, block)
-      @routes[HEAD] << WebRoute.new(method, path, block) if method == GET
     end
     def match(env)
@@ -66,7 +69,7 @@ module Sidekiq
   class WebRoute
     attr_accessor :request_method, :pattern, :block, :name
-    NAMED_SEGMENTS_PATTERN = /\/([^\/]*):([^\.:$\/]+)/
+    NAMED_SEGMENTS_PATTERN = /\/([^\/]*):([^.:$\/]+)/
     def initialize(request_method, pattern, block)
       @request_method = request_method

data/lib/sidekiq/web.rb CHANGED Viewed

@@ -10,12 +10,11 @@ require "sidekiq/web/helpers"
 require "sidekiq/web/router"
 require "sidekiq/web/action"
 require "sidekiq/web/application"
+require "sidekiq/web/csrf_protection"
-require "rack/protection"
+require "rack/content_length"
 require "rack/builder"
-require "rack/file"
-require "rack/session/cookie"
+require "rack/static"
 module Sidekiq
   class Web
@@ -39,14 +38,6 @@ module Sidekiq
         self
       end
-      def middlewares
-        @middlewares ||= []
-      end
-      def use(*middleware_args, &block)
-        middlewares << [middleware_args, block]
-      end
       def default_tabs
         DEFAULT_TABS
       end
@@ -72,32 +63,45 @@ module Sidekiq
         opts.each { |key| set(key, false) }
       end
-      # Helper for the Sinatra syntax: Sidekiq::Web.set(:session_secret, Rails.application.secrets...)
+      def middlewares
+        @middlewares ||= []
+      end
+      def use(*args, &block)
+        middlewares << [args, block]
+      end
       def set(attribute, value)
         send(:"#{attribute}=", value)
       end
-      attr_accessor :app_url, :session_secret, :redis_pool, :sessions
+      def sessions=(val)
+        puts "WARNING: Sidekiq::Web.sessions= is no longer relevant and will be removed in Sidekiq 7.0. #{caller(1..1).first}"
+      end
+      def session_secret=(val)
+        puts "WARNING: Sidekiq::Web.session_secret= is no longer relevant and will be removed in Sidekiq 7.0. #{caller(1..1).first}"
+      end
+      attr_accessor :app_url, :redis_pool
       attr_writer :locales, :views
     end
     def self.inherited(child)
       child.app_url = app_url
-      child.session_secret = session_secret
       child.redis_pool = redis_pool
-      child.sessions = sessions
     end
     def settings
       self.class.settings
     end
-    def use(*middleware_args, &block)
-      middlewares << [middleware_args, block]
+    def middlewares
+      @middlewares ||= self.class.middlewares
     end
-    def middlewares
-      @middlewares ||= Web.middlewares.dup
+    def use(*args, &block)
+      middlewares << [args, block]
     end
     def call(env)
@@ -125,18 +129,8 @@ module Sidekiq
       send(:"#{attribute}=", value)
     end
-    # Default values
-    set :sessions, true
-    attr_writer :sessions
-    def sessions
-      unless instance_variable_defined?("@sessions")
-        @sessions = self.class.sessions
-        @sessions = @sessions.to_hash.dup if @sessions.respond_to?(:to_hash)
-      end
-      @sessions
+    def sessions=(val)
+      puts "Sidekiq::Web#sessions= is no longer relevant and will be removed in Sidekiq 7.0. #{caller[2..2].first}"
     end
     def self.register(extension)
@@ -145,50 +139,20 @@ module Sidekiq
     private
-    def using?(middleware)
-      middlewares.any? do |(m, _)|
-        m.is_a?(Array) && (m[0] == middleware || m[0].is_a?(middleware))
-      end
-    end
-    def build_sessions
-      middlewares = self.middlewares
-      unless using?(::Rack::Protection) || ENV["RACK_ENV"] == "test"
-        middlewares.unshift [[::Rack::Protection, {use: :authenticity_token}], nil]
-      end
-      s = sessions
-      return unless s
-      unless using? ::Rack::Session::Cookie
-        unless (secret = Web.session_secret)
-          require "securerandom"
-          secret = SecureRandom.hex(64)
-        end
-        options = {secret: secret}
-        options = options.merge(s.to_hash) if s.respond_to? :to_hash
-        middlewares.unshift [[::Rack::Session::Cookie, options], nil]
-      end
-    end
     def build
-      build_sessions
-      middlewares = self.middlewares
       klass = self.class
+      m = middlewares
-      ::Rack::Builder.new do
-        %w[stylesheets javascripts images].each do |asset_dir|
-          map "/#{asset_dir}" do
-            run ::Rack::File.new("#{ASSETS}/#{asset_dir}", {"Cache-Control" => "public, max-age=86400"})
-          end
-        end
-        middlewares.each { |middleware, block| use(*middleware, &block) }
+      rules = []
+      rules = [[:all, {"Cache-Control" => "public, max-age=86400"}]] unless ENV["SIDEKIQ_WEB_TESTING"]
+      ::Rack::Builder.new do
+        use Rack::Static, urls: ["/stylesheets", "/images", "/javascripts"],
+          root: ASSETS,
+          cascade: true,
+          header_rules: rules
+        m.each { |middleware, block| use(*middleware, &block) }
+        use Sidekiq::Web::CsrfProtection unless $TESTING
         run WebApplication.new(klass)
       end
     end