sprockets 2.12.5 → 3.7.2

data/lib/sprockets/sass_processor.rb

@@ -0,0 +1,292 @@
+require 'rack/utils'
+require 'sprockets/autoload'
+require 'uri'
+
+module Sprockets
+  # Processor engine class for the SASS/SCSS compiler. Depends on the `sass` gem.
+  #
+  # For more infomation see:
+  #
+  #   https://github.com/sass/sass
+  #   https://github.com/rails/sass-rails
+  #
+  class SassProcessor
+    autoload :CacheStore, 'sprockets/sass_cache_store'
+
+    # Internal: Defines default sass syntax to use. Exposed so the ScssProcessor
+    # may override it.
+    def self.syntax
+      :sass
+    end
+
+    # Public: Return singleton instance with default options.
+    #
+    # Returns SassProcessor object.
+    def self.instance
+      @instance ||= new
+    end
+
+    def self.call(input)
+      instance.call(input)
+    end
+
+    def self.cache_key
+      instance.cache_key
+    end
+
+    attr_reader :cache_key
+
+    # Public: Initialize template with custom options.
+    #
+    # options - Hash
+    # cache_version - String custom cache version. Used to force a cache
+    #                 change after code changes are made to Sass Functions.
+    #
+    def initialize(options = {}, &block)
+      @cache_version = options[:cache_version]
+      @cache_key = "#{self.class.name}:#{VERSION}:#{Autoload::Sass::VERSION}:#{@cache_version}".freeze
+
+      @functions = Module.new do
+        include Functions
+        include options[:functions] if options[:functions]
+        class_eval(&block) if block_given?
+      end
+    end
+
+    def call(input)
+      context = input[:environment].context_class.new(input)
+
+      options = {
+        filename: input[:filename],
+        syntax: self.class.syntax,
+        cache_store: build_cache_store(input, @cache_version),
+        load_paths: input[:environment].paths,
+        sprockets: {
+          context: context,
+          environment: input[:environment],
+          dependencies: context.metadata[:dependencies]
+        }
+      }
+
+      engine = Autoload::Sass::Engine.new(input[:data], options)
+
+      css = Utils.module_include(Autoload::Sass::Script::Functions, @functions) do
+        engine.render
+      end
+
+      # Track all imported files
+      sass_dependencies = Set.new([input[:filename]])
+      engine.dependencies.map do |dependency|
+        sass_dependencies << dependency.options[:filename]
+        context.metadata[:dependencies] << URIUtils.build_file_digest_uri(dependency.options[:filename])
+      end
+
+      context.metadata.merge(data: css, sass_dependencies: sass_dependencies)
+    end
+
+    # Public: Build the cache store to be used by the Sass engine.
+    #
+    # input - the input hash.
+    # version - the cache version.
+    #
+    # Override this method if you need to use a different cache than the
+    # Sprockets cache.
+    def build_cache_store(input, version)
+      CacheStore.new(input[:cache], version)
+    end
+    private :build_cache_store
+
+    # Public: Functions injected into Sass context during Sprockets evaluation.
+    #
+    # This module may be extended to add global functionality to all Sprockets
+    # Sass environments. Though, scoping your functions to just your environment
+    # is preferred.
+    #
+    # module Sprockets::SassProcessor::Functions
+    #   def asset_path(path, options = {})
+    #   end
+    # end
+    #
+    module Functions
+      # Public: Generate a url for asset path.
+      #
+      # Default implementation is deprecated. Currently defaults to
+      # Context#asset_path.
+      #
+      # Will raise NotImplementedError in the future. Users should provide their
+      # own base implementation.
+      #
+      # Returns a Sass::Script::String.
+      def asset_path(path, options = {})
+        path = path.value
+
+        path, _, query, fragment = URI.split(path)[5..8]
+        path     = sprockets_context.asset_path(path, options)
+        query    = "?#{query}" if query
+        fragment = "##{fragment}" if fragment
+
+        Autoload::Sass::Script::String.new("#{path}#{query}#{fragment}", :string)
+      end
+
+      # Public: Generate a asset url() link.
+      #
+      # path - Sass::Script::String URL path
+      #
+      # Returns a Sass::Script::String.
+      def asset_url(path, options = {})
+        Autoload::Sass::Script::String.new("url(#{asset_path(path, options).value})")
+      end
+
+      # Public: Generate url for image path.
+      #
+      # path - Sass::Script::String URL path
+      #
+      # Returns a Sass::Script::String.
+      def image_path(path)
+        asset_path(path, type: :image)
+      end
+
+      # Public: Generate a image url() link.
+      #
+      # path - Sass::Script::String URL path
+      #
+      # Returns a Sass::Script::String.
+      def image_url(path)
+        asset_url(path, type: :image)
+      end
+
+      # Public: Generate url for video path.
+      #
+      # path - Sass::Script::String URL path
+      #
+      # Returns a Sass::Script::String.
+      def video_path(path)
+        asset_path(path, type: :video)
+      end
+
+      # Public: Generate a video url() link.
+      #
+      # path - Sass::Script::String URL path
+      #
+      # Returns a Sass::Script::String.
+      def video_url(path)
+        asset_url(path, type: :video)
+      end
+
+      # Public: Generate url for audio path.
+      #
+      # path - Sass::Script::String URL path
+      #
+      # Returns a Sass::Script::String.
+      def audio_path(path)
+        asset_path(path, type: :audio)
+      end
+
+      # Public: Generate a audio url() link.
+      #
+      # path - Sass::Script::String URL path
+      #
+      # Returns a Sass::Script::String.
+      def audio_url(path)
+        asset_url(path, type: :audio)
+      end
+
+      # Public: Generate url for font path.
+      #
+      # path - Sass::Script::String URL path
+      #
+      # Returns a Sass::Script::String.
+      def font_path(path)
+        asset_path(path, type: :font)
+      end
+
+      # Public: Generate a font url() link.
+      #
+      # path - Sass::Script::String URL path
+      #
+      # Returns a Sass::Script::String.
+      def font_url(path)
+        asset_url(path, type: :font)
+      end
+
+      # Public: Generate url for javascript path.
+      #
+      # path - Sass::Script::String URL path
+      #
+      # Returns a Sass::Script::String.
+      def javascript_path(path)
+        asset_path(path, type: :javascript)
+      end
+
+      # Public: Generate a javascript url() link.
+      #
+      # path - Sass::Script::String URL path
+      #
+      # Returns a Sass::Script::String.
+      def javascript_url(path)
+        asset_url(path, type: :javascript)
+      end
+
+      # Public: Generate url for stylesheet path.
+      #
+      # path - Sass::Script::String URL path
+      #
+      # Returns a Sass::Script::String.
+      def stylesheet_path(path)
+        asset_path(path, type: :stylesheet)
+      end
+
+      # Public: Generate a stylesheet url() link.
+      #
+      # path - Sass::Script::String URL path
+      #
+      # Returns a Sass::Script::String.
+      def stylesheet_url(path)
+        asset_url(path, type: :stylesheet)
+      end
+
+      # Public: Generate a data URI for asset path.
+      #
+      # path - Sass::Script::String logical asset path
+      #
+      # Returns a Sass::Script::String.
+      def asset_data_url(path)
+        url = sprockets_context.asset_data_uri(path.value)
+        Autoload::Sass::Script::String.new("url(" + url + ")")
+      end
+
+      protected
+        # Public: The Environment.
+        #
+        # Returns Sprockets::Environment.
+        def sprockets_environment
+          options[:sprockets][:environment]
+        end
+
+        # Public: Mutatable set of dependencies.
+        #
+        # Returns a Set.
+        def sprockets_dependencies
+          options[:sprockets][:dependencies]
+        end
+
+        # Deprecated: Get the Context instance. Use APIs on
+        # sprockets_environment or sprockets_dependencies directly.
+        #
+        # Returns a Context instance.
+        def sprockets_context
+          options[:sprockets][:context]
+        end
+
+    end
+  end
+
+  class ScssProcessor < SassProcessor
+    def self.syntax
+      :scss
+    end
+  end
+
+  # Deprecated: Use Sprockets::SassProcessor::Functions instead.
+  SassFunctions = SassProcessor::Functions
+end

data/lib/sprockets/sass_template.rb

@@ -1,66 +1,19 @@
-require 'tilt'
+require 'sprockets/sass_processor'
 
 module Sprockets
-  # This custom Tilt handler replaces the one built into Tilt. The
-  # main difference is that it uses a custom importer that plays nice
-  # with sprocket's caching system.
-  #
-  # See `SassImporter` for more infomation.
-  class SassTemplate < Tilt::Template
-    self.default_mime_type = 'text/css'
-
-    def self.engine_initialized?
-      defined?(::Sass::Engine) && defined?(::Sass::Script::Functions) &&
-        ::Sass::Script::Functions < Sprockets::SassFunctions
-    end
-
-    def initialize_engine
-      # Double check constant to avoid tilt warning
-      unless defined? ::Sass
-        require_template_library 'sass'
-      end
-
-      # Install custom functions. It'd be great if this didn't need to
-      # be installed globally, but could be passed into Engine as an
-      # option.
-      ::Sass::Script::Functions.send :include, Sprockets::SassFunctions
+  # Deprecated
+  class SassTemplate < SassProcessor
+    def self.call(*args)
+      Deprecation.new.warn "SassTemplate is deprecated please use SassProcessor instead"
+      super
     end
+  end
 
-    def prepare
-    end
-
-    def syntax
-      :sass
-    end
-
-    def evaluate(context, locals, &block)
-      # Use custom importer that knows about Sprockets Caching
-      cache_store = SassCacheStore.new(context.environment)
-
-      options = {
-        :filename => eval_file,
-        :line => line,
-        :syntax => syntax,
-        :cache_store => cache_store,
-        :importer => SassImporter.new(context.pathname.to_s),
-        :load_paths => context.environment.paths.map { |path| SassImporter.new(path.to_s) },
-        :sprockets => {
-          :context => context,
-          :environment => context.environment
-        }
-      }
-
-      result = ::Sass::Engine.new(data, options).render
-
-      # Track all imported files
-      filenames = ([options[:importer].imported_filenames] + options[:load_paths].map(&:imported_filenames)).flatten.uniq
-      filenames.each { |filename| context.depend_on(filename) }
-
-      result
-    rescue ::Sass::SyntaxError => e
-      # Annotates exception message with parse line number
-      context.__LINE__ = e.sass_backtrace.first[:line]
-      raise e
+  # Deprecated
+  class ScssTemplate < ScssProcessor
+    def self.call(*args)
+      Deprecation.new.warn "ScssTemplate is deprecated please use ScssProcessor instead"
+      super
     end
   end
 end

data/lib/sprockets/server.rb

@@ -1,9 +1,9 @@
 require 'time'
-require 'uri'
+require 'rack/utils'
 
 module Sprockets
   # `Server` is a concern mixed into `Environment` and
-  # `Index` that provides a Rack compatible `call`
+  # `CachedEnvironment` that provides a Rack compatible `call`
   # interface and url generation helpers.
   module Server
     # `call` implements the Rack 1.x specification which accepts an
@@ -23,15 +23,14 @@ module Sprockets
       start_time = Time.now.to_f
       time_elapsed = lambda { ((Time.now.to_f - start_time) * 1000).to_i }
 
-      msg = "Served asset #{env['PATH_INFO']} -"
+      if !['GET', 'HEAD'].include?(env['REQUEST_METHOD'])
+        return method_not_allowed_response
+      end
 
-      # Mark session as "skipped" so no `Set-Cookie` header is set
-      env['rack.session.options'] ||= {}
-      env['rack.session.options'][:defer] = true
-      env['rack.session.options'][:skip] = true
+      msg = "Served asset #{env['PATH_INFO']} -"
 
       # Extract the path from everything after the leading slash
-      path = unescape(env['PATH_INFO'].to_s.sub(/^\//, ''))
+      path = Rack::Utils.unescape(env['PATH_INFO'].to_s.sub(/^\//, ''))
 
       # Strip fingerprint
       if fingerprint = path_fingerprint(path)
@@ -40,42 +39,68 @@ module Sprockets
 
       # URLs containing a `".."` are rejected for security reasons.
       if forbidden_request?(path)
-        return forbidden_response
+        return forbidden_response(env)
       end
 
       # Look up the asset.
-      asset = find_asset(path, :bundle => !body_only?(env))
+      options = {}
+      options[:pipeline] = :self if body_only?(env)
 
-      # `find_asset` returns nil if the asset doesn't exist
-      if asset.nil?
-        logger.info "#{msg} 404 Not Found (#{time_elapsed.call}ms)"
+      asset = find_asset(path, options)
 
-        # Return a 404 Not Found
-        not_found_response
+      # 2.x/3.x compatibility hack. Just ignore fingerprints on ?body=1 requests.
+      # 3.x/4.x prefers strong validation of fingerprint to body contents, but
+      # 2.x just ignored it.
+      if asset && parse_asset_uri(asset.uri)[1][:pipeline] == "self"
+        fingerprint = nil
+      end
 
-      # Check request headers `HTTP_IF_NONE_MATCH` against the asset digest
-      elsif etag_match?(asset, env)
-        logger.info "#{msg} 304 Not Modified (#{time_elapsed.call}ms)"
+      if fingerprint
+        if_match = fingerprint
+      elsif env['HTTP_IF_MATCH']
+        if_match = env['HTTP_IF_MATCH'][/^"(\w+)"$/, 1]
+      end
 
-        # Return a 304 Not Modified
-        not_modified_response(asset, env)
+      if env['HTTP_IF_NONE_MATCH']
+        if_none_match = env['HTTP_IF_NONE_MATCH'][/^"(\w+)"$/, 1]
+      end
 
+      if asset.nil?
+        status = :not_found
+      elsif fingerprint && asset.etag != fingerprint
+        status = :not_found
+      elsif if_match && asset.etag != if_match
+        status = :precondition_failed
+      elsif if_none_match && asset.etag == if_none_match
+        status = :not_modified
       else
-        logger.info "#{msg} 200 OK (#{time_elapsed.call}ms)"
+        status = :ok
+      end
 
-        # Return a 200 with the asset contents
+      case status
+      when :ok
+        logger.info "#{msg} 200 OK (#{time_elapsed.call}ms)"
         ok_response(asset, env)
+      when :not_modified
+        logger.info "#{msg} 304 Not Modified (#{time_elapsed.call}ms)"
+        not_modified_response(env, if_none_match)
+      when :not_found
+        logger.info "#{msg} 404 Not Found (#{time_elapsed.call}ms)"
+        not_found_response(env)
+      when :precondition_failed
+        logger.info "#{msg} 412 Precondition Failed (#{time_elapsed.call}ms)"
+        precondition_failed_response(env)
       end
     rescue Exception => e
       logger.error "Error compiling asset #{path}:"
       logger.error "#{e.class.name}: #{e.message}"
 
-      case content_type_of(path)
-      when "application/javascript"
+      case File.extname(path)
+      when ".js"
         # Re-throw JavaScript asset exceptions to the browser
         logger.info "#{msg} 500 Internal Server Error\n\n"
         return javascript_exception_response(e)
-      when "text/css"
+      when ".css"
         # Display CSS asset exceptions in the browser
         logger.info "#{msg} 500 Internal Server Error\n\n"
         return css_exception_response(e)
@@ -90,25 +115,63 @@ module Sprockets
         #
         #     http://example.org/assets/../../../etc/passwd
         #
-        path.include?("..") || Pathname.new(path).absolute? || path.include?("://")
+        path.include?("..") || absolute_path?(path) || path.include?("://")
+      end
+
+      def head_request?(env)
+        env['REQUEST_METHOD'] == 'HEAD'
+      end
+
+      # Returns a 200 OK response tuple
+      def ok_response(asset, env)
+        if head_request?(env)
+          [ 200, headers(env, asset, 0), [] ]
+        else
+          [ 200, headers(env, asset, asset.length), asset ]
+        end
+      end
+
+      # Returns a 304 Not Modified response tuple
+      def not_modified_response(env, etag)
+        [ 304, cache_headers(env, etag), [] ]
       end
 
       # Returns a 403 Forbidden response tuple
-      def forbidden_response
-        [ 403, { "Content-Type" => "text/plain", "Content-Length" => "9" }, [ "Forbidden" ] ]
+      def forbidden_response(env)
+        if head_request?(env)
+          [ 403, { "Content-Type" => "text/plain", "Content-Length" => "0" }, [] ]
+        else
+          [ 403, { "Content-Type" => "text/plain", "Content-Length" => "9" }, [ "Forbidden" ] ]
+        end
       end
 
       # Returns a 404 Not Found response tuple
-      def not_found_response
-        [ 404, { "Content-Type" => "text/plain", "Content-Length" => "9", "X-Cascade" => "pass" }, [ "Not found" ] ]
+      def not_found_response(env)
+        if head_request?(env)
+          [ 404, { "Content-Type" => "text/plain", "Content-Length" => "0", "X-Cascade" => "pass" }, [] ]
+        else
+          [ 404, { "Content-Type" => "text/plain", "Content-Length" => "9", "X-Cascade" => "pass" }, [ "Not found" ] ]
+        end
+      end
+
+      def method_not_allowed_response
+        [ 405, { "Content-Type" => "text/plain", "Content-Length" => "18" }, [ "Method Not Allowed" ] ]
+      end
+
+      def precondition_failed_response(env)
+        if head_request?(env)
+          [ 412, { "Content-Type" => "text/plain", "Content-Length" => "0", "X-Cascade" => "pass" }, [] ]
+        else
+          [ 412, { "Content-Type" => "text/plain", "Content-Length" => "19", "X-Cascade" => "pass" }, [ "Precondition Failed" ] ]
+        end
       end
 
       # Returns a JavaScript response that re-throws a Ruby exception
       # in the browser
       def javascript_exception_response(exception)
-        err  = "#{exception.class.name}: #{exception.message}"
+        err  = "#{exception.class.name}: #{exception.message}\n  (in #{exception.backtrace[0]})"
         body = "throw Error(#{err.inspect})"
-        [ 200, { "Content-Type" => "application/javascript", "Content-Length" => Rack::Utils.bytesize(body).to_s }, [ body ] ]
+        [ 200, { "Content-Type" => "application/javascript", "Content-Length" => body.bytesize.to_s }, [ body ] ]
       end
 
       # Returns a CSS response that hides all elements on the page and
@@ -161,7 +224,7 @@ module Sprockets
           }
         CSS
 
-        [ 200, { "Content-Type" => "text/css;charset=utf-8", "Content-Length" => Rack::Utils.bytesize(body).to_s }, [ body ] ]
+        [ 200, { "Content-Type" => "text/css; charset=utf-8", "Content-Length" => body.bytesize.to_s }, [ body ] ]
       end
 
       # Escape special characters for use inside a CSS content("...") string
@@ -173,75 +236,57 @@ module Sprockets
           gsub('/',  '\\\\002f ')
       end
 
-      # Compare the requests `HTTP_IF_NONE_MATCH` against the assets digest
-      def etag_match?(asset, env)
-        env["HTTP_IF_NONE_MATCH"] == etag(asset)
-      end
-
       # Test if `?body=1` or `body=true` query param is set
       def body_only?(env)
         env["QUERY_STRING"].to_s =~ /body=(1|t)/
       end
 
-      # Returns a 304 Not Modified response tuple
-      def not_modified_response(asset, env)
-        [ 304, {}, [] ]
-      end
+      def cache_headers(env, etag)
+        headers = {}
 
-      # Returns a 200 OK response tuple
-      def ok_response(asset, env)
-        [ 200, headers(env, asset, asset.length), asset ]
+        # Set caching headers
+        headers["Cache-Control"] = "public"
+        headers["ETag"]          = %("#{etag}")
+
+        # If the request url contains a fingerprint, set a long
+        # expires on the response
+        if path_fingerprint(env["PATH_INFO"])
+          headers["Cache-Control"] << ", max-age=31536000"
+
+        # Otherwise set `must-revalidate` since the asset could be modified.
+        else
+          headers["Cache-Control"] << ", must-revalidate"
+          headers["Vary"] = "Accept-Encoding"
+        end
+
+        headers
       end
 
       def headers(env, asset, length)
-        Hash.new.tap do |headers|
-          # Set content type and length headers
-          headers["Content-Type"]   = asset.content_type
-          headers["Content-Length"] = length.to_s
-
-          # Set caching headers
-          headers["Cache-Control"]  = "public"
-          headers["Last-Modified"]  = asset.mtime.httpdate
-          headers["ETag"]           = etag(asset)
-
-          # If the request url contains a fingerprint, set a long
-          # expires on the response
-          if path_fingerprint(env["PATH_INFO"])
-            headers["Cache-Control"] << ", max-age=31536000"
-
-          # Otherwise set `must-revalidate` since the asset could be modified.
-          else
-            headers["Cache-Control"] << ", must-revalidate"
+        headers = {}
+
+        # Set content length header
+        headers["Content-Length"] = length.to_s
+
+        # Set content type header
+        if type = asset.content_type
+          # Set charset param for text/* mime types
+          if type.start_with?("text/") && asset.charset
+            type += "; charset=#{asset.charset}"
           end
+          headers["Content-Type"] = type
         end
+
+        headers.merge(cache_headers(env, asset.etag))
       end
 
-      # Gets digest fingerprint.
+      # Gets ETag fingerprint.
       #
       #     "foo-0aa2105d29558f3eb790d411d7d8fb66.js"
       #     # => "0aa2105d29558f3eb790d411d7d8fb66"
       #
       def path_fingerprint(path)
-        path[/-([0-9a-f]{7,40})\.[^.]+\z/, 1]
-      end
-
-      # URI.unescape is deprecated on 1.9. We need to use URI::Parser
-      # if its available.
-      if defined? URI::DEFAULT_PARSER
-        def unescape(str)
-          str = URI::DEFAULT_PARSER.unescape(str)
-          str.force_encoding(Encoding.default_internal) if Encoding.default_internal
-          str
-        end
-      else
-        def unescape(str)
-          URI.unescape(str)
-        end
-      end
-
-      # Helper to quote the assets digest for use as an ETag.
-      def etag(asset)
-        %("#{asset.digest}")
+        path[/-([0-9a-f]{7,128})\.[^.]+\z/, 1]
       end
   end
 end