syntropy 0.28.2 → 0.30.0

data/lib/syntropy/request/request_info.rb

@@ -0,0 +1,236 @@
+# frozen_string_literal: true
+
+require 'uri'
+require 'escape_utils'
+
+module Syntropy
+  module RequestInfoMethods
+    def host
+      @headers['host'] || @headers[':authority']
+    end
+    alias_method :authority, :host
+
+    def connection
+      @headers['connection']
+    end
+
+    def upgrade_protocol
+      connection == 'upgrade' && @headers['upgrade']&.downcase
+    end
+
+    def websocket_version
+      headers['sec-websocket-version'].to_i
+    end
+
+    def protocol
+      @protocol ||= @adapter.protocol
+    end
+
+    def method
+      @method ||= @headers[':method'].downcase
+    end
+
+    def scheme
+      @scheme ||= @headers[':scheme']
+    end
+
+    # Rewrites the request path by replacing the given src with the given
+    # replacement.
+    #
+    # @param src [String, Regexp] src pattern
+    # @param replacement [String] replacement
+    # @return [Syntropy::Request] self
+    def rewrite!(src, replacement)
+      @headers[':path'] = @headers[':path']
+        .gsub(src, replacement)
+        .gsub('//', '/')
+      @path = nil
+      @uri = nil
+      @full_uri = nil
+      self
+    end
+
+    def uri
+      @uri ||= URI.parse(@headers[':path'] || '')
+    end
+
+    def full_uri
+      @full_uri = "#{scheme}://#{host}#{uri}"
+    end
+
+    def path
+      @path ||= uri.path
+    end
+
+    def query_string
+      @query_string ||= uri.query
+    end
+
+    def query
+      return @query if @query
+
+      @query = (q = uri.query) ? parse_query(q) : {}
+    end
+
+    QUERY_KV_REGEXP = /([^=]+)(?:=(.*))?/
+
+    def parse_query(query)
+      query.split('&').each_with_object({}) do |kv, h|
+        k, v = kv.match(QUERY_KV_REGEXP)[1..2]
+        h[k.to_sym] = v ? URI.decode_www_form_component(v) : true
+      end
+    end
+
+    def request_id
+      @headers['x-request-id']
+    end
+
+    def forwarded_for
+      @headers['x-forwarded-for']
+    end
+
+    # TODO: should return encodings in client's order of preference (and take
+    # into account q weights)
+    def accept_encoding
+      encoding = @headers['accept-encoding']
+      return [] unless encoding
+
+      encoding.split(',').map { |i| i.strip }
+    end
+
+    def cookies
+      @cookies ||= parse_cookies(headers['cookie'])
+    end
+
+    COOKIE_RE = /^([^=]+)=(.*)$/.freeze
+    SEMICOLON = ';'
+
+    def parse_cookies(cookies)
+      return {} unless cookies
+
+      cookies.split(SEMICOLON).each_with_object({}) do |c, h|
+        raise BadRequestError, 'Invalid cookie format' unless c.strip =~ COOKIE_RE
+
+        key, value = Regexp.last_match[1..2]
+        h[key] = EscapeUtils.unescape_uri(value)
+      end
+    end
+
+    # Reads the request body and returns form data.
+    #
+    # @return [Hash] form data
+    def get_form_data
+      body = read
+      if !body || body.empty?
+        raise Syntropy::Error.new('Missing form data', HTTP::BAD_REQUEST)
+      end
+
+      Syntropy::Request.parse_form_data(body, headers)
+    rescue Syntropy::BadRequestError
+      raise Syntropy::Error.new('Invalid form data', HTTP::BAD_REQUEST)
+    end
+
+    def browser?
+      user_agent = headers['user-agent']
+      user_agent && user_agent =~ /^Mozilla\//
+    end
+
+    # Returns true if the accept header includes the given MIME type
+    #
+    # @param mime_type [String] MIME type
+    # @return [bool]
+    def accept?(mime_type)
+      accept = headers['accept']
+      return nil if !accept
+
+      @accept_parts ||= parse_accept_parts(accept)
+      @accept_parts.include?(mime_type)
+    end
+
+    private
+
+    def parse_accept_parts(accept)
+      accept.split(',').map { it.match(/^\s*([^\s;]+)/)[1] }
+    end
+  end
+
+  module RequestInfoClassMethods
+    def parse_form_data(body, headers)
+      case (content_type = headers['content-type'])
+      when /^multipart\/form\-data; boundary=([^\s]+)/
+        boundary = "--#{Regexp.last_match(1)}"
+        parse_multipart_form_data(body, boundary)
+      when /^application\/x-www-form-urlencoded/
+        parse_urlencoded_form_data(body)
+      else
+        raise BadRequestError, "Unsupported form data content type: #{content_type}"
+      end
+    end
+
+    def parse_multipart_form_data(body, boundary)
+      parts = body.split(boundary)
+      raise BadRequestError, 'Invalid form data' if parts.size < 2
+      parts.each_with_object({}) do |p, h|
+        next if p.empty? || p == "--\r\n"
+
+        # remove post-boundary \r\n
+        p.slice!(0, 2)
+        parse_multipart_form_data_part(p, h)
+      end
+    end
+
+    def parse_multipart_form_data_part(part, hash)
+      body, headers = parse_multipart_form_data_part_headers(part)
+      disposition = headers['content-disposition'] || ''
+
+      name = (disposition =~ /name="([^"]+)"/) ? Regexp.last_match(1) : nil
+      filename = (disposition =~ /filename="([^"]+)"/) ? Regexp.last_match(1) : nil
+
+      if filename
+        hash[name] = { filename: filename, content_type: headers['content-type'], data: body }
+      else
+        hash[name] = body
+      end
+    end
+
+    def parse_multipart_form_data_part_headers(part)
+      headers = {}
+      while true
+        idx = part.index("\r\n")
+        break unless idx
+
+        header = part[0, idx]
+        part.slice!(0, idx + 2)
+        break if header.empty?
+
+        next unless header =~ /^([^\:]+)\:\s?(.+)$/
+
+        headers[Regexp.last_match(1).downcase] = Regexp.last_match(2)
+      end
+      # remove trailing \r\n
+      part.slice!(part.size - 2, 2)
+      [part, headers]
+    end
+
+    PARAMETER_RE = /^([^=]+)(?:=(.*))?$/.freeze
+    MAX_PARAMETER_NAME_SIZE = 256
+    MAX_PARAMETER_VALUE_SIZE = 2**20 # 1MB
+
+    def parse_urlencoded_form_data(body)
+      return {} unless body
+
+      body.force_encoding(Encoding::UTF_8) unless body.encoding == Encoding::UTF_8
+      body.split('&').each_with_object({}) do |i, m|
+        raise BadRequestError, 'Invalid parameter format' unless i =~ PARAMETER_RE
+
+        k = Regexp.last_match(1)
+        raise BadRequestError, 'Invalid parameter size' if k.size > MAX_PARAMETER_NAME_SIZE
+
+        v = Regexp.last_match(2)
+        raise BadRequestError, 'Invalid parameter size' if v && v.size > MAX_PARAMETER_VALUE_SIZE
+
+        m[EscapeUtils.unescape_uri(k)] = v ? EscapeUtils.unescape_uri(v) : true
+      end
+    end
+  end
+end

data/lib/syntropy/request/response.rb

@@ -0,0 +1,206 @@
+# frozen_string_literal: true
+
+require 'time'
+require 'digest/sha1'
+
+require_relative '../http/status'
+require_relative '../mime_types'
+
+module Syntropy
+  module StaticFileCaching
+    class << self
+      def file_stat_to_etag(stat)
+        "#{stat.mtime.to_i.to_s(36)}#{stat.size.to_s(36)}"
+      end
+
+      def file_stat_to_last_modified(stat)
+        stat.mtime.httpdate
+      end
+    end
+  end
+
+  module ResponseMethods
+    WEBSOCKET_GUID = '258EAFA5-E914-47DA-95CA-C5AB0DC85B11'
+
+    def upgrade_to_websocket(custom_headers = nil)
+      key = "#{headers['sec-websocket-key']}#{WEBSOCKET_GUID}"
+      upgrade_headers = {
+        'Sec-WebSocket-Accept' => Digest::SHA1.base64digest(key)
+      }
+      upgrade_headers.merge!(custom_headers) if custom_headers
+      upgrade('websocket', upgrade_headers)
+
+      adapter.websocket_connection(self)
+    end
+
+    def redirect(url, status = HTTP::FOUND)
+      respond(nil, ':status' => status, 'Location' => url)
+    end
+
+    def redirect_to_https(status = HTTP::MOVED_PERMANENTLY)
+      secure_uri = "https://#{host}#{uri}"
+      redirect(secure_uri, status)
+    end
+
+    def redirect_to_host(new_host, status = HTTP::FOUND)
+      secure_uri = "//#{new_host}#{uri}"
+      redirect(secure_uri, status)
+    end
+
+    def serve_file(path, opts = {})
+      full_path = file_full_path(path, opts)
+      stat = File.stat(full_path)
+      etag = StaticFileCaching.file_stat_to_etag(stat)
+      last_modified = StaticFileCaching.file_stat_to_last_modified(stat)
+
+      if validate_static_file_cache(etag, last_modified)
+        return respond(nil, {
+          ':status' => HTTP::NOT_MODIFIED,
+          'etag' => etag
+        })
+      end
+
+      mime_type = MimeTypes[File.extname(path)]
+      opts[:stat] = stat
+      (opts[:headers] ||= {})['Content-Type'] ||= mime_type if mime_type
+
+      respond_with_static_file(full_path, etag, last_modified, opts)
+    rescue Errno::ENOENT
+      respond(nil, ':status' => HTTP::NOT_FOUND)
+    end
+
+    def validate_static_file_cache(etag, last_modified)
+      if (none_match = headers['if-none-match'])
+        return true if none_match == etag
+      end
+      if (modified_since = headers['if-modified-since'])
+        return true if modified_since == last_modified
+      end
+
+      false
+    end
+
+    def file_full_path(path, opts)
+      if (base_path = opts[:base_path])
+        File.join(opts[:base_path], path)
+      else
+        path
+      end
+    end
+
+    def serve_io(io, opts)
+      respond(io.read, opts[:headers] || {})
+    end
+
+    def respond_with_static_file(path, etag, last_modified, opts)
+      cache_headers = (etag || last_modified) ? {
+        'etag' => etag,
+        'last-modified' => last_modified
+      } : {}
+
+      adapter.respond_with_static_file(self, path, opts, cache_headers)
+    end
+
+    def set_response_headers(headers)
+      adapter.set_response_headers(headers)
+    end
+
+    def set_cookie(*)
+      adapter.set_cookie(*)
+    end
+
+    def upgrade(protocol, custom_headers = nil, &block)
+      upgrade_headers = {
+        ':status' => HTTP::SWITCHING_PROTOCOLS,
+        'Upgrade' => protocol,
+        'Connection' => 'upgrade'
+      }
+      upgrade_headers.merge!(custom_headers) if custom_headers
+
+      respond(nil, upgrade_headers)
+      adapter.with_stream(&block)
+    end
+
+    # Responds according to the given map. The given map defines the responses
+    # for each method. The value for each method is either an array containing
+    # the body and header values to use as response, or a proc returning such an
+    # array. For example:
+    #
+    #     req.respond_by_http_method(
+    #       'head'  => [nil, headers],
+    #       'get'   => -> { [IO.read(fn), headers] }
+    #     )
+    #
+    # If the request's method is not included in the given map, an exception is
+    # raised.
+    #
+    # @param map [Hash] hash mapping HTTP methods to responses
+    # @return [void]
+    def respond_by_http_method(map)
+      value = map[self.method]
+      raise Syntropy::Error.method_not_allowed if !value
+
+      value = value.() if value.is_a?(Proc)
+      (body, headers) = value
+      respond(body, headers)
+    end
+
+    # Responds to GET requests with the given body and headers. Otherwise raises
+    # an exception.
+    #
+    # @param body [String, nil] response body
+    # @param headers [Hash] response headers
+    # @return [void]
+    def respond_on_get(body, headers = {})
+      case self.method
+      when 'head'
+        respond(nil, headers)
+      when 'get'
+        respond(body, headers)
+      else
+        raise Syntropy::Error.method_not_allowed
+      end
+    end
+
+    # Responds to POST requests with the given body and headers. Otherwise
+    # raises an exception.
+    #
+    # @param body [String, nil] response body
+    # @param headers [Hash] response headers
+    # @return [void]
+    def respond_on_post(body, headers = {})
+      case self.method
+      when 'head'
+        respond(nil, headers)
+      when 'post'
+        respond(body, headers)
+      else
+      raise Syntropy::Error.method_not_allowed
+      end
+    end
+
+    def html_response(html, **headers)
+      respond(
+        html,
+        'Content-Type' => 'text/html; charset=utf-8',
+        **headers
+      )
+    end
+
+    def json_response(obj, **headers)
+      respond(
+        JSON.dump(obj),
+        'Content-Type' => 'application/json; charset=utf-8',
+        **headers
+      )
+    end
+
+    def json_pretty_response(obj, **headers)
+      respond(
+        JSON.pretty_generate(obj),
+        'Content-Type' => 'application/json; charset=utf-8',
+        **headers
+      )
+    end
+  end
+end

data/lib/syntropy/{request_extensions.rb → request/validation.rb}

@@ -1,34 +1,10 @@
 # frozen_string_literal: true
 
-require 'qeweney'
-require 'json'
+require 'uri'
+require 'escape_utils'
 
 module Syntropy
-  # Extensions for the Qeweney::Request class
-  module RequestExtensions
-    attr_reader :route_params
-    attr_accessor :route
-
-    # Initializes request with additional fields
-    def initialize(headers, adapter)
-      @headers  = headers
-      @adapter  = adapter
-      @route = nil
-      @route_params = {}
-      @ctx = nil
-    end
-
-    # Sets up mock request additional fields
-    def setup_mock_request
-      @route = nil
-      @route_params = {}
-      @ctx = nil
-    end
-
-    # Returns the request context
-    def ctx
-      @ctx ||= {}
-    end
+  module RequestValidationMethods
 
     # Checks the request's HTTP method against the given accepted values. If not
     # included in the accepted values, raises an exception. Otherwise, returns
@@ -42,64 +18,6 @@ module Syntropy
       raise Syntropy::Error.method_not_allowed
     end
 
-    # Responds according to the given map. The given map defines the responses
-    # for each method. The value for each method is either an array containing
-    # the body and header values to use as response, or a proc returning such an
-    # array. For example:
-    #
-    #     req.respond_by_http_method(
-    #       'head'  => [nil, headers],
-    #       'get'   => -> { [IO.read(fn), headers] }
-    #     )
-    #
-    # If the request's method is not included in the given map, an exception is
-    # raised.
-    #
-    # @param map [Hash] hash mapping HTTP methods to responses
-    # @return [void]
-    def respond_by_http_method(map)
-      value = map[self.method]
-      raise Syntropy::Error.method_not_allowed if !value
-
-      value = value.() if value.is_a?(Proc)
-      (body, headers) = value
-      respond(body, headers)
-    end
-
-    # Responds to GET requests with the given body and headers. Otherwise raises
-    # an exception.
-    #
-    # @param body [String, nil] response body
-    # @param headers [Hash] response headers
-    # @return [void]
-    def respond_on_get(body, headers = {})
-      case self.method
-      when 'head'
-        respond(nil, headers)
-      when 'get'
-        respond(body, headers)
-      else
-        raise Syntropy::Error.method_not_allowed
-      end
-    end
-
-    # Responds to POST requests with the given body and headers. Otherwise
-    # raises an exception.
-    #
-    # @param body [String, nil] response body
-    # @param headers [Hash] response headers
-    # @return [void]
-    def respond_on_post(body, headers = {})
-      case self.method
-      when 'head'
-        respond(nil, headers)
-      when 'post'
-        respond(body, headers)
-      else
-      raise Syntropy::Error.method_not_allowed
-      end
-    end
-
     # Validates and optionally converts request parameter value for the given
     # parameter name against the given clauses. If no clauses are given,
     # verifies the parameter value is not nil. A clause can be a class, such as
@@ -159,7 +77,7 @@ module Syntropy
         validated = true if client_mtime == last_modified
       end
       if validated
-        respond(nil, ':status' => Qeweney::Status::NOT_MODIFIED)
+        respond(nil, ':status' => HTTP::NOT_MODIFIED)
       else
         cache_headers = {
           'Cache-Control' => cache_control
@@ -171,67 +89,8 @@ module Syntropy
       end
     end
 
-    # Reads the request body and returns form data.
-    #
-    # @return [Hash] form data
-    def get_form_data
-      body = read
-      if !body || body.empty?
-        raise Syntropy::Error.new('Missing form data', Qeweney::Status::BAD_REQUEST)
-      end
-
-      Qeweney::Request.parse_form_data(body, headers)
-    rescue Qeweney::BadRequestError
-      raise Syntropy::Error.new('Invalid form data', Qeweney::Status::BAD_REQUEST)
-    end
-
-    def html_response(html, **headers)
-      respond(
-        html,
-        'Content-Type' => 'text/html; charset=utf-8',
-        **headers
-      )
-    end
-
-    def json_response(obj, **headers)
-      respond(
-        JSON.dump(obj),
-        'Content-Type' => 'application/json; charset=utf-8',
-        **headers
-      )
-    end
-
-    def json_pretty_response(obj, **headers)
-      respond(
-        JSON.pretty_generate(obj),
-        'Content-Type' => 'application/json; charset=utf-8',
-        **headers
-      )
-    end
-
-    def browser?
-      user_agent = headers['user-agent']
-      user_agent && user_agent =~ /^Mozilla\//
-    end
-
-    # Returns true if the accept header includes the given MIME type
-    #
-    # @param mime_type [String] MIME type
-    # @return [bool]
-    def accept?(mime_type)
-      accept = headers['accept']
-      return nil if !accept
-
-      @accept_parts ||= parse_accept_parts(accept)
-      @accept_parts.include?(mime_type)
-    end
-
     private
 
-    def parse_accept_parts(accept)
-      accept.split(',').map { it.match(/^\s*([^\s;]+)/)[1] }
-    end
-
     BOOL_REGEXP = /^(t|f|true|false|on|off|1|0|yes|no)$/
     BOOL_TRUE_REGEXP = /^(t|true|on|1|yes)$/
     INTEGER_REGEXP = /^[+-]?[0-9]+$/
@@ -278,5 +137,3 @@ module Syntropy
     end
   end
 end
-
-Qeweney::Request.include(Syntropy::RequestExtensions)