technomancy-rack 0.3.0

data/lib/rack/urlmap.rb

@@ -0,0 +1,48 @@
+module Rack
+  # Rack::URLMap takes a hash mapping urls or paths to apps, and
+  # dispatches accordingly.  Support for HTTP/1.1 host names exists if
+  # the URLs start with <tt>http://</tt> or <tt>https://</tt>.
+  #
+  # URLMap modifies the SCRIPT_NAME and PATH_INFO such that the part
+  # relevant for dispatch is in the SCRIPT_NAME, and the rest in the
+  # PATH_INFO.  This should be taken care of when you need to
+  # reconstruct the URL in order to create links.
+  #
+  # URLMap dispatches in such a way that the longest paths are tried
+  # first, since they are most specific.
+
+  class URLMap
+    def initialize(map)
+      @mapping = map.map { |location, app|
+        if location =~ %r{\Ahttps?://(.*?)(/.*)}
+          host, location = $1, $2
+        else
+          host = nil
+        end
+
+        unless location[0] == ?/
+          raise ArgumentError, "paths need to start with /"
+        end
+        location = location.chomp('/')
+
+        [host, location, app]
+      }.sort_by { |(h, l, a)| -l.size }  # Longest path first
+    end
+
+    def call(env)
+      path = env["PATH_INFO"].to_s.squeeze("/")
+      hHost, sName, sPort = env.values_at('HTTP_HOST','SERVER_NAME','SERVER_PORT')
+      @mapping.each { |host, location, app|
+        next unless (hHost == host || sName == host \
+          || (host.nil? && (hHost == sName || hHost == sName+':'+sPort)))
+        next unless location == path[0, location.size]
+        next unless path[location.size] == nil || path[location.size] == ?/
+        env["SCRIPT_NAME"] += location
+        env["PATH_INFO"]    = path[location.size..-1]
+        return app.call(env)
+      }
+      [404, {"Content-Type" => "text/plain"}, ["Not Found: #{path}"]]
+    end
+  end
+end
+

data/lib/rack/utils.rb

@@ -0,0 +1,256 @@
+require 'tempfile'
+
+module Rack
+  # Rack::Utils contains a grab-bag of useful methods for writing web
+  # applications adopted from all kinds of Ruby libraries.
+
+  module Utils
+    # Performs URI escaping so that you can construct proper
+    # query strings faster.  Use this rather than the cgi.rb
+    # version since it's faster.  (Stolen from Camping).
+    def escape(s)
+      s.to_s.gsub(/([^ a-zA-Z0-9_.-]+)/n) {
+        '%'+$1.unpack('H2'*$1.size).join('%').upcase
+      }.tr(' ', '+')
+    end
+    module_function :escape
+
+    # Unescapes a URI escaped string. (Stolen from Camping).
+    def unescape(s)
+      s.tr('+', ' ').gsub(/((?:%[0-9a-fA-F]{2})+)/n){
+        [$1.delete('%')].pack('H*')
+      }
+    end
+    module_function :unescape
+
+    # Stolen from Mongrel, with some small modifications:
+    # Parses a query string by breaking it up at the '&'
+    # and ';' characters.  You can also use this to parse
+    # cookies by changing the characters used in the second
+    # parameter (which defaults to '&;').
+
+    def parse_query(qs, d = '&;')
+      params = {}
+      
+      (qs || '').split(/[#{d}] */n).each do |p|
+        k, v = unescape(p).split('=', 2)
+        
+        if cur = params[k]
+          if cur.class == Array
+            params[k] << v
+          else
+            params[k] = [cur, v]
+          end
+        else
+          params[k] = v
+        end
+      end
+      
+      return params
+    end
+    module_function :parse_query
+    
+    def build_query(params)
+      params.map { |k, v|
+        if v.class == Array
+          build_query(v.map { |x| [k, x] })
+        else
+          escape(k) + "=" + escape(v)
+        end
+      }.join("&")
+    end
+    module_function :build_query
+
+    # Escape ampersands, brackets and quotes to their HTML/XML entities.
+    def escape_html(string)
+      string.to_s.gsub("&", "&amp;").
+        gsub("<", "&lt;").
+        gsub(">", "&gt;").
+        gsub("'", "&#39;").
+        gsub('"', "&quot;")
+    end
+    module_function :escape_html
+
+    class Context < Proc
+      attr_reader :for, :app
+      def initialize app_f=nil, app_r=nil
+        @for, @app = app_f, app_r
+      end
+      alias_method :old_inspect, :inspect
+      def inspect
+        "#{old_inspect} ==> #{@for.inspect} ==> #{@app.inspect}"
+      end
+      def pretty_print pp
+        pp.text old_inspect
+        pp.nest 1 do
+          pp.breakable
+          pp.text '=for> '
+          pp.pp @for
+          pp.breakable
+          pp.text '=app> '
+          pp.pp @app
+        end
+      end
+    end
+
+    # A case-normalizing Hash, adjusting on [] and []=.
+    class HeaderHash < Hash
+      def initialize(hash={})
+        hash.each { |k, v| self[k] = v }
+      end
+
+      def to_hash
+        {}.replace(self)
+      end
+
+      def [](k)
+        super capitalize(k)
+      end
+
+      def []=(k, v)
+        super capitalize(k), v
+      end
+
+      def capitalize(k)
+        k.to_s.downcase.gsub(/^.|[-_\s]./) { |x| x.upcase }
+      end
+    end
+
+    # Every standard HTTP code mapped to the appropriate message.
+    # Stolen from Mongrel.
+    HTTP_STATUS_CODES = {
+      100  => 'Continue',
+      101  => 'Switching Protocols',
+      200  => 'OK',
+      201  => 'Created',
+      202  => 'Accepted',
+      203  => 'Non-Authoritative Information',
+      204  => 'No Content',
+      205  => 'Reset Content',
+      206  => 'Partial Content',
+      300  => 'Multiple Choices',
+      301  => 'Moved Permanently',
+      302  => 'Moved Temporarily',
+      303  => 'See Other',
+      304  => 'Not Modified',
+      305  => 'Use Proxy',
+      400  => 'Bad Request',
+      401  => 'Unauthorized',
+      402  => 'Payment Required',
+      403  => 'Forbidden',
+      404  => 'Not Found',
+      405  => 'Method Not Allowed',
+      406  => 'Not Acceptable',
+      407  => 'Proxy Authentication Required',
+      408  => 'Request Time-out',
+      409  => 'Conflict',
+      410  => 'Gone',
+      411  => 'Length Required',
+      412  => 'Precondition Failed',
+      413  => 'Request Entity Too Large',
+      414  => 'Request-URI Too Large',
+      415  => 'Unsupported Media Type',
+      500  => 'Internal Server Error',
+      501  => 'Not Implemented',
+      502  => 'Bad Gateway',
+      503  => 'Service Unavailable',
+      504  => 'Gateway Time-out',
+      505  => 'HTTP Version not supported'
+    }
+
+    # A multipart form data parser, adapted from IOWA.
+    #
+    # Usually, Rack::Request#POST takes care of calling this.
+
+    module Multipart
+      EOL = "\r\n"
+
+      def self.parse_multipart(env)
+        unless env['CONTENT_TYPE'] =~
+            %r|\Amultipart/form-data.*boundary=\"?([^\";,]+)\"?|n
+          nil
+        else
+          boundary = "--#{$1}"
+
+          params = {}
+          buf = ""
+          content_length = env['CONTENT_LENGTH'].to_i
+          input = env['rack.input']
+
+          boundary_size = boundary.size + EOL.size
+          bufsize = 16384
+
+          content_length -= boundary_size
+
+          status = input.read(boundary_size)
+          raise EOFError, "bad content body"  unless status == boundary + EOL
+
+          rx = /(?:#{EOL})?#{Regexp.quote boundary}(#{EOL}|--)/
+
+          loop {
+            head = nil
+            body = ''
+            filename = content_type = name = nil
+
+            until head && buf =~ rx
+              if !head && i = buf.index("\r\n\r\n")
+                head = buf.slice!(0, i+2) # First \r\n
+                buf.slice!(0, 2)          # Second \r\n
+
+                filename = head[/Content-Disposition:.* filename="?([^\";]*)"?/ni, 1]
+                content_type = head[/Content-Type: (.*)\r\n/ni, 1]
+                name = head[/Content-Disposition:.* name="?([^\";]*)"?/ni, 1]
+
+                if filename
+                  body = Tempfile.new("RackMultipart")
+                  body.binmode
+                end
+
+                next
+              end
+
+              # Save the read body part.
+              if head && (boundary_size+4 < buf.size)
+                body << buf.slice!(0, buf.size - (boundary_size+4))
+              end
+
+              c = input.read(bufsize < content_length ? bufsize : content_length)
+              raise EOFError, "bad content body"  if c.nil? || c.empty?
+              buf << c
+              content_length -= c.size
+            end
+
+            # Save the rest.
+            if i = buf.index(rx)
+              body << buf.slice!(0, i)
+              buf.slice!(0, boundary_size+2)
+
+              content_length = -1  if $1 == "--"
+            end
+
+            if filename
+              body.rewind
+              data = {:filename => filename, :type => content_type,
+                      :name => name, :tempfile => body, :head => head}
+            else
+              data = body
+            end
+
+            if name
+              if name =~ /\[\]\z/
+                params[name] ||= []
+                params[name] << data
+              else
+                params[name] = data
+              end
+            end
+
+            break  if buf.empty? || content_length == -1
+          }
+
+          params
+        end
+      end
+    end
+  end
+end

data/test/spec_rack_auth_basic.rb

@@ -0,0 +1,69 @@
+require 'test/spec'
+
+require 'rack/auth/basic'
+require 'rack/mock'
+
+context 'Rack::Auth::Basic' do
+
+  def realm
+    'WallysWorld'
+  end
+  
+  def unprotected_app
+    lambda { |env| [ 200, {'Content-Type' => 'text/plain'}, ["Hi #{env['REMOTE_USER']}"] ] }
+  end
+  
+  def protected_app
+    app = Rack::Auth::Basic.new(unprotected_app) { |username, password| 'Boss' == username }
+    app.realm = realm
+    app
+  end
+
+  setup do
+    @request = Rack::MockRequest.new(protected_app)
+  end
+
+  def request_with_basic_auth(username, password, &block)
+    request 'HTTP_AUTHORIZATION' => 'Basic ' + ["#{username}:#{password}"].pack("m*"), &block
+  end
+
+  def request(headers = {})
+    yield @request.get('/', headers)
+  end
+
+  def assert_basic_auth_challenge(response)
+    response.should.be.a.client_error
+    response.status.should.equal 401
+    response.should.include 'WWW-Authenticate'
+    response.headers['WWW-Authenticate'].should =~ /Basic realm="/
+    response.body.should.be.empty
+  end
+
+  specify 'should challenge correctly when no credentials are specified' do
+    request do |response|
+      assert_basic_auth_challenge response
+    end
+  end
+
+  specify 'should rechallenge if incorrect credentials are specified' do
+    request_with_basic_auth 'joe', 'password' do |response|
+      assert_basic_auth_challenge response
+    end
+  end
+
+  specify 'should return application output if correct credentials are specified' do
+    request_with_basic_auth 'Boss', 'password' do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Boss'
+    end
+  end
+  
+  specify 'should return 400 Bad Request if different auth scheme used' do
+    request 'HTTP_AUTHORIZATION' => 'Digest params' do |response|
+      response.should.be.a.client_error
+      response.status.should.equal 400
+      response.should.not.include 'WWW-Authenticate'
+    end
+  end
+
+end

data/test/spec_rack_auth_digest.rb

@@ -0,0 +1,169 @@
+require 'test/spec'
+
+require 'rack/auth/digest/md5'
+require 'rack/mock'
+
+context 'Rack::Auth::Digest::MD5' do
+
+  def realm
+    'WallysWorld'
+  end
+
+  def unprotected_app
+    lambda do |env|
+      [ 200, {'Content-Type' => 'text/plain'}, ["Hi #{env['REMOTE_USER']}"] ]
+    end
+  end
+  
+  def protected_app
+    app = Rack::Auth::Digest::MD5.new(unprotected_app) do |username|
+      { 'Alice' => 'correct-password' }[username]
+    end
+    app.realm = realm
+    app.opaque = 'this-should-be-secret'
+    app
+  end
+  
+  def protected_app_with_hashed_passwords
+    app = Rack::Auth::Digest::MD5.new(unprotected_app) do |username|
+      username == 'Alice' ? Digest::MD5.hexdigest("Alice:#{realm}:correct-password") : nil
+    end
+    app.realm = realm
+    app.opaque = 'this-should-be-secret'
+    app.passwords_hashed = true
+    app
+  end
+  
+  setup do
+    @request = Rack::MockRequest.new(protected_app)
+  end
+
+  def request(path, headers = {}, &block)
+    response = @request.get(path, headers)
+    block.call(response) if block
+    return response
+  end
+  
+  class MockDigestRequest
+    def initialize(params)
+      @params = params
+    end
+    def method_missing(sym)
+      if @params.has_key? k = sym.to_s
+        return @params[k]
+      end
+      super
+    end
+    def method
+      'GET'
+    end
+    def response(password)
+      Rack::Auth::Digest::MD5.new(nil).send :digest, self, password
+    end
+  end
+  
+  def request_with_digest_auth(path, username, password, options = {}, &block)
+    response = request('/')
+    
+    return response unless response.status == 401
+    
+    if wait = options.delete(:wait)
+      sleep wait
+    end
+    
+    challenge = response['WWW-Authenticate'].split(' ', 2).last
+
+    params = Rack::Auth::Digest::Params.parse(challenge)
+
+    params['username'] = username
+    params['nc'] = '00000001'
+    params['cnonce'] = 'nonsensenonce'
+    params['uri'] = path
+        
+    params.update options
+    
+    params['response'] = MockDigestRequest.new(params).response(password)
+    
+    request(path, { 'HTTP_AUTHORIZATION' => "Digest #{params}" }, &block)
+  end
+
+  def assert_digest_auth_challenge(response)
+    response.should.be.a.client_error
+    response.status.should.equal 401
+    response.should.include 'WWW-Authenticate'
+    response.headers['WWW-Authenticate'].should =~ /^Digest /
+    response.body.should.be.empty
+  end
+  
+  def assert_bad_request(response)
+    response.should.be.a.client_error
+    response.status.should.equal 400
+    response.should.not.include 'WWW-Authenticate'
+  end
+
+  specify 'should challenge when no credentials are specified' do
+    request '/' do |response|
+      assert_digest_auth_challenge response
+    end
+  end
+  
+  specify 'should return application output if correct credentials given' do
+    request_with_digest_auth '/', 'Alice', 'correct-password' do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Alice'
+    end
+  end  
+
+  specify 'should return application output if correct credentials given (hashed passwords)' do
+    @request = Rack::MockRequest.new(protected_app_with_hashed_passwords)
+    
+    request_with_digest_auth '/', 'Alice', 'correct-password' do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Alice'
+    end
+  end  
+  
+  specify 'should rechallenge if incorrect username given' do
+    request_with_digest_auth '/', 'Bob', 'correct-password' do |response|
+      assert_digest_auth_challenge response
+    end
+  end
+  
+  specify 'should rechallenge if incorrect password given' do
+    request_with_digest_auth '/', 'Alice', 'wrong-password' do |response|
+      assert_digest_auth_challenge response
+    end
+  end
+  
+  specify 'should rechallenge with stale parameter if nonce is stale' do
+    begin
+      Rack::Auth::Digest::Nonce.time_limit = 1
+    
+      request_with_digest_auth '/', 'Alice', 'correct-password', :wait => 2 do |response|
+        assert_digest_auth_challenge response
+        response.headers['WWW-Authenticate'].should =~ /\bstale=true\b/
+      end
+    ensure
+      Rack::Auth::Digest::Nonce.time_limit = nil
+    end
+  end
+
+  specify 'should return 400 Bad Request if incorrect qop given' do
+    request_with_digest_auth '/', 'Alice', 'correct-password', 'qop' => 'auth-int' do |response|
+      assert_bad_request response
+    end
+  end
+
+  specify 'should return 400 Bad Request if incorrect uri given' do
+    request_with_digest_auth '/', 'Alice', 'correct-password', 'uri' => '/foo' do |response|
+      assert_bad_request response
+    end
+  end
+
+  specify 'should return 400 Bad Request if different auth scheme used' do
+    request '/', 'HTTP_AUTHORIZATION' => 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==' do |response|
+      assert_bad_request response
+    end
+  end
+  
+end