tep 0.11.0

data/lib/tep/request.rb

@@ -0,0 +1,194 @@
+# Tep::Request -- what the handler reads off the wire.
+module Tep
+  class Request
+    attr_accessor :verb, :path, :raw_path, :http_version
+    attr_accessor :params, :query, :req_headers, :raw_body, :cookies, :session
+    attr_accessor :remote_host
+    attr_accessor :ivars
+    # Set by the auth-filter (Tep::AuthFilter, run before the user's
+    # before-filter -- see Tep::App#auth_filter). Always populated:
+    # Tep::Identity.anonymous when no provider matched, otherwise
+    # the matched provider's Identity. Handlers and filters can
+    # rely on req.identity being non-nil.
+    attr_accessor :identity
+
+    def initialize
+      @verb         = ""
+      @path         = ""
+      @raw_path     = ""
+      @http_version = "HTTP/1.0"
+      @params       = Tep.str_hash   # path captures + query + form merged
+      @query        = Tep.str_hash   # raw query string only
+      @req_headers  = Tep.str_hash   # downcased header names; renamed
+                                     # from `headers` to avoid sharing
+                                     # an ivar slot with Response (spinel
+                                     # mis-codegens polymorphic ivar
+                                     # writes when two classes share an
+                                     # ivar name).
+      @cookies      = Tep.str_hash   # parsed from Cookie: header
+      @session      = Session.new    # signed cookie store
+      @raw_body     = ""             # same reasoning as req_headers
+      @remote_host  = ""
+      @passed       = false          # `pass` flag: skip to the next matching route
+      @ivars        = Tep.str_hash   # per-request bag for `@name = ...`
+                                     # set by handlers and `before` filters,
+                                     # read by templates as `ivars[k]`. The
+                                     # Sinatra-compat translator rewrites
+                                     # `@x = v` -> `req.ivars["x"] = (v).to_s`
+                                     # in handler bodies and `@x` -> `ivars["x"]`
+                                     # inside ERB chunks.
+      @identity     = Tep::Identity.anonymous
+    end
+
+    attr_accessor :passed
+    def set_passed; @passed = true; end
+
+    # Sinatra-compat read aliases. Writers stay on the renamed slots
+    # (req_headers, raw_body) -- a `req.headers["X"] = v` from user
+    # code goes through these getters, but assignment back into the
+    # request via this method name is intentionally not provided
+    # (the framework doesn't expect handlers to mutate the request).
+    def headers; @req_headers; end
+    def body;    @raw_body;    end
+
+    # Spinel's Hash[k] returns "" for missing string keys, not nil --
+    # so an empty Connection header looks the same as no header at all.
+    # We treat both as "use HTTP/1.1 default behaviour".
+    def keep_alive?
+      lc = @req_headers["connection"].downcase
+      if lc == "close"
+        return false
+      end
+      if lc == "keep-alive"
+        return true
+      end
+      @http_version == "HTTP/1.1"
+    end
+
+    def content_length
+      @req_headers["content-length"].to_i
+    end
+
+    def form?
+      @req_headers["content-type"].downcase.start_with?("application/x-www-form-urlencoded")
+    end
+
+    # True when the request body is a multipart/form-data submission
+    # (browsers use this for any form built via `new FormData(...)`
+    # or carrying file inputs). Tep::Multipart.parse handles the
+    # text fields; file-upload parts are skipped in v1.
+    def multipart?
+      @req_headers["content-type"].downcase.start_with?("multipart/form-data")
+    end
+
+    # ---- Rack::Request-style accessors (reads only, no .ip yet) ----
+    # These are convenience getters over headers we already parse;
+    # `.ip` would need a sphttp_accept_with_peer C helper before it
+    # can land cleanly, so it's deferred.
+
+    def host;          @req_headers["host"];        end
+    def user_agent;    @req_headers["user-agent"];  end
+    def referer;       @req_headers["referer"];     end
+    def referrer;      @req_headers["referer"];     end   # spelling alias
+    def accept;        @req_headers["accept"];      end
+    def content_type;  @req_headers["content-type"]; end
+
+    # tep doesn't terminate TLS itself; both flags reflect "is this
+    # connection encrypted from the client's view?" via the
+    # `X-Forwarded-Proto: https` header that any reasonable reverse
+    # proxy sets.
+    def scheme
+      proto = @req_headers["x-forwarded-proto"]
+      if proto.length > 0
+        return proto.downcase
+      end
+      "http"
+    end
+
+    def ssl?
+      scheme == "https"
+    end
+
+    # Pull any remaining body bytes from `client_fd` up to the
+    # advertised Content-Length, then merge form / multipart fields
+    # into @params. Used by Tep::Server (prefork, blocking fds) --
+    # under the prefork model recv() blocks naturally until bytes
+    # arrive, so `sphttp_drain_body` (a tight blocking-recv loop)
+    # is the right primitive.
+    #
+    # Tep::Server::Scheduled uses `consume_body_via_scheduler` below
+    # instead, because its client fd is non-blocking + a blocking
+    # recv would starve the whole worker.
+    #
+    # No-op on bodyless requests. Form parsing handles
+    # `application/x-www-form-urlencoded`; multipart handles
+    # `multipart/form-data` (text fields only; file uploads skipped).
+    # Other content types leave @raw_body intact for handlers that
+    # want to consume it directly.
+    def consume_body(client_fd)
+      cl = content_length
+      already = @raw_body.length
+      if cl > already
+        rest = Sock.sphttp_drain_body(client_fd, cl - already)
+        @raw_body = @raw_body + rest
+      end
+      parse_form_body
+      0
+    end
+
+    # Scheduler-friendly body drain. Loops on
+    # `Sock.sphttp_recv_some` + `Tep::Scheduler.io_wait` so other
+    # fibers keep running while we wait for body bytes. Per-recv
+    # timeout caps the wait at 5s -- a client that opened the
+    # request but never sent the body gets dropped instead of
+    # hanging the fiber forever.
+    #
+    # Returns @raw_body.length after the drain. Body parsing
+    # (form / multipart -> @params) happens at the end via
+    # parse_form_body, same shape as consume_body.
+    def consume_body_via_scheduler(client_fd)
+      cl = content_length
+      while @raw_body.length < cl
+        ready = Tep::Scheduler.io_wait(client_fd, Tep::Scheduler::READ, 5)
+        if ready == 0
+          break   # timeout -- client never finished sending
+        end
+        chunk = Sock.sphttp_recv_some(client_fd, cl - @raw_body.length)
+        if chunk.length == 0
+          # Over TLS an empty read can be a partial record (SSL_read
+          # WANT_READ/WANT_WRITE) rather than a peer close -- re-park on
+          # the indicated direction and retry instead of truncating the
+          # body. Plaintext EOF/error (status 3/-1) still breaks.
+          st = Sock.sphttp_io_status
+          if st == 1
+            next
+          end
+          if st == 2
+            Tep::Scheduler.io_wait(client_fd, Tep::Scheduler::WRITE, 5)
+            next
+          end
+          break   # peer closed mid-body
+        end
+        @raw_body = @raw_body + chunk
+      end
+      parse_form_body
+      0
+    end
+
+    # Shared form / multipart -> @params merge. Both server-side
+    # body-drain paths call this once their drain step has filled
+    # @raw_body to Content-Length.
+    def parse_form_body
+      if form?
+        Url.parse_query(@raw_body).each do |k, v|
+          @params[k] = v
+        end
+      elsif multipart?
+        Tep::Multipart.parse(@raw_body, @req_headers["content-type"]).each do |k, v|
+          @params[k] = v
+        end
+      end
+      0
+    end
+  end
+end

data/lib/tep/response.rb

@@ -0,0 +1,134 @@
+# Tep::Response -- what the handler writes back. Headers are a Bag
+# (string-keyed); the framework adds Content-Length / Connection
+# automatically when serializing.
+module Tep
+  class Response
+    attr_accessor :status, :headers, :body, :halted, :file_path, :set_cookies
+
+    def initialize
+      @status      = 200
+      @headers     = Tep.str_hash
+      @body        = ""
+      @halted      = false
+      @file_path   = ""
+      # `Set-Cookie` is a header that can repeat; can't shove multiple
+      # values into a Hash slot. Each entry here is one fully-formatted
+      # Set-Cookie line, emitted verbatim by the writer.
+      @set_cookies = [""]
+      @set_cookies.delete_at(0)
+      @streamer    = Streamer.new   # default no-op; only used when @streaming
+      @streaming   = false
+      # WebSocket upgrade slots. The Tep::Server::Scheduled write
+      # path sees @upgrading_ws and, instead of writing the normal
+      # status-line response body, emits the 101 handshake response
+      # then drives the recv loop via Tep::WebSocket::Connection
+      # until the connection closes.
+      @upgrading_ws    = false
+      @ws_accept_key   = ""
+      @ws_driver       = Tep::WebSocket::Driver.new(0)
+      # Last-Modified validator as epoch seconds (0 = unset). The header
+      # carries the formatted date; this is kept for the conditional-GET
+      # comparison against If-Modified-Since (issue #152).
+      @lastmod_epoch   = 0
+    end
+
+    attr_accessor :streamer, :streaming
+    attr_accessor :upgrading_ws, :ws_accept_key, :ws_driver
+    attr_reader :lastmod_epoch
+
+    # ---- HTTP caching helpers (issue #152) ----
+
+    # Set the Cache-Control header verbatim.
+    def cache_control(v)
+      @headers["Cache-Control"] = v
+      self
+    end
+
+    # Common Cache-Control shortcuts.
+    def no_store; cache_control("no-store"); end
+    def no_cache; cache_control("no-cache"); end
+
+    # Cacheable for `secs` seconds: set both Expires (absolute HTTP-date)
+    # and Cache-Control: max-age (relative).
+    def expires(secs)
+      @headers["Expires"]       = Sock.sphttp_http_date(Time.now.to_i + secs)
+      @headers["Cache-Control"] = "max-age=" + secs.to_s
+      self
+    end
+
+    # Strong ETag validator (quoted per RFC 7232).
+    def etag(value)
+      @headers["ETag"] = "\"" + value + "\""
+      self
+    end
+
+    # Last-Modified validator from Unix epoch seconds. Remembers the
+    # epoch so conditional GET can compare it to If-Modified-Since.
+    def last_modified(epoch)
+      @lastmod_epoch            = epoch
+      @headers["Last-Modified"] = Sock.sphttp_http_date(epoch)
+      self
+    end
+
+    def start_stream(streamer)
+      @streamer  = streamer
+      @streaming = true
+    end
+
+    # Mark the response as a WebSocket upgrade. The server writes a
+    # 101 Switching Protocols response with the accept-key, assigns
+    # the live client fd onto the driver, then runs the recv loop.
+    def start_websocket(accept_key, driver)
+      @upgrading_ws  = true
+      @ws_accept_key = accept_key
+      @ws_driver     = driver
+    end
+
+    # Sinatra-style cookie writer. `opts` is a Bag-of-strings
+    # (path, expires, max-age, domain, samesite, httponly, secure).
+    # Empty `opts` is fine: just writes "name=value".
+    def set_cookie(name, value, opts)
+      line = name + "=" + Url.escape(value)
+      if opts.length > 0
+        opts.each do |k, v|
+          if v.length == 0
+            line = line + "; " + k          # bare flag (HttpOnly, Secure)
+          else
+            line = line + "; " + k + "=" + v
+          end
+        end
+      end
+      @set_cookies.push(line)
+    end
+
+    def send_file(path)
+      @file_path = path
+      @body = ""
+    end
+
+    # Spinel's polymorphic-receiver write codegen emits a no-op for
+    # `res.body = x` when called from a context that has a poly
+    # value, so we force the assignment through this method (where
+    # `self` is unambiguously Response).
+    def set_body_if_empty(s)
+      if @body.length == 0 && s.length > 0
+        @body = s
+      end
+    end
+
+    # Unconditional body setter. Same poly-write rationale as
+    # set_body_if_empty (self is unambiguously Response here, so the
+    # `@body = s` codegens correctly), but always assigns -- used by
+    # Tep::Proxy, which writes the upstream body whether or not it's
+    # empty (a 204 / empty upstream body must overwrite, not skip).
+    def set_body(s)
+      @body = s
+    end
+
+    def set_status(n); @status = n; end
+
+    def halted_close?
+      @halted && @status >= 300
+    end
+  end
+end

data/lib/tep/router.rb

@@ -0,0 +1,137 @@
+# Matches incoming requests against a static Route table built up
+# by the Tep.<verb> DSL. Path patterns: literal segments + ":name"
+# captures + "*" splat, OR a regex (via the handler's `is_regex?`).
+#
+# Spinel's type inference unifies parameters across classes that
+# share an ivar name. So Route uses `r_verb` / `r_pat` rather than
+# the more readable `verb` / `pattern` -- otherwise `req.verb` and
+# `route.verb` would make `req` and `route` indistinguishable to
+# the codegen and break ivar writes downstream.
+module Tep
+  class Route
+    attr_accessor :r_verb, :r_pat, :r_handler, :r_params
+
+    def initialize(verb, pattern, handler)
+      @r_verb    = verb
+      @r_pat     = pattern
+      @r_handler = handler
+      @r_params  = []
+      pattern.split("/").each do |part|
+        if part.length > 0 && part[0] == ":"
+          @r_params.push(part[1, part.length - 1])
+        end
+      end
+    end
+
+    def handler; @r_handler; end
+
+    def matches?(req_verb, req_path)
+      if req_verb != @r_verb
+        return false
+      end
+      if @r_handler.is_regex?
+        return @r_handler.re_match?(req_path)
+      end
+      pat = @r_pat.split("/")
+      req = req_path.split("/")
+      if pat.length != req.length
+        return false
+      end
+      i = 0
+      while i < pat.length
+        pp = pat[i]
+        rp = req[i]
+        if pp.length > 0 && pp[0] == ":"
+          if rp.length == 0
+            return false
+          end
+        elsif pp == "*"
+          if rp.length == 0
+            return false
+          end
+        else
+          if pp != rp
+            return false
+          end
+        end
+        i += 1
+      end
+      true
+    end
+
+    def fold_captures(req)
+      if @r_handler.is_regex?
+        caps = @r_handler.re_capture(req.path)
+        i = 0
+        while i < caps.length
+          req.params[(i + 1).to_s] = caps[i]
+          i += 1
+        end
+        return
+      end
+      pat = @r_pat.split("/")
+      rp  = req.path.split("/")
+      pi  = 0
+      i = 0
+      while i < pat.length
+        pp = pat[i]
+        if pp.length > 0 && pp[0] == ":"
+          name = @r_params[pi]
+          req.params[name] = Url.unescape(rp[i])
+          pi += 1
+        end
+        i += 1
+      end
+    end
+  end
+
+  class Router
+    attr_accessor :routes
+
+    def initialize
+      @routes = [Route.new("", "", Handler.new)]   # type-seed sentinel
+    end
+
+    def add(verb, pattern, handler)
+      @routes.push(Route.new(verb, pattern, handler))
+    end
+
+    def match(req)
+      i = 1                       # skip the seed at index 0
+      while i < @routes.length
+        r = @routes[i]
+        if r.matches?(req.verb, req.path)
+          return r
+        end
+        i += 1
+      end
+      nil
+    end
+
+    # Find the next matching route after `start_idx` (1-based; the
+    # seed at 0 is skipped). Used by `pass` to step to the next
+    # candidate. Returns the Route + its index, or nil + -1.
+    def match_after(req, start_idx)
+      i = start_idx + 1
+      while i < @routes.length
+        r = @routes[i]
+        if r.matches?(req.verb, req.path)
+          return r
+        end
+        i += 1
+      end
+      nil
+    end
+
+    def index_of(route)
+      i = 0
+      while i < @routes.length
+        if @routes[i] == route
+          return i
+        end
+        i += 1
+      end
+      -1
+    end
+  end
+end