tricycle-rack-contrib 0.9.0

data/lib/rack/contrib/deflect.rb

@@ -0,0 +1,137 @@
+require 'thread'
+
+# TODO: optional stats
+# TODO: performance
+# TODO: clean up tests
+
+module Rack
+
+  ##
+  # Rack middleware for protecting against Denial-of-service attacks
+  # http://en.wikipedia.org/wiki/Denial-of-service_attack.
+  #
+  # This middleware is designed for small deployments, which most likely
+  # are not utilizing load balancing from other software or hardware. Deflect
+  # current supports the following functionality:
+  #
+  # * Saturation prevention (small DoS attacks, or request abuse)
+  # * Blacklisting of remote addresses
+  # * Whitelisting of remote addresses
+  # * Logging
+  #
+  # === Options:
+  #
+  #   :log                When false logging will be bypassed, otherwise pass an object responding to #puts
+  #   :log_format         Alter the logging format
+  #   :log_date_format    Alter the logging date format
+  #   :request_threshold  Number of requests allowed within the set :interval. Defaults to 100
+  #   :interval           Duration in seconds until the request counter is reset. Defaults to 5
+  #   :block_duration     Duration in seconds that a remote address will be blocked. Defaults to 900 (15 minutes)
+  #   :whitelist          Array of remote addresses which bypass Deflect. NOTE: this does not block others
+  #   :blacklist          Array of remote addresses immediately considered malicious
+  #
+  # === Examples:
+  #
+  #  use Rack::Deflect, :log => $stdout, :request_threshold => 20, :interval => 2, :block_duration => 60
+  #
+  # CREDIT: TJ Holowaychuk <tj@vision-media.ca>
+  #
+
+  class Deflect
+
+    attr_reader :options
+
+    def initialize app, options = {}
+      @mutex = Mutex.new
+      @remote_addr_map = {}
+      @app, @options = app, {
+        :log => false,
+        :log_format => 'deflect(%s): %s',
+        :log_date_format => '%m/%d/%Y',
+        :request_threshold => 100,
+        :interval => 5,
+        :block_duration => 900,
+        :whitelist => [],
+        :blacklist => []
+      }.merge(options)
+    end
+
+    def call env
+      return deflect! if deflect? env
+      status, headers, body = @app.call env
+      [status, headers, body]
+    end
+
+    def deflect!
+      [403, { 'Content-Type' => 'text/html', 'Content-Length' => '0' }, '']
+    end
+
+    def deflect? env
+      @remote_addr = env['REMOTE_ADDR']
+      return false if options[:whitelist].include? @remote_addr
+      return true  if options[:blacklist].include? @remote_addr
+      sync { watch }
+    end
+
+    def log message
+      return unless options[:log]
+      options[:log].puts(options[:log_format] % [Time.now.strftime(options[:log_date_format]), message])
+    end
+
+    def sync &block
+      @mutex.synchronize(&block)
+    end
+
+    def map
+      @remote_addr_map[@remote_addr] ||= {
+        :expires => Time.now + options[:interval],
+        :requests => 0
+      }
+    end
+
+    def watch
+      increment_requests
+      clear! if watch_expired? and not blocked?
+      clear! if blocked? and block_expired?
+      block! if watching? and exceeded_request_threshold?
+      blocked?
+    end
+
+    def block!
+      return if blocked?
+      log "blocked #{@remote_addr}"
+      map[:block_expires] = Time.now + options[:block_duration]
+    end
+
+    def blocked?
+      map.has_key? :block_expires
+    end
+
+    def block_expired?
+      map[:block_expires] < Time.now rescue false
+    end
+
+    def watching?
+      @remote_addr_map.has_key? @remote_addr
+    end
+
+    def clear!
+      return unless watching?
+      log "released #{@remote_addr}" if blocked?
+      @remote_addr_map.delete @remote_addr
+    end
+
+    def increment_requests
+      map[:requests] += 1
+    end
+
+    def exceeded_request_threshold?
+      map[:requests] > options[:request_threshold]
+    end
+
+    def watch_expired?
+      map[:expires] <= Time.now
+    end
+
+  end
+end

data/lib/rack/contrib/etag.rb

@@ -0,0 +1,20 @@
+require 'digest/md5'
+
+module Rack
+  # Automatically sets the ETag header on all String bodies
+  class ETag
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      status, headers, body = @app.call(env)
+
+      if !headers.has_key?('ETag') && body.is_a?(String)
+        headers['ETag'] = %("#{Digest::MD5.hexdigest(body)}")
+      end
+
+      [status, headers, body]
+    end
+  end
+end

data/lib/rack/contrib/evil.rb

@@ -0,0 +1,12 @@
+module Rack
+  class Evil
+    # Lets you return a response to the client immediately from anywhere ( M V or C ) in the code.
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      catch(:response) { @app.call(env) }
+    end
+  end
+end

data/lib/rack/contrib/garbagecollector.rb

@@ -0,0 +1,14 @@
+module Rack
+  # Forces garbage collection after each request.
+  class GarbageCollector
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      @app.call(env)
+    ensure
+      GC.start
+    end
+  end
+end

data/lib/rack/contrib/jsonp.rb

@@ -0,0 +1,41 @@
+module Rack
+
+  # A Rack middleware for providing JSON-P support.
+  #
+  # Full credit to Flinn Mueller (http://actsasflinn.com/) for this contribution.
+  #
+  class JSONP
+
+    def initialize(app)
+      @app = app
+    end
+
+    # Proxies the request to the application, stripping out the JSON-P callback
+    # method and padding the response with the appropriate callback format.
+    #
+    # Changes nothing if no <tt>callback</tt> param is specified.
+    #
+    def call(env)
+      status, headers, response = @app.call(env)
+      request = Rack::Request.new(env)
+      if request.params.include?('callback')
+        response = pad(request.params.delete('callback'), response)
+        headers['Content-Length'] = response.length.to_s
+      end
+      [status, headers, response]
+    end
+
+    # Pads the response with the appropriate callback format according to the
+    # JSON-P spec/requirements.
+    #
+    # The Rack response spec indicates that it should be enumerable. The method
+    # of combining all of the data into a single string makes sense since JSON
+    # is returned as a full string.
+    #
+    def pad(callback, response, body = "")
+      response.each{ |s| body << s.to_s }
+      "#{callback}(#{body})"
+    end
+
+  end
+end

data/lib/rack/contrib/lighttpd_script_name_fix.rb

@@ -0,0 +1,16 @@
+module Rack
+  # Lighttpd sets the wrong SCRIPT_NAME and PATH_INFO if you mount your
+  # FastCGI app at "/". This middleware fixes this issue.
+
+  class LighttpdScriptNameFix
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      env["PATH_INFO"] = env["SCRIPT_NAME"].to_s + env["PATH_INFO"].to_s
+      env["SCRIPT_NAME"] = ""
+      @app.call(env)
+    end
+  end
+end

data/lib/rack/contrib/locale.rb

@@ -0,0 +1,31 @@
+require 'i18n'
+
+module Rack
+  class Locale
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      old_locale = I18n.locale
+      locale = nil
+
+      # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.4
+      if lang = env["HTTP_ACCEPT_LANGUAGE"]
+        lang = lang.split(",").map { |l|
+          l += ';q=1.0' unless l =~ /;q=\d+\.\d+$/
+          l.split(';q=')
+        }.first
+        locale = lang.first.split("-").first
+      else
+        locale = I18n.default_locale
+      end
+
+      locale = env['rack.locale'] = I18n.locale = locale.to_s
+      status, headers, body = @app.call(env)
+      headers['Content-Language'] = locale
+      I18n.locale = old_locale
+      [status, headers, body]
+    end
+  end
+end

data/lib/rack/contrib/mailexceptions.rb

@@ -0,0 +1,120 @@
+require 'net/smtp'
+require 'tmail'
+require 'erb'
+
+module Rack
+  # Catches all exceptions raised from the app it wraps and
+  # sends a useful email with the exception, stacktrace, and
+  # contents of the environment.
+
+  class MailExceptions
+    attr_reader :config
+
+    def initialize(app)
+      @app = app
+      @config = {
+        :to      => nil,
+        :from    => ENV['USER'] || 'rack',
+        :subject => '[exception] %s',
+        :smtp    => {
+          :server         => 'localhost',
+          :domain         => 'localhost',
+          :port           => 25,
+          :authentication => :login,
+          :user_name      => nil,
+          :password       => nil
+        }
+      }
+      @template = ERB.new(TEMPLATE)
+      yield self if block_given?
+    end
+
+    def call(env)
+      status, headers, body =
+        begin
+          @app.call(env)
+        rescue => boom
+          # TODO don't allow exceptions from send_notification to
+          # propogate
+          send_notification boom, env
+          raise
+        end
+      send_notification env['mail.exception'], env if env['mail.exception']
+      [status, headers, body]
+    end
+
+    %w[to from subject].each do |meth|
+      define_method(meth) { |value| @config[meth.to_sym] = value }
+    end
+
+    def smtp(settings={})
+      @config[:smtp].merge! settings
+    end
+
+  private
+    def generate_mail(exception, env)
+      mail = TMail::Mail.new
+      mail.to = Array(config[:to])
+      mail.from = config[:from]
+      mail.subject = config[:subject] % [exception.to_s]
+      mail.date = Time.now
+      mail.set_content_type 'text/plain'
+      mail.charset = 'UTF-8'
+      mail.body = @template.result(binding)
+      mail
+    end
+
+    def send_notification(exception, env)
+      mail = generate_mail(exception, env)
+      smtp = config[:smtp]
+      env['mail.sent'] = true
+      return if smtp[:server] == 'example.com'
+
+      Net::SMTP.start smtp[:server], smtp[:port], smtp[:domain], smtp[:user_name], smtp[:password], smtp[:authentication] do |server|
+        mail.to.each do |recipient|
+          server.send_message mail.to_s, mail.from, recipient
+        end
+      end
+    end
+
+    def extract_body(env)
+      if io = env['rack.input']
+        io.rewind if io.respond_to?(:rewind)
+        io.read
+      end
+    end
+
+    TEMPLATE = (<<-'EMAIL').gsub(/^ {4}/, '')
+    A <%= exception.class.to_s %> occured: <%= exception.to_s %>
+    <% if body = extract_body(env) %>
+
+    ===================================================================
+    Request Body:
+    ===================================================================
+
+    <%= body.gsub(/^/, '  ') %>
+    <% end %>
+
+    ===================================================================
+    Rack Environment:
+    ===================================================================
+
+      PID:                     <%= $$ %>
+      PWD:                     <%= Dir.getwd %>
+
+      <%= env.to_a.
+        sort{|a,b| a.first <=> b.first}.
+        map{ |k,v| "%-25s%p" % [k+':', v] }.
+        join("\n  ") %>
+
+    <% if exception.respond_to?(:backtrace) %>
+    ===================================================================
+    Backtrace:
+    ===================================================================
+
+      <%= exception.backtrace.join("\n  ") %>
+    <% end %>
+    EMAIL
+
+  end
+end

data/lib/rack/contrib/nested_params.rb

@@ -0,0 +1,143 @@
+require 'cgi'
+require 'strscan'
+
+module Rack
+  # Rack middleware for parsing POST/PUT body data into nested parameters
+  class NestedParams
+
+    CONTENT_TYPE = 'CONTENT_TYPE'.freeze
+    POST_BODY = 'rack.input'.freeze
+    FORM_INPUT = 'rack.request.form_input'.freeze
+    FORM_HASH = 'rack.request.form_hash'.freeze
+    FORM_VARS = 'rack.request.form_vars'.freeze
+
+    # supported content type
+    URL_ENCODED = 'application/x-www-form-urlencoded'.freeze
+
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      if form_vars = env[FORM_VARS]
+        env[FORM_HASH] = parse_query_parameters(form_vars)
+      elsif env[CONTENT_TYPE] == URL_ENCODED
+        post_body = env[POST_BODY]
+        env[FORM_INPUT] = post_body
+        env[FORM_HASH] = parse_query_parameters(post_body.read)
+        post_body.rewind if post_body.respond_to?(:rewind)
+      end
+      @app.call(env)
+    end
+
+    ## the rest is nabbed from Rails ##
+
+    def parse_query_parameters(query_string)
+      return {} if query_string.nil? or query_string.empty?
+
+      pairs = query_string.split('&').collect do |chunk|
+        next if chunk.empty?
+        key, value = chunk.split('=', 2)
+        next if key.empty?
+        value = value.nil? ? nil : CGI.unescape(value)
+        [ CGI.unescape(key), value ]
+      end.compact
+
+      UrlEncodedPairParser.new(pairs).result
+    end
+
+    class UrlEncodedPairParser < StringScanner
+      attr_reader :top, :parent, :result
+
+      def initialize(pairs = [])
+        super('')
+        @result = {}
+        pairs.each { |key, value| parse(key, value) }
+      end
+
+      KEY_REGEXP = %r{([^\[\]=&]+)}
+      BRACKETED_KEY_REGEXP = %r{\[([^\[\]=&]+)\]}
+
+      # Parse the query string
+      def parse(key, value)
+        self.string = key
+        @top, @parent = result, nil
+
+        # First scan the bare key
+        key = scan(KEY_REGEXP) or return
+        key = post_key_check(key)
+
+        # Then scan as many nestings as present
+        until eos?
+          r = scan(BRACKETED_KEY_REGEXP) or return
+          key = self[1]
+          key = post_key_check(key)
+        end
+
+        bind(key, value)
+      end
+
+      private
+        # After we see a key, we must look ahead to determine our next action. Cases:
+        #
+        #   [] follows the key. Then the value must be an array.
+        #   = follows the key. (A value comes next)
+        #   & or the end of string follows the key. Then the key is a flag.
+        #   otherwise, a hash follows the key.
+        def post_key_check(key)
+          if scan(/\[\]/) # a[b][] indicates that b is an array
+            container(key, Array)
+            nil
+          elsif check(/\[[^\]]/) # a[b] indicates that a is a hash
+            container(key, Hash)
+            nil
+          else # End of key? We do nothing.
+            key
+          end
+        end
+
+        # Add a container to the stack.
+        def container(key, klass)
+          type_conflict! klass, top[key] if top.is_a?(Hash) && top.key?(key) && ! top[key].is_a?(klass)
+          value = bind(key, klass.new)
+          type_conflict! klass, value unless value.is_a?(klass)
+          push(value)
+        end
+
+        # Push a value onto the 'stack', which is actually only the top 2 items.
+        def push(value)
+          @parent, @top = @top, value
+        end
+
+        # Bind a key (which may be nil for items in an array) to the provided value.
+        def bind(key, value)
+          if top.is_a? Array
+            if key
+              if top[-1].is_a?(Hash) && ! top[-1].key?(key)
+                top[-1][key] = value
+              else
+                top << {key => value}
+              end
+              push top.last
+              return top[key]
+            else
+              top << value
+              return value
+            end
+          elsif top.is_a? Hash
+            key = CGI.unescape(key)
+            parent << (@top = {}) if top.key?(key) && parent.is_a?(Array)
+            top[key] ||= value
+            return top[key]
+          else
+            raise ArgumentError, "Don't know what to do: top is #{top.inspect}"
+          end
+        end
+
+        def type_conflict!(klass, value)
+          raise TypeError, "Conflicting types for parameter containers. Expected an instance of #{klass} but found an instance of #{value.class}. This can be caused by colliding Array and Hash parameters like qs[]=value&qs[key]=value. (The parameters received were #{value.inspect}.)"
+        end
+    end
+
+  end
+end