webrick 1.3.1

data/lib/webrick/httpauth/htdigest.rb

@@ -0,0 +1,128 @@
+#
+# httpauth/htdigest.rb -- Apache compatible htdigest file
+#
+# Author: IPR -- Internet Programming with Ruby -- writers
+# Copyright (c) 2003 Internet Programming with Ruby writers. All rights
+# reserved.
+#
+# $IPR: htdigest.rb,v 1.4 2003/07/22 19:20:45 gotoyuzo Exp $
+
+require 'webrick/httpauth/userdb'
+require 'webrick/httpauth/digestauth'
+require 'tempfile'
+
+module WEBrick
+  module HTTPAuth
+
+    ##
+    # Htdigest accesses apache-compatible digest password files.  Passwords are
+    # matched to a realm where they are valid.  For security, the path for a
+    # digest password database should be stored outside of the paths available
+    # to the HTTP server.
+    #
+    # Htdigest is intended for use with WEBrick::HTTPAuth::DigestAuth and
+    # stores passwords using cryptographic hashes.
+    #
+    #   htpasswd = WEBrick::HTTPAuth::Htdigest.new 'my_password_file'
+    #   htpasswd.set_passwd 'my realm', 'username', 'password'
+    #   htpasswd.flush
+
+    class Htdigest
+      include UserDB
+
+      ##
+      # Open a digest password database at +path+
+
+      def initialize(path)
+        @path = path
+        @mtime = Time.at(0)
+        @digest = Hash.new
+        @mutex = Mutex::new
+        @auth_type = DigestAuth
+        open(@path,"a").close unless File::exist?(@path)
+        reload
+      end
+
+      ##
+      # Reloads passwords from the database
+
+      def reload
+        mtime = File::mtime(@path)
+        if mtime > @mtime
+          @digest.clear
+          open(@path){|io|
+            while line = io.gets
+              line.chomp!
+              user, realm, pass = line.split(/:/, 3)
+              unless @digest[realm]
+                @digest[realm] = Hash.new
+              end
+              @digest[realm][user] = pass
+            end
+          }
+          @mtime = mtime
+        end
+      end
+
+      ##
+      # Flush the password database.  If +output+ is given the database will
+      # be written there instead of to the original path.
+
+      def flush(output=nil)
+        output ||= @path
+        tmp = Tempfile.new("htpasswd", File::dirname(output))
+        begin
+          each{|item| tmp.puts(item.join(":")) }
+          tmp.close
+          File::rename(tmp.path, output)
+        rescue
+          tmp.close(true)
+        end
+      end
+
+      ##
+      # Retrieves a password from the database for +user+ in +realm+.  If
+      # +reload_db+ is true the database will be reloaded first.
+
+      def get_passwd(realm, user, reload_db)
+        reload() if reload_db
+        if hash = @digest[realm]
+          hash[user]
+        end
+      end
+
+      ##
+      # Sets a password in the database for +user+ in +realm+ to +pass+.
+
+      def set_passwd(realm, user, pass)
+        @mutex.synchronize{
+          unless @digest[realm]
+            @digest[realm] = Hash.new
+          end
+          @digest[realm][user] = make_passwd(realm, user, pass)
+        }
+      end
+
+      ##
+      # Removes a password from the database for +user+ in +realm+.
+
+      def delete_passwd(realm, user)
+        if hash = @digest[realm]
+          hash.delete(user)
+        end
+      end
+
+      ##
+      # Iterate passwords in the database.
+
+      def each # :yields: [user, realm, password_hash]
+        @digest.keys.sort.each{|realm|
+          hash = @digest[realm]
+          hash.keys.sort.each{|user|
+            yield([user, realm, hash[user]])
+          }
+        }
+      end
+    end
+  end
+end

data/lib/webrick/httpauth/htgroup.rb

@@ -0,0 +1,93 @@
+#
+# httpauth/htgroup.rb -- Apache compatible htgroup file
+#
+# Author: IPR -- Internet Programming with Ruby -- writers
+# Copyright (c) 2003 Internet Programming with Ruby writers. All rights
+# reserved.
+#
+# $IPR: htgroup.rb,v 1.1 2003/02/16 22:22:56 gotoyuzo Exp $
+
+require 'tempfile'
+
+module WEBrick
+  module HTTPAuth
+
+    ##
+    # Htgroup accesses apache-compatible group files.  Htgroup can be used to
+    # provide group-based authentication for users.  Currently Htgroup is not
+    # directly integrated with any authenticators in WEBrick.  For security,
+    # the path for a digest password database should be stored outside of the
+    # paths available to the HTTP server.
+    #
+    # Example:
+    #
+    #   htgroup = WEBrick::HTTPAuth::Htgroup.new 'my_group_file'
+    #   htgroup.add 'superheroes', %w[spiderman batman]
+    #
+    #   htgroup.members('superheroes').include? 'magneto' # => false
+
+    class Htgroup
+
+      ##
+      # Open a group database at +path+
+
+      def initialize(path)
+        @path = path
+        @mtime = Time.at(0)
+        @group = Hash.new
+        open(@path,"a").close unless File::exist?(@path)
+        reload
+      end
+
+      ##
+      # Reload groups from the database
+
+      def reload
+        if (mtime = File::mtime(@path)) > @mtime
+          @group.clear
+          open(@path){|io|
+            while line = io.gets
+              line.chomp!
+              group, members = line.split(/:\s*/)
+              @group[group] = members.split(/\s+/)
+            end
+          }
+          @mtime = mtime
+        end
+      end
+
+      ##
+      # Flush the group database.  If +output+ is given the database will be
+      # written there instead of to the original path.
+
+      def flush(output=nil)
+        output ||= @path
+        tmp = Tempfile.new("htgroup", File::dirname(output))
+        begin
+          @group.keys.sort.each{|group|
+            tmp.puts(format("%s: %s", group, self.members(group).join(" ")))
+          }
+          tmp.close
+          File::rename(tmp.path, output)
+        rescue
+          tmp.close(true)
+        end
+      end
+
+      ##
+      # Retrieve the list of members from +group+
+
+      def members(group)
+        reload
+        @group[group] || []
+      end
+
+      ##
+      # Add an Array of +members+ to +group+
+
+      def add(group, members)
+        @group[group] = members(group) | members
+      end
+    end
+  end
+end

data/lib/webrick/httpauth/htpasswd.rb

@@ -0,0 +1,121 @@
+#
+# httpauth/htpasswd -- Apache compatible htpasswd file
+#
+# Author: IPR -- Internet Programming with Ruby -- writers
+# Copyright (c) 2003 Internet Programming with Ruby writers. All rights
+# reserved.
+#
+# $IPR: htpasswd.rb,v 1.4 2003/07/22 19:20:45 gotoyuzo Exp $
+
+require 'webrick/httpauth/userdb'
+require 'webrick/httpauth/basicauth'
+require 'tempfile'
+
+module WEBrick
+  module HTTPAuth
+
+    ##
+    # Htpasswd accesses apache-compatible password files.  Passwords are
+    # matched to a realm where they are valid.  For security, the path for a
+    # password database should be stored outside of the paths available to the
+    # HTTP server.
+    #
+    # Htpasswd is intended for use with WEBrick::HTTPAuth::BasicAuth.
+    #
+    # To create an Htpasswd database with a single user:
+    #
+    #   htpasswd = WEBrick::HTTPAuth::Htpasswd.new 'my_password_file'
+    #   htpasswd.set_passwd 'my realm', 'username', 'password'
+    #   htpasswd.flush
+
+    class Htpasswd
+      include UserDB
+
+      ##
+      # Open a password database at +path+
+
+      def initialize(path)
+        @path = path
+        @mtime = Time.at(0)
+        @passwd = Hash.new
+        @auth_type = BasicAuth
+        open(@path,"a").close unless File::exist?(@path)
+        reload
+      end
+
+      ##
+      # Reload passwords from the database
+
+      def reload
+        mtime = File::mtime(@path)
+        if mtime > @mtime
+          @passwd.clear
+          open(@path){|io|
+            while line = io.gets
+              line.chomp!
+              case line
+              when %r!\A[^:]+:[a-zA-Z0-9./]{13}\z!
+                user, pass = line.split(":")
+              when /:\$/, /:{SHA}/
+                raise NotImplementedError,
+                      'MD5, SHA1 .htpasswd file not supported'
+              else
+                raise StandardError, 'bad .htpasswd file'
+              end
+              @passwd[user] = pass
+            end
+          }
+          @mtime = mtime
+        end
+      end
+
+      ##
+      # Flush the password database.  If +output+ is given the database will
+      # be written there instead of to the original path.
+
+      def flush(output=nil)
+        output ||= @path
+        tmp = Tempfile.new("htpasswd", File::dirname(output))
+        begin
+          each{|item| tmp.puts(item.join(":")) }
+          tmp.close
+          File::rename(tmp.path, output)
+        rescue
+          tmp.close(true)
+        end
+      end
+
+      ##
+      # Retrieves a password from the database for +user+ in +realm+.  If
+      # +reload_db+ is true the database will be reloaded first.
+
+      def get_passwd(realm, user, reload_db)
+        reload() if reload_db
+        @passwd[user]
+      end
+
+      ##
+      # Sets a password in the database for +user+ in +realm+ to +pass+.
+
+      def set_passwd(realm, user, pass)
+        @passwd[user] = make_passwd(realm, user, pass)
+      end
+
+      ##
+      # Removes a password from the database for +user+ in +realm+.
+
+      def delete_passwd(realm, user)
+        @passwd.delete(user)
+      end
+
+      ##
+      # Iterate passwords in the database.
+
+      def each # :yields: [user, password]
+        @passwd.keys.sort.each{|user|
+          yield([user, @passwd[user]])
+        }
+      end
+    end
+  end
+end

data/lib/webrick/httpauth/userdb.rb

@@ -0,0 +1,52 @@
+#--
+# httpauth/userdb.rb -- UserDB mix-in module.
+#
+# Author: IPR -- Internet Programming with Ruby -- writers
+# Copyright (c) 2003 Internet Programming with Ruby writers. All rights
+# reserved.
+#
+# $IPR: userdb.rb,v 1.2 2003/02/20 07:15:48 gotoyuzo Exp $
+
+module WEBrick
+  module HTTPAuth
+
+    ##
+    # User database mixin for HTTPAuth.  This mixin dispatches user record
+    # access to the underlying auth_type for this database.
+
+    module UserDB
+
+      ##
+      # The authentication type.
+      #
+      # WEBrick::HTTPAuth::BasicAuth or WEBrick::HTTPAuth::DigestAuth are
+      # built-in.
+
+      attr_accessor :auth_type
+
+      ##
+      # Creates an obscured password in +realm+ with +user+ and +password+
+      # using the auth_type of this database.
+
+      def make_passwd(realm, user, pass)
+        @auth_type::make_passwd(realm, user, pass)
+      end
+
+      ##
+      # Sets a password in +realm+ with +user+ and +password+ for the
+      # auth_type of this database.
+
+      def set_passwd(realm, user, pass)
+        self[user] = pass
+      end
+
+      ##
+      # Retrieves a password in +realm+ for +user+ for the auth_type of this
+      # database.  +reload_db+ is a dummy value.
+
+      def get_passwd(realm, user, reload_db=false)
+        make_passwd(realm, user, self[user])
+      end
+    end
+  end
+end

data/lib/webrick/httpproxy.rb

@@ -0,0 +1,305 @@
+#
+# httpproxy.rb -- HTTPProxy Class
+#
+# Author: IPR -- Internet Programming with Ruby -- writers
+# Copyright (c) 2002 GOTO Kentaro
+# Copyright (c) 2002 Internet Programming with Ruby writers. All rights
+# reserved.
+#
+# $IPR: httpproxy.rb,v 1.18 2003/03/08 18:58:10 gotoyuzo Exp $
+# $kNotwork: straw.rb,v 1.3 2002/02/12 15:13:07 gotoken Exp $
+
+require "webrick/httpserver"
+require "net/http"
+
+Net::HTTP::version_1_2 if RUBY_VERSION < "1.7"
+
+module WEBrick
+  NullReader = Object.new
+  class << NullReader
+    def read(*args)
+      nil
+    end
+    alias gets read
+  end
+
+  FakeProxyURI = Object.new
+  class << FakeProxyURI
+    def method_missing(meth, *args)
+      if %w(scheme host port path query userinfo).member?(meth.to_s)
+        return nil
+      end
+      super
+    end
+  end
+
+  ##
+  # An HTTP Proxy server which proxies GET, HEAD and POST requests.
+
+  class HTTPProxyServer < HTTPServer
+
+    ##
+    # Proxy server configurations.  The proxy server handles the following
+    # configuration items in addition to those supported by HTTPServer:
+    #
+    # :ProxyAuthProc:: Called with a request and response to authorize a
+    #                  request
+    # :ProxyVia:: Appended to the via header
+    # :ProxyURI:: The proxy server's URI
+    # :ProxyContentHandler:: Called with a request and resopnse and allows
+    #                        modification of the response
+    # :ProxyTimeout:: Sets the proxy timeouts to 30 seconds for open and 60
+    #                 seconds for read operations
+
+    def initialize(config={}, default=Config::HTTP)
+      super(config, default)
+      c = @config
+      @via = "#{c[:HTTPVersion]} #{c[:ServerName]}:#{c[:Port]}"
+    end
+
+    def service(req, res)
+      if req.request_method == "CONNECT"
+        do_CONNECT(req, res)
+      elsif req.unparsed_uri =~ %r!^http://!
+        proxy_service(req, res)
+      else
+        super(req, res)
+      end
+    end
+
+    def proxy_auth(req, res)
+      if proc = @config[:ProxyAuthProc]
+        proc.call(req, res)
+      end
+      req.header.delete("proxy-authorization")
+    end
+
+    def proxy_uri(req, res)
+      # should return upstream proxy server's URI
+      return @config[:ProxyURI]
+    end
+
+    def proxy_service(req, res)
+      # Proxy Authentication
+      proxy_auth(req, res)
+
+      begin
+        self.send("do_#{req.request_method}", req, res)
+      rescue NoMethodError
+        raise HTTPStatus::MethodNotAllowed,
+          "unsupported method `#{req.request_method}'."
+      rescue => err
+        logger.debug("#{err.class}: #{err.message}")
+        raise HTTPStatus::ServiceUnavailable, err.message
+      end
+
+      # Process contents
+      if handler = @config[:ProxyContentHandler]
+        handler.call(req, res)
+      end
+    end
+
+    def do_CONNECT(req, res)
+      # Proxy Authentication
+      proxy_auth(req, res)
+
+      ua = Thread.current[:WEBrickSocket]  # User-Agent
+      raise HTTPStatus::InternalServerError,
+        "[BUG] cannot get socket" unless ua
+
+      host, port = req.unparsed_uri.split(":", 2)
+      # Proxy authentication for upstream proxy server
+      if proxy = proxy_uri(req, res)
+        proxy_request_line = "CONNECT #{host}:#{port} HTTP/1.0"
+        if proxy.userinfo
+          credentials = "Basic " + [proxy.userinfo].pack("m").delete("\n")
+        end
+        host, port = proxy.host, proxy.port
+      end
+
+      begin
+        @logger.debug("CONNECT: upstream proxy is `#{host}:#{port}'.")
+        os = TCPSocket.new(host, port)     # origin server
+
+        if proxy
+          @logger.debug("CONNECT: sending a Request-Line")
+          os << proxy_request_line << CRLF
+          @logger.debug("CONNECT: > #{proxy_request_line}")
+          if credentials
+            @logger.debug("CONNECT: sending a credentials")
+            os << "Proxy-Authorization: " << credentials << CRLF
+          end
+          os << CRLF
+          proxy_status_line = os.gets(LF)
+          @logger.debug("CONNECT: read a Status-Line form the upstream server")
+          @logger.debug("CONNECT: < #{proxy_status_line}")
+          if %r{^HTTP/\d+\.\d+\s+200\s*} =~ proxy_status_line
+            while line = os.gets(LF)
+              break if /\A(#{CRLF}|#{LF})\z/om =~ line
+            end
+          else
+            raise HTTPStatus::BadGateway
+          end
+        end
+        @logger.debug("CONNECT #{host}:#{port}: succeeded")
+        res.status = HTTPStatus::RC_OK
+      rescue => ex
+        @logger.debug("CONNECT #{host}:#{port}: failed `#{ex.message}'")
+        res.set_error(ex)
+        raise HTTPStatus::EOFError
+      ensure
+        if handler = @config[:ProxyContentHandler]
+          handler.call(req, res)
+        end
+        res.send_response(ua)
+        access_log(@config, req, res)
+
+        # Should clear request-line not to send the sesponse twice.
+        # see: HTTPServer#run
+        req.parse(NullReader) rescue nil
+      end
+
+      begin
+        while fds = IO::select([ua, os])
+          if fds[0].member?(ua)
+            buf = ua.sysread(1024);
+            @logger.debug("CONNECT: #{buf.bytesize} byte from User-Agent")
+            os.syswrite(buf)
+          elsif fds[0].member?(os)
+            buf = os.sysread(1024);
+            @logger.debug("CONNECT: #{buf.bytesize} byte from #{host}:#{port}")
+            ua.syswrite(buf)
+          end
+        end
+      rescue => ex
+        os.close
+        @logger.debug("CONNECT #{host}:#{port}: closed")
+      end
+
+      raise HTTPStatus::EOFError
+    end
+
+    def do_GET(req, res)
+      perform_proxy_request(req, res) do |http, path, header|
+        http.get(path, header)
+      end
+    end
+
+    def do_HEAD(req, res)
+      perform_proxy_request(req, res) do |http, path, header|
+        http.head(path, header)
+      end
+    end
+
+    def do_POST(req, res)
+      perform_proxy_request(req, res) do |http, path, header|
+        http.post(path, req.body || "", header)
+      end
+    end
+
+    def do_OPTIONS(req, res)
+      res['allow'] = "GET,HEAD,POST,OPTIONS,CONNECT"
+    end
+
+    private
+
+    # Some header fields should not be transferred.
+    HopByHop = %w( connection keep-alive proxy-authenticate upgrade
+                   proxy-authorization te trailers transfer-encoding )
+    ShouldNotTransfer = %w( set-cookie proxy-connection )
+    def split_field(f) f ? f.split(/,\s+/).collect{|i| i.downcase } : [] end
+
+    def choose_header(src, dst)
+      connections = split_field(src['connection'])
+      src.each{|key, value|
+        key = key.downcase
+        if HopByHop.member?(key)          || # RFC2616: 13.5.1
+           connections.member?(key)       || # RFC2616: 14.10
+           ShouldNotTransfer.member?(key)    # pragmatics
+          @logger.debug("choose_header: `#{key}: #{value}'")
+          next
+        end
+        dst[key] = value
+      }
+    end
+
+    # Net::HTTP is stupid about the multiple header fields.
+    # Here is workaround:
+    def set_cookie(src, dst)
+      if str = src['set-cookie']
+        cookies = []
+        str.split(/,\s*/).each{|token|
+          if /^[^=]+;/o =~ token
+            cookies[-1] << ", " << token
+          elsif /=/o =~ token
+            cookies << token
+          else
+            cookies[-1] << ", " << token
+          end
+        }
+        dst.cookies.replace(cookies)
+      end
+    end
+
+    def set_via(h)
+      if @config[:ProxyVia]
+        if  h['via']
+          h['via'] << ", " << @via
+        else
+          h['via'] = @via
+        end
+      end
+    end
+
+    def setup_proxy_header(req, res)
+      # Choose header fields to transfer
+      header = Hash.new
+      choose_header(req, header)
+      set_via(header)
+      return header
+    end
+
+    def setup_upstream_proxy_authentication(req, res, header)
+      if upstream = proxy_uri(req, res)
+        if upstream.userinfo
+          header['proxy-authorization'] =
+            "Basic " + [upstream.userinfo].pack("m").delete("\n")
+        end
+        return upstream
+      end
+      return FakeProxyURI
+    end
+
+    def perform_proxy_request(req, res)
+      uri = req.request_uri
+      path = uri.path.dup
+      path << "?" << uri.query if uri.query
+      header = setup_proxy_header(req, res)
+      upstream = setup_upstream_proxy_authentication(req, res, header)
+      response = nil
+
+      http = Net::HTTP.new(uri.host, uri.port, upstream.host, upstream.port)
+      http.start do
+        if @config[:ProxyTimeout]
+          ##################################   these issues are
+          http.open_timeout = 30   # secs  #   necessary (maybe bacause
+          http.read_timeout = 60   # secs  #   Ruby's bug, but why?)
+          ##################################
+        end
+        response = yield(http, path, header)
+      end
+
+      # Persistent connection requirements are mysterious for me.
+      # So I will close the connection in every response.
+      res['proxy-connection'] = "close"
+      res['connection'] = "close"
+
+      # Convert Net::HTTP::HTTPResponse to WEBrick::HTTPResponse
+      res.status = response.code.to_i
+      choose_header(response, res)
+      set_cookie(response, res)
+      set_via(res)
+      res.body = response.body
+    end
+  end
+end