webrick 1.3.1 → 1.6.1

data/lib/webrick/httpauth/htgroup.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #
 # httpauth/htgroup.rb -- Apache compatible htgroup file
 #
@@ -35,7 +36,7 @@ module WEBrick
         @path = path
         @mtime = Time.at(0)
         @group = Hash.new
-        open(@path,"a").close unless File::exist?(@path)
+        File.open(@path,"a").close unless File.exist?(@path)
         reload
       end
 
@@ -45,7 +46,7 @@ module WEBrick
       def reload
         if (mtime = File::mtime(@path)) > @mtime
           @group.clear
-          open(@path){|io|
+          File.open(@path){|io|
             while line = io.gets
               line.chomp!
               group, members = line.split(/:\s*/)
@@ -62,15 +63,18 @@ module WEBrick
 
       def flush(output=nil)
         output ||= @path
-        tmp = Tempfile.new("htgroup", File::dirname(output))
+        tmp = Tempfile.create("htgroup", File::dirname(output))
         begin
           @group.keys.sort.each{|group|
             tmp.puts(format("%s: %s", group, self.members(group).join(" ")))
           }
+        ensure
           tmp.close
-          File::rename(tmp.path, output)
-        rescue
-          tmp.close(true)
+          if $!
+            File.unlink(tmp.path)
+          else
+            return File.rename(tmp.path, output)
+          end
         end
       end
 

data/lib/webrick/httpauth/htpasswd.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #
 # httpauth/htpasswd -- Apache compatible htpasswd file
 #
@@ -7,8 +8,8 @@
 #
 # $IPR: htpasswd.rb,v 1.4 2003/07/22 19:20:45 gotoyuzo Exp $
 
-require 'webrick/httpauth/userdb'
-require 'webrick/httpauth/basicauth'
+require_relative 'userdb'
+require_relative 'basicauth'
 require 'tempfile'
 
 module WEBrick
@@ -34,12 +35,30 @@ module WEBrick
       ##
       # Open a password database at +path+
 
-      def initialize(path)
+      def initialize(path, password_hash: nil)
         @path = path
         @mtime = Time.at(0)
         @passwd = Hash.new
         @auth_type = BasicAuth
-        open(@path,"a").close unless File::exist?(@path)
+        @password_hash = password_hash
+
+        case @password_hash
+        when nil
+          # begin
+          #   require "string/crypt"
+          # rescue LoadError
+          #   warn("Unable to load string/crypt, proceeding with deprecated use of String#crypt, consider using password_hash: :bcrypt")
+          # end
+          @password_hash = :crypt
+        when :crypt
+          # require "string/crypt"
+        when :bcrypt
+          require "bcrypt"
+        else
+          raise ArgumentError, "only :crypt and :bcrypt are supported for password_hash keyword argument"
+        end
+
+        File.open(@path,"a").close unless File.exist?(@path)
         reload
       end
 
@@ -50,11 +69,19 @@ module WEBrick
         mtime = File::mtime(@path)
         if mtime > @mtime
           @passwd.clear
-          open(@path){|io|
+          File.open(@path){|io|
             while line = io.gets
               line.chomp!
               case line
               when %r!\A[^:]+:[a-zA-Z0-9./]{13}\z!
+                if @password_hash == :bcrypt
+                  raise StandardError, ".htpasswd file contains crypt password, only bcrypt passwords supported"
+                end
+                user, pass = line.split(":")
+              when %r!\A[^:]+:\$2[aby]\$\d{2}\$.{53}\z!
+                if @password_hash == :crypt
+                  raise StandardError, ".htpasswd file contains bcrypt password, only crypt passwords supported"
+                end
                 user, pass = line.split(":")
               when /:\$/, /:{SHA}/
                 raise NotImplementedError,
@@ -75,13 +102,16 @@ module WEBrick
 
       def flush(output=nil)
         output ||= @path
-        tmp = Tempfile.new("htpasswd", File::dirname(output))
+        tmp = Tempfile.create("htpasswd", File::dirname(output))
+        renamed = false
         begin
           each{|item| tmp.puts(item.join(":")) }
           tmp.close
           File::rename(tmp.path, output)
-        rescue
-          tmp.close(true)
+          renamed = true
+        ensure
+          tmp.close
+          File.unlink(tmp.path) if !renamed
         end
       end
 
@@ -98,7 +128,14 @@ module WEBrick
       # Sets a password in the database for +user+ in +realm+ to +pass+.
 
       def set_passwd(realm, user, pass)
-        @passwd[user] = make_passwd(realm, user, pass)
+        if @password_hash == :bcrypt
+          # Cost of 5 to match Apache default, and because the
+          # bcrypt default of 10 will introduce significant delays
+          # for every request.
+          @passwd[user] = BCrypt::Password.create(pass, :cost=>5)
+        else
+          @passwd[user] = make_passwd(realm, user, pass)
+        end
       end
 
       ##

data/lib/webrick/httpauth/userdb.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #--
 # httpauth/userdb.rb -- UserDB mix-in module.
 #

data/lib/webrick/httpproxy.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #
 # httpproxy.rb -- HTTPProxy Class
 #
@@ -9,22 +10,21 @@
 # $IPR: httpproxy.rb,v 1.18 2003/03/08 18:58:10 gotoyuzo Exp $
 # $kNotwork: straw.rb,v 1.3 2002/02/12 15:13:07 gotoken Exp $
 
-require "webrick/httpserver"
+require_relative "httpserver"
 require "net/http"
 
-Net::HTTP::version_1_2 if RUBY_VERSION < "1.7"
-
 module WEBrick
-  NullReader = Object.new
-  class << NullReader
+
+  NullReader = Object.new # :nodoc:
+  class << NullReader # :nodoc:
     def read(*args)
       nil
     end
     alias gets read
   end
 
-  FakeProxyURI = Object.new
-  class << FakeProxyURI
+  FakeProxyURI = Object.new # :nodoc:
+  class << FakeProxyURI # :nodoc:
     def method_missing(meth, *args)
       if %w(scheme host port path query userinfo).member?(meth.to_s)
         return nil
@@ -33,8 +33,38 @@ module WEBrick
     end
   end
 
+  # :startdoc:
+
   ##
   # An HTTP Proxy server which proxies GET, HEAD and POST requests.
+  #
+  # To create a simple proxy server:
+  #
+  #   require 'webrick'
+  #   require 'webrick/httpproxy'
+  #
+  #   proxy = WEBrick::HTTPProxyServer.new Port: 8000
+  #
+  #   trap 'INT'  do proxy.shutdown end
+  #   trap 'TERM' do proxy.shutdown end
+  #
+  #   proxy.start
+  #
+  # See ::new for proxy-specific configuration items.
+  #
+  # == Modifying proxied responses
+  #
+  # To modify content the proxy server returns use the +:ProxyContentHandler+
+  # option:
+  #
+  #   handler = proc do |req, res|
+  #     if res['content-type'] == 'text/plain' then
+  #       res.body << "\nThis content was proxied!\n"
+  #     end
+  #   end
+  #
+  #   proxy =
+  #     WEBrick::HTTPProxyServer.new Port: 8000, ProxyContentHandler: handler
 
   class HTTPProxyServer < HTTPServer
 
@@ -46,7 +76,7 @@ module WEBrick
     #                  request
     # :ProxyVia:: Appended to the via header
     # :ProxyURI:: The proxy server's URI
-    # :ProxyContentHandler:: Called with a request and resopnse and allows
+    # :ProxyContentHandler:: Called with a request and response and allows
     #                        modification of the response
     # :ProxyTimeout:: Sets the proxy timeouts to 30 seconds for open and 60
     #                 seconds for read operations
@@ -57,6 +87,7 @@ module WEBrick
       @via = "#{c[:HTTPVersion]} #{c[:ServerName]}:#{c[:Port]}"
     end
 
+    # :stopdoc:
     def service(req, res)
       if req.request_method == "CONNECT"
         do_CONNECT(req, res)
@@ -112,7 +143,7 @@ module WEBrick
       if proxy = proxy_uri(req, res)
         proxy_request_line = "CONNECT #{host}:#{port} HTTP/1.0"
         if proxy.userinfo
-          credentials = "Basic " + [proxy.userinfo].pack("m").delete("\n")
+          credentials = "Basic " + [proxy.userinfo].pack("m0")
         end
         host, port = proxy.host, proxy.port
       end
@@ -126,12 +157,12 @@ module WEBrick
           os << proxy_request_line << CRLF
           @logger.debug("CONNECT: > #{proxy_request_line}")
           if credentials
-            @logger.debug("CONNECT: sending a credentials")
+            @logger.debug("CONNECT: sending credentials")
             os << "Proxy-Authorization: " << credentials << CRLF
           end
           os << CRLF
           proxy_status_line = os.gets(LF)
-          @logger.debug("CONNECT: read a Status-Line form the upstream server")
+          @logger.debug("CONNECT: read Status-Line from the upstream server")
           @logger.debug("CONNECT: < #{proxy_status_line}")
           if %r{^HTTP/\d+\.\d+\s+200\s*} =~ proxy_status_line
             while line = os.gets(LF)
@@ -154,7 +185,7 @@ module WEBrick
         res.send_response(ua)
         access_log(@config, req, res)
 
-        # Should clear request-line not to send the sesponse twice.
+        # Should clear request-line not to send the response twice.
         # see: HTTPServer#run
         req.parse(NullReader) rescue nil
       end
@@ -162,16 +193,16 @@ module WEBrick
       begin
         while fds = IO::select([ua, os])
           if fds[0].member?(ua)
-            buf = ua.sysread(1024);
+            buf = ua.readpartial(1024);
             @logger.debug("CONNECT: #{buf.bytesize} byte from User-Agent")
-            os.syswrite(buf)
+            os.write(buf)
           elsif fds[0].member?(os)
-            buf = os.sysread(1024);
+            buf = os.readpartial(1024);
             @logger.debug("CONNECT: #{buf.bytesize} byte from #{host}:#{port}")
-            ua.syswrite(buf)
+            ua.write(buf)
           end
         end
-      rescue => ex
+      rescue
         os.close
         @logger.debug("CONNECT #{host}:#{port}: closed")
       end
@@ -180,21 +211,15 @@ module WEBrick
     end
 
     def do_GET(req, res)
-      perform_proxy_request(req, res) do |http, path, header|
-        http.get(path, header)
-      end
+      perform_proxy_request(req, res, Net::HTTP::Get)
     end
 
     def do_HEAD(req, res)
-      perform_proxy_request(req, res) do |http, path, header|
-        http.head(path, header)
-      end
+      perform_proxy_request(req, res, Net::HTTP::Head)
     end
 
     def do_POST(req, res)
-      perform_proxy_request(req, res) do |http, path, header|
-        http.post(path, req.body || "", header)
-      end
+      perform_proxy_request(req, res, Net::HTTP::Post, req.body_reader)
     end
 
     def do_OPTIONS(req, res)
@@ -263,43 +288,63 @@ module WEBrick
       if upstream = proxy_uri(req, res)
         if upstream.userinfo
           header['proxy-authorization'] =
-            "Basic " + [upstream.userinfo].pack("m").delete("\n")
+            "Basic " + [upstream.userinfo].pack("m0")
         end
         return upstream
       end
       return FakeProxyURI
     end
 
-    def perform_proxy_request(req, res)
+    def perform_proxy_request(req, res, req_class, body_stream = nil)
       uri = req.request_uri
       path = uri.path.dup
       path << "?" << uri.query if uri.query
       header = setup_proxy_header(req, res)
       upstream = setup_upstream_proxy_authentication(req, res, header)
-      response = nil
 
+      body_tmp = []
       http = Net::HTTP.new(uri.host, uri.port, upstream.host, upstream.port)
-      http.start do
-        if @config[:ProxyTimeout]
-          ##################################   these issues are
-          http.open_timeout = 30   # secs  #   necessary (maybe bacause
-          http.read_timeout = 60   # secs  #   Ruby's bug, but why?)
-          ##################################
+      req_fib = Fiber.new do
+        http.start do
+          if @config[:ProxyTimeout]
+            ##################################   these issues are
+            http.open_timeout = 30   # secs  #   necessary (maybe because
+            http.read_timeout = 60   # secs  #   Ruby's bug, but why?)
+            ##################################
+          end
+          if body_stream && req['transfer-encoding'] =~ /\bchunked\b/i
+            header['Transfer-Encoding'] = 'chunked'
+          end
+          http_req = req_class.new(path, header)
+          http_req.body_stream = body_stream if body_stream
+          http.request(http_req) do |response|
+            # Persistent connection requirements are mysterious for me.
+            # So I will close the connection in every response.
+            res['proxy-connection'] = "close"
+            res['connection'] = "close"
+
+            # stream Net::HTTP::HTTPResponse to WEBrick::HTTPResponse
+            res.status = response.code.to_i
+            res.chunked = response.chunked?
+            choose_header(response, res)
+            set_cookie(response, res)
+            set_via(res)
+            response.read_body do |buf|
+              body_tmp << buf
+              Fiber.yield # wait for res.body Proc#call
+            end
+          end # http.request
+        end
+      end
+      req_fib.resume # read HTTP response headers and first chunk of the body
+      res.body = ->(socket) do
+        while buf = body_tmp.shift
+          socket.write(buf)
+          buf.clear
+          req_fib.resume # continue response.read_body
         end
-        response = yield(http, path, header)
       end
-
-      # Persistent connection requirements are mysterious for me.
-      # So I will close the connection in every response.
-      res['proxy-connection'] = "close"
-      res['connection'] = "close"
-
-      # Convert Net::HTTP::HTTPResponse to WEBrick::HTTPResponse
-      res.status = response.code.to_i
-      choose_header(response, res)
-      set_cookie(response, res)
-      set_via(res)
-      res.body = response.body
     end
+    # :stopdoc:
   end
 end

data/lib/webrick/httprequest.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #
 # httprequest.rb -- HTTPRequest Class
 #
@@ -9,39 +10,145 @@
 # $IPR: httprequest.rb,v 1.64 2003/07/13 17:18:22 gotoyuzo Exp $
 
 require 'uri'
-require 'webrick/httpversion'
-require 'webrick/httpstatus'
-require 'webrick/httputils'
-require 'webrick/cookie'
+require_relative 'httpversion'
+require_relative 'httpstatus'
+require_relative 'httputils'
+require_relative 'cookie'
 
 module WEBrick
 
   ##
-  # An HTTP request.
+  # An HTTP request.  This is consumed by service and do_* methods in
+  # WEBrick servlets
+
   class HTTPRequest
 
-    BODY_CONTAINABLE_METHODS = [ "POST", "PUT" ]
+    BODY_CONTAINABLE_METHODS = [ "POST", "PUT" ] # :nodoc:
 
     # :section: Request line
+
+    ##
+    # The complete request line such as:
+    #
+    #   GET / HTTP/1.1
+
     attr_reader :request_line
-    attr_reader :request_method, :unparsed_uri, :http_version
+
+    ##
+    # The request method, GET, POST, PUT, etc.
+
+    attr_reader :request_method
+
+    ##
+    # The unparsed URI of the request
+
+    attr_reader :unparsed_uri
+
+    ##
+    # The HTTP version of the request
+
+    attr_reader :http_version
 
     # :section: Request-URI
-    attr_reader :request_uri, :path
-    attr_accessor :script_name, :path_info, :query_string
+
+    ##
+    # The parsed URI of the request
+
+    attr_reader :request_uri
+
+    ##
+    # The request path
+
+    attr_reader :path
+
+    ##
+    # The script name (CGI variable)
+
+    attr_accessor :script_name
+
+    ##
+    # The path info (CGI variable)
+
+    attr_accessor :path_info
+
+    ##
+    # The query from the URI of the request
+
+    attr_accessor :query_string
 
     # :section: Header and entity body
-    attr_reader :raw_header, :header, :cookies
-    attr_reader :accept, :accept_charset
-    attr_reader :accept_encoding, :accept_language
+
+    ##
+    # The raw header of the request
+
+    attr_reader :raw_header
+
+    ##
+    # The parsed header of the request
+
+    attr_reader :header
+
+    ##
+    # The parsed request cookies
+
+    attr_reader :cookies
+
+    ##
+    # The Accept header value
+
+    attr_reader :accept
+
+    ##
+    # The Accept-Charset header value
+
+    attr_reader :accept_charset
+
+    ##
+    # The Accept-Encoding header value
+
+    attr_reader :accept_encoding
+
+    ##
+    # The Accept-Language header value
+
+    attr_reader :accept_language
 
     # :section:
+
+    ##
+    # The remote user (CGI variable)
+
     attr_accessor :user
-    attr_reader :addr, :peeraddr
+
+    ##
+    # The socket address of the server
+
+    attr_reader :addr
+
+    ##
+    # The socket address of the client
+
+    attr_reader :peeraddr
+
+    ##
+    # Hash of request attributes
+
     attr_reader :attributes
+
+    ##
+    # Is this a keep-alive connection?
+
     attr_reader :keep_alive
+
+    ##
+    # The local time this request was received
+
     attr_reader :request_time
 
+    ##
+    # Creates a new HTTP request.  WEBrick::Config::HTTP is the default
+    # configuration.
+
     def initialize(config)
       @config = config
       @buffer_size = @config[:InputBufferSize]
@@ -78,6 +185,10 @@ module WEBrick
         @forwarded_server = @forwarded_for = nil
     end
 
+    ##
+    # Parses a request from +socket+.  This is called internally by
+    # WEBrick::HTTPServer.
+
     def parse(socket=nil)
       @socket = socket
       begin
@@ -115,9 +226,9 @@ module WEBrick
         raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'."
       end
 
-      if /close/io =~ self["connection"]
+      if /\Aclose\z/io =~ self["connection"]
         @keep_alive = false
-      elsif /keep-alive/io =~ self["connection"]
+      elsif /\Akeep-alive\z/io =~ self["connection"]
         @keep_alive = true
       elsif @http_version < "1.1"
         @keep_alive = false
@@ -126,21 +237,52 @@ module WEBrick
       end
     end
 
+    ##
     # Generate HTTP/1.1 100 continue response if the client expects it,
     # otherwise does nothing.
-    def continue
+
+    def continue # :nodoc:
       if self['expect'] == '100-continue' && @config[:HTTPVersion] >= "1.1"
         @socket << "HTTP/#{@config[:HTTPVersion]} 100 continue#{CRLF}#{CRLF}"
         @header.delete('expect')
       end
     end
 
-    def body(&block)
+    ##
+    # Returns the request body.
+
+    def body(&block) # :yields: body_chunk
       block ||= Proc.new{|chunk| @body << chunk }
       read_body(@socket, block)
       @body.empty? ? nil : @body
     end
 
+    ##
+    # Prepares the HTTPRequest object for use as the
+    # source for IO.copy_stream
+
+    def body_reader
+      @body_tmp = []
+      @body_rd = Fiber.new do
+        body do |buf|
+          @body_tmp << buf
+          Fiber.yield
+        end
+      end
+      @body_rd.resume # grab the first chunk and yield
+      self
+    end
+
+    # for IO.copy_stream.  Note: we may return a larger string than +size+
+    # here; but IO.copy_stream does not care.
+    def readpartial(size, buf = ''.b) # :nodoc
+      res = @body_tmp.shift or raise EOFError, 'end of file reached'
+      buf.replace(res)
+      res.clear
+      @body_rd.resume # get more chunks
+      buf
+    end
+
     ##
     # Request query as a Hash
 
@@ -237,11 +379,14 @@ module WEBrick
       ret
     end
 
-    def fixup()
+    ##
+    # Consumes any remaining body and updates keep-alive status
+
+    def fixup() # :nodoc:
       begin
         body{|chunk| }   # read remaining body
       rescue HTTPStatus::Error => ex
-        @logger.error("HTTPRequest#fixup: #{ex.class} occured.")
+        @logger.error("HTTPRequest#fixup: #{ex.class} occurred.")
         @keep_alive = false
       rescue => ex
         @logger.error(ex)
@@ -251,7 +396,8 @@ module WEBrick
 
     # This method provides the metavariables defined by the revision 3
     # of "The WWW Common Gateway Interface Version 1.1"
-    # http://Web.Golux.Com/coar/cgi/
+    # To browse the current document of CGI Version 1.1, see below:
+    # http://tools.ietf.org/html/rfc3875
 
     def meta_vars
       meta = Hash.new
@@ -290,15 +436,23 @@ module WEBrick
 
     private
 
+    # :stopdoc:
+
     MAX_URI_LENGTH = 2083 # :nodoc:
 
+    # same as Mongrel, Thin and Puma
+    MAX_HEADER_LENGTH = (112 * 1024) # :nodoc:
+
     def read_request_line(socket)
       @request_line = read_line(socket, MAX_URI_LENGTH) if socket
-      if @request_line.bytesize >= MAX_URI_LENGTH and @request_line[-1, 1] != LF
+      raise HTTPStatus::EOFError unless @request_line
+
+      @request_bytes = @request_line.bytesize
+      if @request_bytes >= MAX_URI_LENGTH and @request_line[-1, 1] != LF
         raise HTTPStatus::RequestURITooLarge
       end
+
       @request_time = Time.now
-      raise HTTPStatus::EOFError unless @request_line
       if /^(\S+)\s+(\S++)(?:\s+HTTP\/(\d+\.\d+))?\r?\n/mo =~ @request_line
         @request_method = $1
         @unparsed_uri   = $2
@@ -313,6 +467,9 @@ module WEBrick
       if socket
         while line = read_line(socket)
           break if /\A(#{CRLF}|#{LF})\z/om =~ line
+          if (@request_bytes += line.bytesize) > MAX_HEADER_LENGTH
+            raise HTTPStatus::RequestEntityTooLarge, 'headers too large'
+          end
           @raw_header << line
         end
       end
@@ -346,7 +503,7 @@ module WEBrick
       return unless socket
       if tc = self['transfer-encoding']
         case tc
-        when /chunked/io then read_chunked(socket, block)
+        when /\Achunked\z/io then read_chunked(socket, block)
         else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
         end
       elsif self['content-length'] || @remaining_size
@@ -380,12 +537,16 @@ module WEBrick
     def read_chunked(socket, block)
       chunk_size, = read_chunk_size(socket)
       while chunk_size > 0
-        data = read_data(socket, chunk_size) # read chunk-data
-        if data.nil? || data.bytesize != chunk_size
-          raise BadRequest, "bad chunk data size."
-        end
+        begin
+          sz = [ chunk_size, @buffer_size ].min
+          data = read_data(socket, sz) # read chunk-data
+          if data.nil? || data.bytesize != sz
+            raise HTTPStatus::BadRequest, "bad chunk data size."
+          end
+          block.call(data)
+        end while (chunk_size -= sz) > 0
+
         read_line(socket)                    # skip CRLF
-        block.call(data)
         chunk_size, = read_chunk_size(socket)
       end
       read_header(socket)                    # trailer + CRLF
@@ -400,7 +561,7 @@ module WEBrick
         }
       rescue Errno::ECONNRESET
         return nil
-      rescue TimeoutError
+      rescue Timeout::Error
         raise HTTPStatus::RequestTimeout
       end
     end
@@ -445,10 +606,17 @@ module WEBrick
       if @forwarded_server = self["x-forwarded-server"]
         @forwarded_server = @forwarded_server.split(",", 2).first
       end
-      @forwarded_proto = self["x-forwarded-proto"]
+      if @forwarded_proto = self["x-forwarded-proto"]
+        @forwarded_proto = @forwarded_proto.split(",", 2).first
+      end
       if host_port = self["x-forwarded-host"]
         host_port = host_port.split(",", 2).first
-        @forwarded_host, tmp = host_port.split(":", 2)
+        if host_port =~ /\A(\[[0-9a-fA-F:]+\])(?::(\d+))?\z/
+          @forwarded_host = $1
+          tmp = $2
+        else
+          @forwarded_host, tmp = host_port.split(":", 2)
+        end
         @forwarded_port = (tmp || (@forwarded_proto == "https" ? 443 : 80)).to_i
       end
       if addrs = self["x-forwarded-for"]
@@ -457,5 +625,7 @@ module WEBrick
         @forwarded_for = addrs.first
       end
     end
+
+    # :startdoc:
   end
 end