webrick 1.4.0 → 1.5.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of webrick might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +3 -0
- data/LICENSE.txt +22 -0
- data/README.md +63 -0
- data/Rakefile +10 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/lib/webrick.rb +1 -1
- data/lib/webrick/cgi.rb +7 -3
- data/lib/webrick/config.rb +5 -5
- data/lib/webrick/cookie.rb +1 -1
- data/lib/webrick/httpauth.rb +5 -5
- data/lib/webrick/httpauth/basicauth.rb +13 -5
- data/lib/webrick/httpauth/digestauth.rb +10 -23
- data/lib/webrick/httpauth/htdigest.rb +4 -4
- data/lib/webrick/httpauth/htgroup.rb +9 -6
- data/lib/webrick/httpauth/htpasswd.rb +39 -6
- data/lib/webrick/httpproxy.rb +44 -32
- data/lib/webrick/httprequest.rb +53 -14
- data/lib/webrick/httpresponse.rb +95 -50
- data/lib/webrick/https.rb +2 -2
- data/lib/webrick/httpserver.rb +23 -9
- data/lib/webrick/httpservlet.rb +5 -5
- data/lib/webrick/httpservlet/abstract.rb +3 -3
- data/lib/webrick/httpservlet/cgi_runner.rb +2 -2
- data/lib/webrick/httpservlet/cgihandler.rb +3 -5
- data/lib/webrick/httpservlet/erbhandler.rb +2 -2
- data/lib/webrick/httpservlet/filehandler.rb +49 -30
- data/lib/webrick/httpservlet/prochandler.rb +1 -1
- data/lib/webrick/httpstatus.rb +1 -1
- data/lib/webrick/httputils.rb +3 -0
- data/lib/webrick/log.rb +1 -1
- data/lib/webrick/server.rb +2 -2
- data/lib/webrick/ssl.rb +2 -2
- data/lib/webrick/version.rb +1 -1
- data/webrick.gemspec +76 -0
- metadata +17 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 901e5eed67a1747d1b8359f3e22fedeede6c92d35cdc32166428e714d393a505
|
4
|
+
data.tar.gz: ce5277a103aa620bc0228209f4554ea3b9792ffe32b1bdcda24e0fdea8da9e85
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0411f18ca5d531964f58fc12d9961c74f14399fe2d0896537a8aae8cc95180c5927eba9c907a4aecaa89443ee1f409bac9574620de085ddfcb87ad4ed856a67e
|
7
|
+
data.tar.gz: 531502100d1c9a38f97987a187f39f245777ef607adcc0d78ee225591e84b90fd17827a506d354dcb4f702d18e5959c29b4326714c08855a7d9edd6b29402aaa
|
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (C) 1993-2013 Yukihiro Matsumoto. All rights reserved.
|
2
|
+
|
3
|
+
Redistribution and use in source and binary forms, with or without
|
4
|
+
modification, are permitted provided that the following conditions
|
5
|
+
are met:
|
6
|
+
1. Redistributions of source code must retain the above copyright
|
7
|
+
notice, this list of conditions and the following disclaimer.
|
8
|
+
2. Redistributions in binary form must reproduce the above copyright
|
9
|
+
notice, this list of conditions and the following disclaimer in the
|
10
|
+
documentation and/or other materials provided with the distribution.
|
11
|
+
|
12
|
+
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
13
|
+
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
14
|
+
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
15
|
+
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
16
|
+
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
17
|
+
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
18
|
+
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
19
|
+
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
20
|
+
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
21
|
+
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
22
|
+
SUCH DAMAGE.
|
data/README.md
ADDED
@@ -0,0 +1,63 @@
|
|
1
|
+
# Webrick
|
2
|
+
|
3
|
+
[![Build Status](https://travis-ci.org/ruby/webrick.svg?branch=master)](https://travis-ci.org/ruby/webrick)
|
4
|
+
|
5
|
+
WEBrick is an HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server.
|
6
|
+
|
7
|
+
WEBrick features complete logging of both server operations and HTTP access.
|
8
|
+
|
9
|
+
WEBrick supports both basic and digest authentication in addition to algorithms not in RFC 2617.
|
10
|
+
|
11
|
+
A WEBrick server can be composed of multiple WEBrick servers or servlets to provide differing behavior on a per-host or per-path basis. WEBrick includes servlets for handling CGI scripts, ERB pages, Ruby blocks and directory listings.
|
12
|
+
|
13
|
+
WEBrick also includes tools for daemonizing a process and starting a process at a higher privilege level and dropping permissions.
|
14
|
+
|
15
|
+
## Installation
|
16
|
+
|
17
|
+
Add this line to your application's Gemfile:
|
18
|
+
|
19
|
+
```ruby
|
20
|
+
gem 'webrick'
|
21
|
+
```
|
22
|
+
|
23
|
+
And then execute:
|
24
|
+
|
25
|
+
$ bundle
|
26
|
+
|
27
|
+
Or install it yourself as:
|
28
|
+
|
29
|
+
$ gem install webrick
|
30
|
+
|
31
|
+
## Usage
|
32
|
+
|
33
|
+
To create a new WEBrick::HTTPServer that will listen to connections on port 8000 and serve documents from the current user's public_html folder:
|
34
|
+
|
35
|
+
```ruby
|
36
|
+
require 'webrick'
|
37
|
+
|
38
|
+
root = File.expand_path '~/public_html'
|
39
|
+
server = WEBrick::HTTPServer.new :Port => 8000, :DocumentRoot => root
|
40
|
+
```
|
41
|
+
|
42
|
+
To run the server you will need to provide a suitable shutdown hook as
|
43
|
+
starting the server blocks the current thread:
|
44
|
+
|
45
|
+
```ruby
|
46
|
+
trap 'INT' do server.shutdown end
|
47
|
+
|
48
|
+
server.start
|
49
|
+
```
|
50
|
+
|
51
|
+
## Development
|
52
|
+
|
53
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
54
|
+
|
55
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
56
|
+
|
57
|
+
## Contributing
|
58
|
+
|
59
|
+
Bug reports and Patch are welcome on https://bugs.ruby-lang.org/.
|
60
|
+
|
61
|
+
## License
|
62
|
+
|
63
|
+
The gem is available as open source under the terms of the [2-Clause BSD License](https://opensource.org/licenses/BSD-2-Clause).
|
data/Rakefile
ADDED
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "webrick"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start(__FILE__)
|
data/bin/setup
ADDED
data/lib/webrick.rb
CHANGED
@@ -212,7 +212,7 @@ require 'webrick/version.rb'
|
|
212
212
|
require 'webrick/config.rb'
|
213
213
|
require 'webrick/log.rb'
|
214
214
|
require 'webrick/server.rb'
|
215
|
-
|
215
|
+
require_relative 'webrick/utils.rb'
|
216
216
|
require 'webrick/accesslog'
|
217
217
|
|
218
218
|
require 'webrick/htmlutils.rb'
|
data/lib/webrick/cgi.rb
CHANGED
@@ -8,9 +8,9 @@
|
|
8
8
|
#
|
9
9
|
# $Id$
|
10
10
|
|
11
|
-
|
12
|
-
|
13
|
-
|
11
|
+
require_relative "httprequest"
|
12
|
+
require_relative "httpresponse"
|
13
|
+
require_relative "config"
|
14
14
|
require "stringio"
|
15
15
|
|
16
16
|
module WEBrick
|
@@ -265,6 +265,10 @@ module WEBrick
|
|
265
265
|
@out_port << data
|
266
266
|
end
|
267
267
|
|
268
|
+
def write(data)
|
269
|
+
@out_port.write(data)
|
270
|
+
end
|
271
|
+
|
268
272
|
def cert
|
269
273
|
return nil unless defined?(OpenSSL)
|
270
274
|
if pem = @env["SSL_SERVER_CERT"]
|
data/lib/webrick/config.rb
CHANGED
@@ -9,11 +9,11 @@
|
|
9
9
|
#
|
10
10
|
# $IPR: config.rb,v 1.52 2003/07/22 19:20:42 gotoyuzo Exp $
|
11
11
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
12
|
+
require_relative 'version'
|
13
|
+
require_relative 'httpversion'
|
14
|
+
require_relative 'httputils'
|
15
|
+
require_relative 'utils'
|
16
|
+
require_relative 'log'
|
17
17
|
|
18
18
|
module WEBrick
|
19
19
|
module Config
|
data/lib/webrick/cookie.rb
CHANGED
data/lib/webrick/httpauth.rb
CHANGED
@@ -9,11 +9,11 @@
|
|
9
9
|
#
|
10
10
|
# $IPR: httpauth.rb,v 1.14 2003/07/22 19:20:42 gotoyuzo Exp $
|
11
11
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
12
|
+
require_relative 'httpauth/basicauth'
|
13
|
+
require_relative 'httpauth/digestauth'
|
14
|
+
require_relative 'httpauth/htpasswd'
|
15
|
+
require_relative 'httpauth/htdigest'
|
16
|
+
require_relative 'httpauth/htgroup'
|
17
17
|
|
18
18
|
module WEBrick
|
19
19
|
|
@@ -8,9 +8,9 @@
|
|
8
8
|
#
|
9
9
|
# $IPR: basicauth.rb,v 1.5 2003/02/20 07:15:47 gotoyuzo Exp $
|
10
10
|
|
11
|
-
|
12
|
-
|
13
|
-
|
11
|
+
require_relative '../config'
|
12
|
+
require_relative '../httpstatus'
|
13
|
+
require_relative 'authenticator'
|
14
14
|
|
15
15
|
module WEBrick
|
16
16
|
module HTTPAuth
|
@@ -24,7 +24,7 @@ module WEBrick
|
|
24
24
|
#
|
25
25
|
# config = { :Realm => 'BasicAuth example realm' }
|
26
26
|
#
|
27
|
-
# htpasswd = WEBrick::HTTPAuth::Htpasswd.new 'my_password_file'
|
27
|
+
# htpasswd = WEBrick::HTTPAuth::Htpasswd.new 'my_password_file', password_hash: :bcrypt
|
28
28
|
# htpasswd.set_passwd config[:Realm], 'username', 'password'
|
29
29
|
# htpasswd.flush
|
30
30
|
#
|
@@ -81,7 +81,15 @@ module WEBrick
|
|
81
81
|
error("%s: the user is not allowed.", userid)
|
82
82
|
challenge(req, res)
|
83
83
|
end
|
84
|
-
|
84
|
+
|
85
|
+
case encpass
|
86
|
+
when /\A\$2[aby]\$/
|
87
|
+
password_matches = BCrypt::Password.new(encpass.sub(/\A\$2[aby]\$/, '$2a$')) == password
|
88
|
+
else
|
89
|
+
password_matches = password.crypt(encpass) == encpass
|
90
|
+
end
|
91
|
+
|
92
|
+
unless password_matches
|
85
93
|
error("%s: password unmatch.", userid)
|
86
94
|
challenge(req, res)
|
87
95
|
end
|
@@ -12,9 +12,9 @@
|
|
12
12
|
#
|
13
13
|
# $IPR: digestauth.rb,v 1.5 2003/02/20 07:15:47 gotoyuzo Exp $
|
14
14
|
|
15
|
-
|
16
|
-
|
17
|
-
|
15
|
+
require_relative '../config'
|
16
|
+
require_relative '../httpstatus'
|
17
|
+
require_relative 'authenticator'
|
18
18
|
require 'digest/md5'
|
19
19
|
require 'digest/sha1'
|
20
20
|
|
@@ -235,9 +235,11 @@ module WEBrick
|
|
235
235
|
ha2 = hexdigest(req.request_method, auth_req['uri'])
|
236
236
|
ha2_res = hexdigest("", auth_req['uri'])
|
237
237
|
elsif auth_req['qop'] == "auth-int"
|
238
|
-
|
239
|
-
|
240
|
-
|
238
|
+
body_digest = @h.new
|
239
|
+
req.body { |chunk| body_digest.update(chunk) }
|
240
|
+
body_digest = body_digest.hexdigest
|
241
|
+
ha2 = hexdigest(req.request_method, auth_req['uri'], body_digest)
|
242
|
+
ha2_res = hexdigest("", auth_req['uri'], body_digest)
|
241
243
|
end
|
242
244
|
|
243
245
|
if auth_req['qop'] == "auth" || auth_req['qop'] == "auth-int"
|
@@ -288,23 +290,8 @@ module WEBrick
|
|
288
290
|
|
289
291
|
def split_param_value(string)
|
290
292
|
ret = {}
|
291
|
-
|
292
|
-
|
293
|
-
when /^\s*([\w\-\.\*\%\!]+)=\s*\"((\\.|[^\"])*)\"\s*,?/
|
294
|
-
key = $1
|
295
|
-
matched = $2
|
296
|
-
string = $'
|
297
|
-
ret[key] = matched.gsub(/\\(.)/, "\\1")
|
298
|
-
when /^\s*([\w\-\.\*\%\!]+)=\s*([^,\"]*),?/
|
299
|
-
key = $1
|
300
|
-
matched = $2
|
301
|
-
string = $'
|
302
|
-
ret[key] = matched.clone
|
303
|
-
when /^s*^,/
|
304
|
-
string = $'
|
305
|
-
else
|
306
|
-
break
|
307
|
-
end
|
293
|
+
string.scan(/\G\s*([\w\-.*%!]+)=\s*(?:\"((?>\\.|[^\"])*)\"|([^,\"]*))\s*,?/) do
|
294
|
+
ret[$1] = $3 || $2.gsub(/\\(.)/, "\\1")
|
308
295
|
end
|
309
296
|
ret
|
310
297
|
end
|
@@ -8,8 +8,8 @@
|
|
8
8
|
#
|
9
9
|
# $IPR: htdigest.rb,v 1.4 2003/07/22 19:20:45 gotoyuzo Exp $
|
10
10
|
|
11
|
-
|
12
|
-
|
11
|
+
require_relative 'userdb'
|
12
|
+
require_relative 'digestauth'
|
13
13
|
require 'tempfile'
|
14
14
|
|
15
15
|
module WEBrick
|
@@ -40,7 +40,7 @@ module WEBrick
|
|
40
40
|
@digest = Hash.new
|
41
41
|
@mutex = Thread::Mutex::new
|
42
42
|
@auth_type = DigestAuth
|
43
|
-
open(@path,"a").close unless File
|
43
|
+
File.open(@path,"a").close unless File.exist?(@path)
|
44
44
|
reload
|
45
45
|
end
|
46
46
|
|
@@ -51,7 +51,7 @@ module WEBrick
|
|
51
51
|
mtime = File::mtime(@path)
|
52
52
|
if mtime > @mtime
|
53
53
|
@digest.clear
|
54
|
-
open(@path){|io|
|
54
|
+
File.open(@path){|io|
|
55
55
|
while line = io.gets
|
56
56
|
line.chomp!
|
57
57
|
user, realm, pass = line.split(/:/, 3)
|
@@ -36,7 +36,7 @@ module WEBrick
|
|
36
36
|
@path = path
|
37
37
|
@mtime = Time.at(0)
|
38
38
|
@group = Hash.new
|
39
|
-
open(@path,"a").close unless File
|
39
|
+
File.open(@path,"a").close unless File.exist?(@path)
|
40
40
|
reload
|
41
41
|
end
|
42
42
|
|
@@ -46,7 +46,7 @@ module WEBrick
|
|
46
46
|
def reload
|
47
47
|
if (mtime = File::mtime(@path)) > @mtime
|
48
48
|
@group.clear
|
49
|
-
open(@path){|io|
|
49
|
+
File.open(@path){|io|
|
50
50
|
while line = io.gets
|
51
51
|
line.chomp!
|
52
52
|
group, members = line.split(/:\s*/)
|
@@ -63,15 +63,18 @@ module WEBrick
|
|
63
63
|
|
64
64
|
def flush(output=nil)
|
65
65
|
output ||= @path
|
66
|
-
tmp = Tempfile.
|
66
|
+
tmp = Tempfile.create("htgroup", File::dirname(output))
|
67
67
|
begin
|
68
68
|
@group.keys.sort.each{|group|
|
69
69
|
tmp.puts(format("%s: %s", group, self.members(group).join(" ")))
|
70
70
|
}
|
71
|
+
ensure
|
71
72
|
tmp.close
|
72
|
-
|
73
|
-
|
74
|
-
|
73
|
+
if $!
|
74
|
+
File.unlink(tmp.path)
|
75
|
+
else
|
76
|
+
return File.rename(tmp.path, output)
|
77
|
+
end
|
75
78
|
end
|
76
79
|
end
|
77
80
|
|
@@ -8,8 +8,8 @@
|
|
8
8
|
#
|
9
9
|
# $IPR: htpasswd.rb,v 1.4 2003/07/22 19:20:45 gotoyuzo Exp $
|
10
10
|
|
11
|
-
|
12
|
-
|
11
|
+
require_relative 'userdb'
|
12
|
+
require_relative 'basicauth'
|
13
13
|
require 'tempfile'
|
14
14
|
|
15
15
|
module WEBrick
|
@@ -35,12 +35,30 @@ module WEBrick
|
|
35
35
|
##
|
36
36
|
# Open a password database at +path+
|
37
37
|
|
38
|
-
def initialize(path)
|
38
|
+
def initialize(path, password_hash: nil)
|
39
39
|
@path = path
|
40
40
|
@mtime = Time.at(0)
|
41
41
|
@passwd = Hash.new
|
42
42
|
@auth_type = BasicAuth
|
43
|
-
|
43
|
+
@password_hash = password_hash
|
44
|
+
|
45
|
+
case @password_hash
|
46
|
+
when nil
|
47
|
+
# begin
|
48
|
+
# require "string/crypt"
|
49
|
+
# rescue LoadError
|
50
|
+
# warn("Unable to load string/crypt, proceeding with deprecated use of String#crypt, consider using password_hash: :bcrypt")
|
51
|
+
# end
|
52
|
+
@password_hash = :crypt
|
53
|
+
when :crypt
|
54
|
+
# require "string/crypt"
|
55
|
+
when :bcrypt
|
56
|
+
require "bcrypt"
|
57
|
+
else
|
58
|
+
raise ArgumentError, "only :crypt and :bcrypt are supported for password_hash keyword argument"
|
59
|
+
end
|
60
|
+
|
61
|
+
File.open(@path,"a").close unless File.exist?(@path)
|
44
62
|
reload
|
45
63
|
end
|
46
64
|
|
@@ -51,11 +69,19 @@ module WEBrick
|
|
51
69
|
mtime = File::mtime(@path)
|
52
70
|
if mtime > @mtime
|
53
71
|
@passwd.clear
|
54
|
-
open(@path){|io|
|
72
|
+
File.open(@path){|io|
|
55
73
|
while line = io.gets
|
56
74
|
line.chomp!
|
57
75
|
case line
|
58
76
|
when %r!\A[^:]+:[a-zA-Z0-9./]{13}\z!
|
77
|
+
if @password_hash == :bcrypt
|
78
|
+
raise StandardError, ".htpasswd file contains crypt password, only bcrypt passwords supported"
|
79
|
+
end
|
80
|
+
user, pass = line.split(":")
|
81
|
+
when %r!\A[^:]+:\$2[aby]\$\d{2}\$.{53}\z!
|
82
|
+
if @password_hash == :crypt
|
83
|
+
raise StandardError, ".htpasswd file contains bcrypt password, only crypt passwords supported"
|
84
|
+
end
|
59
85
|
user, pass = line.split(":")
|
60
86
|
when /:\$/, /:{SHA}/
|
61
87
|
raise NotImplementedError,
|
@@ -102,7 +128,14 @@ module WEBrick
|
|
102
128
|
# Sets a password in the database for +user+ in +realm+ to +pass+.
|
103
129
|
|
104
130
|
def set_passwd(realm, user, pass)
|
105
|
-
@
|
131
|
+
if @password_hash == :bcrypt
|
132
|
+
# Cost of 5 to match Apache default, and because the
|
133
|
+
# bcrypt default of 10 will introduce significant delays
|
134
|
+
# for every request.
|
135
|
+
@passwd[user] = BCrypt::Password.create(pass, :cost=>5)
|
136
|
+
else
|
137
|
+
@passwd[user] = make_passwd(realm, user, pass)
|
138
|
+
end
|
106
139
|
end
|
107
140
|
|
108
141
|
##
|