RubyGems - wsv - Versions diffs - 0.10.1 → 0.11.0 - Mend

wsv 0.10.1 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +21 -0
data/lib/wsv/app.rb +12 -56
data/lib/wsv/cors.rb +7 -5
data/lib/wsv/range_request.rb +91 -0
data/lib/wsv/server/connection.rb +10 -2
data/lib/wsv/server.rb +6 -4
data/lib/wsv/version.rb +1 -1
data/lib/wsv.rb +1 -0
data/test/app_test.rb +12 -29
data/test/banner_test.rb +59 -0
data/test/cors_test.rb +76 -0
data/test/range_request_test.rb +103 -0
data/test/server_test.rb +67 -71
data/test/test_helper.rb +8 -0
metadata +5 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 782b303e2d6eeb0f45f6b3a012523b94611a4991d59ef6669768b21936f47a8e
-  data.tar.gz: 25b99b347007975bac86ccd93c212f5fb0bc85522054c36badac601bae5f3638
+  metadata.gz: adfd569857554409cef36ce05205eb50f833a58a27e654e1da80646afa2ec40e
+  data.tar.gz: 8d5c75289dd59dc65412ebff24bf0cf4d9aa9933befb17354f9b2fb3320b5ca3
 SHA512:
-  metadata.gz: b3619a62d69f29a3498081d8174a0a01c61484ede73f9875de9867b4a4dd451f639dcbe0bee99fb3bea00b78c0ba289618ab7eeec3b066705d8ca437a9cea134
-  data.tar.gz: c58379c2eab12176f492d993d1e194dc0f3a33c16ba7d8736134498e4d13ce8031816a5d22688f1639c0ea3127c5787ad4c235874b20929490eac52881c3e9b0
+  metadata.gz: b4514041977a6c9a599ea9f2a3735f7b4668ab18172b974453293c444c4441221e068f9374cbdd6c5058b99ecb776edbe47bda3bff4fd77731dbeb9b45cd9446
+  data.tar.gz: f1d06286b164b0f70dce52d7fd86b9fdf29c64f6cbc0515e3d26558afb4498d23277fc23b66709298afffb593e321a21498cc55dea2ab8b58e31186b48aaa021

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,26 @@
 # Changelog
+## 0.11.0
+- Extract `Wsv::RangeRequest` from `App`. RFC 7233 range parsing
+  (suffix / open-ended / bounded ranges, unsatisfiability) now lives
+  in its own class with a `Result` value object (`#full?` /
+  `#partial?` / `#unsatisfiable?` predicates plus `#bounds`),
+  matching the `PathResolver::Result` pattern. Behavior unchanged.
+- Make `Server::Connection` the sole place that adds CORS overlay
+  headers (`Access-Control-Allow-Origin`, `Vary`) on outgoing
+  responses. Previously `App` applied the overlay on its return
+  value, but rescue-path responses (408 / 414 / 431 / 503 / unmapped
+  400) bypassed `App` and therefore lacked CORS headers. Now every
+  response — `App`, parser errors, timeouts, and the 503 rejection —
+  gets the overlay uniformly. `Cors#preflight` no longer includes
+  ACAO/Vary itself, since Connection adds them.
+- `Wsv::App.new(... cors:)` now expects a `Wsv::Cors` instance (or
+  `nil`) instead of a Boolean. `Wsv::Server.new(... cors: true/false)`
+  is unchanged. Per the README's stability statement, the Ruby API
+  under `lib/wsv/` is implementation-only and may change in any
+  release.
 ## 0.10.1
 - Update gem description and README tagline to position wsv as

data/lib/wsv/app.rb CHANGED Viewed

@@ -4,24 +4,23 @@ require "time"
 require "uri"
 require_relative "cors"
 require_relative "path_resolver"
+require_relative "range_request"
 require_relative "response"
 module Wsv
   class App
     ALLOWED_METHODS = %w[GET HEAD].freeze
-    RANGE_PATTERN = /\Abytes=(\d+)?-(\d+)?\z/
-    def initialize(root, spa: false, cors: false)
+    def initialize(root, spa: false, cors: nil)
       @resolver = PathResolver.new(root)
       @spa = spa
-      @cors = Cors.new if cors
+      @cors = cors
     end
     def call(request)
       return @cors.preflight(request) if @cors && request.method == "OPTIONS"
-      response = build_response(request)
-      @cors ? @cors.overlay(response) : response
+      build_response(request)
     end
     private
@@ -30,7 +29,7 @@ module Wsv
       head = request.head?
       unless ALLOWED_METHODS.include?(request.method)
-        return Response.text(405, headers: { "Allow" => allow_methods }, head: head)
+        return Response.text(405, headers: { "Allow" => allow_header }, head: head)
       end
       raw_path, query = request.target.split("?", 2)
@@ -51,8 +50,8 @@ module Wsv
       file_response(result.file, request, head: head)
     end
-    def allow_methods
-      @cors ? Cors::ALLOW_METHODS : "GET, HEAD"
+    def allow_header
+      (@cors&.allow_methods || ALLOWED_METHODS).join(", ")
     end
     def error_response(status, head:)
@@ -69,15 +68,11 @@ module Wsv
       return Response.not_modified if not_modified?(file, request.headers["if-modified-since"])
       size = File.size(file)
-      range = parse_range(request.headers["range"], size)
-      case range
-      when :unsatisfiable
-        Response.range_not_satisfiable(size, head: head)
-      when nil
-        Response.file(file, head: head)
-      else
-        Response.file(file, head: head, range: range)
-      end
+      range = RangeRequest.parse(request.headers["range"], size)
+      return Response.range_not_satisfiable(size, head: head) if range.unsatisfiable?
+      return Response.file(file, head: head) if range.full?
+      Response.file(file, head: head, range: range.bounds)
     end
     def not_modified?(file, header_value)
@@ -89,45 +84,6 @@ module Wsv
       false
     end
-    def parse_range(header_value, file_size)
-      return nil if header_value.nil? || header_value.empty?
-      match = header_value.match(RANGE_PATTERN)
-      # Per RFC 7233, an unparseable Range is treated as if absent: fall
-      # through as nil so the caller serves a normal 200 instead of 416.
-      return nil unless match
-      first, last = match.captures
-      if first.nil? && last.nil?
-        nil
-      elsif first.nil?
-        suffix_range(last.to_i, file_size)
-      elsif last.nil?
-        open_range(first.to_i, file_size)
-      else
-        bounded_range(first.to_i, last.to_i, file_size)
-      end
-    end
-    def suffix_range(suffix, file_size)
-      return :unsatisfiable if suffix.zero? || file_size.zero?
-      [file_size - suffix, 0].max..(file_size - 1)
-    end
-    def open_range(first, file_size)
-      return :unsatisfiable if first >= file_size
-      first..(file_size - 1)
-    end
-    def bounded_range(first, last, file_size)
-      return :unsatisfiable if first > last || first >= file_size
-      last = file_size - 1 if last >= file_size
-      first..last
-    end
     def redirect_location(raw_path, query)
       path = URI(raw_path.to_s).path
       path = "/" if path.empty?

data/lib/wsv/cors.rb CHANGED Viewed

@@ -5,15 +5,17 @@ require_relative "response"
 module Wsv
   class Cors
     ALLOW_ORIGIN = "*"
-    ALLOW_METHODS = "GET, HEAD, OPTIONS"
+    ALLOW_METHODS = %w[GET HEAD OPTIONS].freeze
     MAX_AGE = "86400"
+    def allow_methods
+      ALLOW_METHODS
+    end
     def preflight(request)
       headers = {
-        "Access-Control-Allow-Origin" => ALLOW_ORIGIN,
-        "Access-Control-Allow-Methods" => ALLOW_METHODS,
-        "Access-Control-Max-Age" => MAX_AGE,
-        "Vary" => "Origin"
+        "Access-Control-Allow-Methods" => ALLOW_METHODS.join(", "),
+        "Access-Control-Max-Age" => MAX_AGE
       }
       requested = request.headers["access-control-request-headers"]
       headers["Access-Control-Allow-Headers"] = requested if requested

data/lib/wsv/range_request.rb ADDED Viewed

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+module Wsv
+  # Parses an HTTP `Range` header (RFC 7233) against a known file size.
+  class RangeRequest
+    PATTERN = /\Abytes=(\d+)?-(\d+)?\z/
+    class Result
+      attr_reader :bounds
+      def initialize(kind:, bounds: nil)
+        @kind = kind
+        @bounds = bounds
+      end
+      def full?
+        @kind == :full
+      end
+      def partial?
+        @kind == :partial
+      end
+      def unsatisfiable?
+        @kind == :unsatisfiable
+      end
+      def self.full
+        new(kind: :full)
+      end
+      def self.partial(bounds)
+        new(kind: :partial, bounds: bounds)
+      end
+      def self.unsatisfiable
+        new(kind: :unsatisfiable)
+      end
+    end
+    def self.parse(header_value, file_size)
+      new(header_value, file_size).parse
+    end
+    def initialize(header_value, file_size)
+      @header_value = header_value
+      @file_size = file_size
+    end
+    def parse
+      return Result.full if @header_value.nil? || @header_value.empty?
+      match = @header_value.match(PATTERN)
+      # Per RFC 7233, an unparseable Range is treated as if absent: return
+      # full so the caller serves a normal 200 instead of 416.
+      return Result.full unless match
+      first, last = match.captures
+      if first.nil? && last.nil?
+        Result.full
+      elsif first.nil?
+        suffix_range(last.to_i)
+      elsif last.nil?
+        open_range(first.to_i)
+      else
+        bounded_range(first.to_i, last.to_i)
+      end
+    end
+    private
+    def suffix_range(suffix)
+      return Result.unsatisfiable if suffix.zero? || @file_size.zero?
+      Result.partial([@file_size - suffix, 0].max..(@file_size - 1))
+    end
+    def open_range(first)
+      return Result.unsatisfiable if first >= @file_size
+      Result.partial(first..(@file_size - 1))
+    end
+    def bounded_range(first, last)
+      return Result.unsatisfiable if first > last || first >= @file_size
+      last = @file_size - 1 if last >= @file_size
+      Result.partial(first..last)
+    end
+  end
+end

data/lib/wsv/server/connection.rb CHANGED Viewed

@@ -13,9 +13,10 @@ module Wsv
     class Connection
       DRAIN_TIMEOUT = 5
-      def initialize(client, err:)
+      def initialize(client, err:, cors: nil)
         @client = client
         @err = err
+        @cors = cors
       end
       def serve(app, read_timeout:)
@@ -50,14 +51,21 @@ module Wsv
       private
+      # Connection is the sole place that adds ACAO / Vary headers, so every
+      # response (App, parser errors, timeouts, the 503 rejection) gets them
+      # uniformly when CORS is enabled.
       def write(response)
         return if @client.closed?
-        response.write_to(@client)
+        finalize(response).write_to(@client)
       rescue Errno::EPIPE, Errno::ECONNRESET, IOError
         nil
       end
+      def finalize(response)
+        @cors ? @cors.overlay(response) : response
+      end
       def graceful_close
         return if @client.closed?

data/lib/wsv/server.rb CHANGED Viewed

@@ -3,6 +3,7 @@
 require "openssl"
 require "socket"
 require_relative "app"
+require_relative "cors"
 require_relative "server/banner"
 require_relative "server/browser_launcher"
 require_relative "server/connection"
@@ -37,7 +38,8 @@ module Wsv
       @tls = tls
       @ssl_context = tls&.to_ssl_context
       @open = open
-      @app = App.new(@root, spa: spa, cors: cors)
+      @cors = Cors.new if cors
+      @app = App.new(@root, spa: spa, cors: @cors)
       @throttle = ConnectionThrottle.new(max: max_connections, err: err)
       @running = false
     end
@@ -88,7 +90,7 @@ module Wsv
     def spawn_handler(client)
       accepted = @throttle.try_spawn do
-        Connection.new(maybe_wrap_tls(client), err: @err).serve(@app, read_timeout: @read_timeout)
+        Connection.new(maybe_wrap_tls(client), err: @err, cors: @cors).serve(@app, read_timeout: @read_timeout)
       end
       spawn_rejection(client) unless accepted
     end
@@ -102,10 +104,10 @@ module Wsv
       reply = !@ssl_context
       Thread.new do
         Thread.current.report_on_exception = false
-        Connection.new(client, err: @err).reject(reply: reply)
+        Connection.new(client, err: @err, cors: @cors).reject(reply: reply)
       end
     rescue ThreadError
-      Connection.new(client, err: @err).reject(reply: reply)
+      Connection.new(client, err: @err, cors: @cors).reject(reply: reply)
     end
     def maybe_wrap_tls(client)

data/lib/wsv/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Wsv
-  VERSION = "0.10.1"
+  VERSION = "0.11.0"
 end

data/lib/wsv.rb CHANGED Viewed

@@ -4,6 +4,7 @@ require_relative "wsv/version"
 require_relative "wsv/status"
 require_relative "wsv/mime_types"
 require_relative "wsv/path_resolver"
+require_relative "wsv/range_request"
 require_relative "wsv/request"
 require_relative "wsv/response"
 require_relative "wsv/cors"

data/test/app_test.rb CHANGED Viewed

@@ -337,50 +337,34 @@ class AppTest < Minitest::Test
     assert_equal "bytes", response.headers["Accept-Ranges"]
   end
-  def test_cors_disabled_omits_acao_header
-    File.write(File.join(@dir, "x.txt"), "hi")
-    response = @app.call(req("GET", "/x.txt"))
+  # CORS overlay (Access-Control-Allow-Origin / Vary) is applied by
+  # Server::Connection, not by App. App only short-circuits OPTIONS preflight
+  # and adds OPTIONS to the Allow header. End-to-end CORS behavior is covered
+  # by server_test.rb.
-    refute response.headers.key?("Access-Control-Allow-Origin")
-  end
-  def test_cors_adds_acao_to_successful_response
+  def test_app_does_not_add_cors_headers_directly
     File.write(File.join(@dir, "x.txt"), "hi")
-    cors_app = Wsv::App.new(File.realpath(@dir), cors: true)
+    cors_app = Wsv::App.new(File.realpath(@dir), cors: Wsv::Cors.new)
     response = cors_app.call(req("GET", "/x.txt"))
-    assert_equal 200, response.status
-    assert_equal "hi", response.body
-    assert_equal "*", response.headers["Access-Control-Allow-Origin"]
-    assert_equal "Origin", response.headers["Vary"]
-  end
-  def test_cors_adds_acao_to_error_response
-    cors_app = Wsv::App.new(File.realpath(@dir), cors: true)
-    response = cors_app.call(req("GET", "/missing.txt"))
-    assert_equal 404, response.status
-    assert_equal "*", response.headers["Access-Control-Allow-Origin"]
+    refute response.headers.key?("Access-Control-Allow-Origin")
+    refute response.headers.key?("Vary")
   end
   def test_cors_preflight_returns_204_with_methods_and_max_age
-    cors_app = Wsv::App.new(File.realpath(@dir), cors: true)
+    cors_app = Wsv::App.new(File.realpath(@dir), cors: Wsv::Cors.new)
     response = cors_app.call(req("OPTIONS", "/x.txt"))
     assert_equal 204, response.status
-    assert_equal "*", response.headers["Access-Control-Allow-Origin"]
     assert_equal "GET, HEAD, OPTIONS", response.headers["Access-Control-Allow-Methods"]
     assert_equal "86400", response.headers["Access-Control-Max-Age"]
-    assert_equal "Origin", response.headers["Vary"]
     assert_equal "", response.body
   end
   def test_cors_preflight_echoes_requested_headers
-    cors_app = Wsv::App.new(File.realpath(@dir), cors: true)
+    cors_app = Wsv::App.new(File.realpath(@dir), cors: Wsv::Cors.new)
     response = cors_app.call(req("OPTIONS", "/x.txt", "access-control-request-headers" => "X-Custom, Authorization"))
@@ -389,7 +373,7 @@ class AppTest < Minitest::Test
   end
   def test_cors_preflight_omits_allow_headers_when_not_requested
-    cors_app = Wsv::App.new(File.realpath(@dir), cors: true)
+    cors_app = Wsv::App.new(File.realpath(@dir), cors: Wsv::Cors.new)
     response = cors_app.call(req("OPTIONS", "/x.txt"))
@@ -404,13 +388,12 @@ class AppTest < Minitest::Test
   end
   def test_cors_405_advertises_options_in_allow
-    cors_app = Wsv::App.new(File.realpath(@dir), cors: true)
+    cors_app = Wsv::App.new(File.realpath(@dir), cors: Wsv::Cors.new)
     response = cors_app.call(req("POST", "/x.txt"))
     assert_equal 405, response.status
     assert_equal "GET, HEAD, OPTIONS", response.headers["Allow"]
-    assert_equal "*", response.headers["Access-Control-Allow-Origin"]
   end
   def test_multipart_range_falls_through_to_200

data/test/banner_test.rb ADDED Viewed

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+require_relative "test_helper"
+class BannerTest < Minitest::Test
+  include TlsTestHelpers
+  ROOT = Dir.tmpdir
+  def test_warns_when_binding_to_non_loopback
+    err = StringIO.new
+    build(host: "0.0.0.0", err: err).emit
+    assert_includes err.string, "WARNING"
+    assert_includes err.string, "0.0.0.0"
+  end
+  def test_no_warning_for_loopback_bind
+    err = StringIO.new
+    build(host: "127.0.0.1", err: err).emit
+    refute_includes err.string, "WARNING"
+  end
+  def test_brackets_ipv6_address_in_url
+    out = StringIO.new
+    build(host: "::1", port: 8000, out: out).emit
+    assert_includes out.string, "http://[::1]:8000/"
+    refute_includes out.string, "http://::1:8000/"
+  end
+  def test_percent_encodes_ipv6_zone_identifier
+    out = StringIO.new
+    build(host: "fe80::1%eth0", port: 8000, out: out).emit
+    assert_includes out.string, "http://[fe80::1%25eth0]:8000/"
+  end
+  def test_logs_https_scheme_when_tls_enabled
+    out = StringIO.new
+    build(host: "127.0.0.1", port: 8000, out: out, tls: ephemeral_tls).emit
+    assert_includes out.string, "https://"
+  end
+  def test_warns_about_self_signed_cert
+    err = StringIO.new
+    build(host: "127.0.0.1", err: err, tls: ephemeral_tls).emit
+    assert_includes err.string, "self-signed"
+  end
+  private
+  def build(host:, port: 0, root: ROOT, out: StringIO.new, err: StringIO.new, tls: nil)
+    Wsv::Server::Banner.new(host: host, port: port, root: root, out: out, err: err, tls: tls)
+  end
+end

data/test/cors_test.rb ADDED Viewed

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+require_relative "test_helper"
+class CorsTest < Minitest::Test
+  def setup
+    @cors = Wsv::Cors.new
+  end
+  def test_allow_methods_returns_array
+    assert_equal %w[GET HEAD OPTIONS], @cors.allow_methods
+  end
+  # `Cors#preflight` returns the preflight-specific headers only;
+  # Server::Connection adds ACAO / Vary on top, uniformly.
+  def test_preflight_returns_204
+    response = @cors.preflight(req)
+    assert_equal 204, response.status
+  end
+  def test_preflight_includes_allow_methods_and_max_age
+    response = @cors.preflight(req)
+    assert_equal "GET, HEAD, OPTIONS", response.headers["Access-Control-Allow-Methods"]
+    assert_equal "86400", response.headers["Access-Control-Max-Age"]
+  end
+  def test_preflight_omits_acao_and_vary
+    response = @cors.preflight(req)
+    refute response.headers.key?("Access-Control-Allow-Origin")
+    refute response.headers.key?("Vary")
+  end
+  def test_preflight_echoes_requested_headers
+    response = @cors.preflight(req("access-control-request-headers" => "X-Custom, Authorization"))
+    assert_equal "X-Custom, Authorization", response.headers["Access-Control-Allow-Headers"]
+  end
+  def test_preflight_omits_allow_headers_when_not_requested
+    response = @cors.preflight(req)
+    refute response.headers.key?("Access-Control-Allow-Headers")
+  end
+  def test_overlay_adds_acao_and_vary
+    base = Wsv::Response.text(200)
+    overlaid = @cors.overlay(base)
+    assert_equal "*", overlaid.headers["Access-Control-Allow-Origin"]
+    assert_equal "Origin", overlaid.headers["Vary"]
+  end
+  def test_overlay_preserves_existing_headers
+    base = Wsv::Response.text(404)
+    overlaid = @cors.overlay(base)
+    assert_equal "text/plain; charset=utf-8", overlaid.headers["Content-Type"]
+  end
+  def test_overlay_returns_a_new_response_keeping_status
+    base = Wsv::Response.text(404)
+    overlaid = @cors.overlay(base)
+    assert_equal 404, overlaid.status
+  end
+  private
+  def req(headers = {})
+    Wsv::Request.new(method: "OPTIONS", target: "/", version: "HTTP/1.1", headers: headers)
+  end
+end

data/test/range_request_test.rb ADDED Viewed

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+require_relative "test_helper"
+class RangeRequestTest < Minitest::Test
+  def test_nil_header_is_full
+    result = Wsv::RangeRequest.parse(nil, 100)
+    assert_predicate result, :full?
+  end
+  def test_empty_header_is_full
+    result = Wsv::RangeRequest.parse("", 100)
+    assert_predicate result, :full?
+  end
+  def test_unparseable_syntax_is_full
+    # Per RFC 7233 an unparseable Range is treated as if absent.
+    result = Wsv::RangeRequest.parse("garbage", 100)
+    assert_predicate result, :full?
+  end
+  def test_empty_range_is_full
+    # `bytes=-` matches the regex but yields no bounds; treat as absent.
+    result = Wsv::RangeRequest.parse("bytes=-", 100)
+    assert_predicate result, :full?
+  end
+  def test_bounded_range
+    result = Wsv::RangeRequest.parse("bytes=2-5", 100)
+    assert_predicate result, :partial?
+    assert_equal 2..5, result.bounds
+  end
+  def test_open_range
+    result = Wsv::RangeRequest.parse("bytes=5-", 10)
+    assert_predicate result, :partial?
+    assert_equal 5..9, result.bounds
+  end
+  def test_suffix_range
+    result = Wsv::RangeRequest.parse("bytes=-3", 10)
+    assert_predicate result, :partial?
+    assert_equal 7..9, result.bounds
+  end
+  def test_suffix_larger_than_file_clamps_to_zero
+    result = Wsv::RangeRequest.parse("bytes=-99", 10)
+    assert_predicate result, :partial?
+    assert_equal 0..9, result.bounds
+  end
+  def test_bounded_last_past_file_clamps_to_end
+    result = Wsv::RangeRequest.parse("bytes=5-99", 10)
+    assert_predicate result, :partial?
+    assert_equal 5..9, result.bounds
+  end
+  def test_zero_byte_suffix_is_unsatisfiable
+    result = Wsv::RangeRequest.parse("bytes=-0", 10)
+    assert_predicate result, :unsatisfiable?
+  end
+  def test_suffix_against_empty_file_is_unsatisfiable
+    result = Wsv::RangeRequest.parse("bytes=-3", 0)
+    assert_predicate result, :unsatisfiable?
+  end
+  def test_open_range_past_file_is_unsatisfiable
+    result = Wsv::RangeRequest.parse("bytes=10-", 5)
+    assert_predicate result, :unsatisfiable?
+  end
+  def test_bounded_first_past_file_is_unsatisfiable
+    result = Wsv::RangeRequest.parse("bytes=10-20", 5)
+    assert_predicate result, :unsatisfiable?
+  end
+  def test_inverted_bounded_range_is_unsatisfiable
+    result = Wsv::RangeRequest.parse("bytes=5-3", 100)
+    assert_predicate result, :unsatisfiable?
+  end
+  def test_multipart_range_is_full
+    # `bytes=0-2,5-7` doesn't match the single-range regex; treat as absent.
+    result = Wsv::RangeRequest.parse("bytes=0-2,5-7", 100)
+    assert_predicate result, :full?
+  end
+end

data/test/server_test.rb CHANGED Viewed

@@ -5,6 +5,8 @@ require "socket"
 require_relative "test_helper"
 class ServerTest < Minitest::Test
+  include TlsTestHelpers
   def setup
     @dir = Dir.mktmpdir
     @server = nil
@@ -164,55 +166,74 @@ class ServerTest < Minitest::Test
     socket&.close
   end
-  def test_slow_client_does_not_block_other_clients
-    File.write(File.join(@dir, "x.txt"), "ok")
-    start_server(read_timeout: 5)
-    slow_socket = TCPSocket.open("127.0.0.1", @server.port)
+  def test_408_carries_cors_header_when_cors_enabled
+    start_server(read_timeout: 0.1, cors: true)
-    started = Time.now
-    response = get("/x.txt")
-    elapsed = Time.now - started
+    socket = TCPSocket.open("127.0.0.1", @server.port)
+    response = socket.read
-    assert_equal "200", response.code
-    assert_equal "ok", response.body
-    assert_operator elapsed, :<, 1.0, "request should not be serialized behind slow client"
+    assert_includes response, "HTTP/1.1 408"
+    assert_includes response, "Access-Control-Allow-Origin: *"
   ensure
-    slow_socket&.close
+    socket&.close
   end
-  def test_warns_when_binding_to_non_loopback
-    err = StringIO.new
-    server = Wsv::Server.new(host: "0.0.0.0", port: 0, root: @dir, out: StringIO.new, err: err)
-    server.send(:log_startup)
+  def test_414_carries_cors_header_when_cors_enabled
+    start_server(cors: true)
+    long_path = "/" + ("a" * 9000)
+    socket = TCPSocket.open("127.0.0.1", @server.port)
+    socket.write("GET #{long_path} HTTP/1.1\r\nHost: localhost\r\n\r\n")
+    response = socket.read
-    assert_includes err.string, "WARNING"
-    assert_includes err.string, "0.0.0.0"
+    assert_includes response, "HTTP/1.1 414"
+    assert_includes response, "Access-Control-Allow-Origin: *"
+  ensure
+    socket&.close
   end
-  def test_no_warning_for_loopback_bind
-    err = StringIO.new
-    server = Wsv::Server.new(host: "127.0.0.1", port: 0, root: @dir, out: StringIO.new, err: err)
-    server.send(:log_startup)
+  def test_200_carries_cors_header_when_cors_enabled
+    File.write(File.join(@dir, "x.txt"), "hi")
+    start_server(cors: true)
+    response = get("/x.txt")
-    refute_includes err.string, "WARNING"
+    assert_equal "200", response.code
+    assert_equal "*", response["access-control-allow-origin"]
+    assert_equal "Origin", response["vary"]
   end
-  def test_banner_brackets_ipv6_address_in_url
-    out = StringIO.new
-    server = Wsv::Server.new(host: "::1", port: 8000, root: @dir, out: out, err: StringIO.new)
-    server.send(:log_startup)
+  def test_options_preflight_carries_cors_headers_when_cors_enabled
+    start_server(cors: true)
+    socket = TCPSocket.open("127.0.0.1", @server.port)
+    socket.write("OPTIONS /x.txt HTTP/1.1\r\nHost: localhost\r\n" \
+                 "Access-Control-Request-Method: GET\r\n\r\n")
+    response = socket.read
-    assert_includes out.string, "http://[::1]:8000/"
-    refute_includes out.string, "http://::1:8000/"
+    assert_includes response, "HTTP/1.1 204"
+    assert_includes response, "Access-Control-Allow-Origin: *"
+    assert_includes response, "Access-Control-Allow-Methods: GET, HEAD, OPTIONS"
+    assert_includes response, "Vary: Origin"
+  ensure
+    socket&.close
   end
-  def test_banner_percent_encodes_ipv6_zone_identifier
-    out = StringIO.new
-    server = Wsv::Server.new(host: "fe80::1%eth0", port: 8000, root: @dir, out: out, err: StringIO.new)
-    server.send(:log_startup)
+  def test_slow_client_does_not_block_other_clients
+    File.write(File.join(@dir, "x.txt"), "ok")
+    start_server(read_timeout: 5)
+    slow_socket = TCPSocket.open("127.0.0.1", @server.port)
+    started = Time.now
+    response = get("/x.txt")
+    elapsed = Time.now - started
-    assert_includes out.string, "http://[fe80::1%25eth0]:8000/"
+    assert_equal "200", response.code
+    assert_equal "ok", response.body
+    assert_operator elapsed, :<, 1.0, "request should not be serialized behind slow client"
+  ensure
+    slow_socket&.close
   end
   def test_accept_loop_survives_transient_accept_error
@@ -272,7 +293,7 @@ class ServerTest < Minitest::Test
   def test_serves_over_tls
     File.write(File.join(@dir, "x.txt"), "secret")
-    start_server(tls: build_ephemeral_tls)
+    start_server(tls: ephemeral_tls)
     response = Net::HTTP.start("127.0.0.1", @server.port, use_ssl: true,
                                                           verify_mode: OpenSSL::SSL::VERIFY_NONE) do |http|
@@ -283,24 +304,6 @@ class ServerTest < Minitest::Test
     assert_equal "secret", response.body
   end
-  def test_logs_https_scheme_when_tls_enabled
-    out = StringIO.new
-    @server = Wsv::Server.new(host: "127.0.0.1", port: 0, root: @dir,
-                              out: out, err: StringIO.new, tls: build_ephemeral_tls)
-    @server.send(:log_startup)
-    assert_includes out.string, "https://"
-  end
-  def test_warns_about_self_signed_cert
-    err = StringIO.new
-    @server = Wsv::Server.new(host: "127.0.0.1", port: 0, root: @dir,
-                              out: StringIO.new, err: err, tls: build_ephemeral_tls)
-    @server.send(:log_startup)
-    assert_includes err.string, "self-signed"
-  end
   def test_unsupported_method
     start_server
@@ -312,7 +315,7 @@ class ServerTest < Minitest::Test
   private
-  def start_server(read_timeout: Wsv::Server::DEFAULT_READ_TIMEOUT, tls: nil)
+  def start_server(read_timeout: Wsv::Server::DEFAULT_READ_TIMEOUT, tls: nil, cors: false)
     @server = Wsv::Server.new(
       host: "127.0.0.1",
       port: free_port,
@@ -320,39 +323,32 @@ class ServerTest < Minitest::Test
       out: StringIO.new,
       err: StringIO.new,
       read_timeout: read_timeout,
-      tls: tls
+      tls: tls,
+      cors: cors
     )
     @thread = Thread.new { @server.start }
     wait_until_ready
   end
+  # Wrap accept_loop so the very first call to @server.accept raises a
+  # transient error. Avoids redefining Server#start, which would silently
+  # drift if start grew new steps (open_in_browser, etc.).
   def inject_one_accept_error(server, error_class)
+    original_accept_loop = server.method(:accept_loop)
     fired = false
-    server.define_singleton_method(:start) do
-      @server = TCPServer.new(host, port)
-      original = @server.method(:accept)
+    server.define_singleton_method(:accept_loop) do
+      original_accept = @server.method(:accept)
       @server.define_singleton_method(:accept) do
         unless fired
           fired = true
           raise error_class, "injected"
         end
-        original.call
+        original_accept.call
       end
-      @running = true
-      log_startup
-      trap_signals
-      accept_loop
-    ensure
-      close
+      original_accept_loop.call
     end
   end
-  def build_ephemeral_tls
-    key = OpenSSL::PKey::RSA.new(2048)
-    cert = Wsv::TlsContext::SelfSignedCert.build(key)
-    Wsv::TlsContext.new(cert: cert, key: key, ephemeral: true)
-  end
   def free_port
     server = TCPServer.new("127.0.0.1", 0)
     server.addr[1]

data/test/test_helper.rb CHANGED Viewed

@@ -7,3 +7,11 @@ require "fileutils"
 require "stringio"
 require "tmpdir"
 require "wsv"
+module TlsTestHelpers
+  def ephemeral_tls
+    key = OpenSSL::PKey::RSA.new(2048)
+    cert = Wsv::TlsContext::SelfSignedCert.build(key)
+    Wsv::TlsContext.new(cert: cert, key: key, ephemeral: true)
+  end
+end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: wsv
 version: !ruby/object:Gem::Version
-  version: 0.10.1
+  version: 0.11.0
 platform: ruby
 authors:
 - takahashim
@@ -29,6 +29,7 @@ files:
 - lib/wsv/cors.rb
 - lib/wsv/mime_types.rb
 - lib/wsv/path_resolver.rb
+- lib/wsv/range_request.rb
 - lib/wsv/request.rb
 - lib/wsv/request/parser.rb
 - lib/wsv/request/too_large.rb
@@ -50,9 +51,12 @@ files:
 - lib/wsv/tls_context/self_signed_cert.rb
 - lib/wsv/version.rb
 - test/app_test.rb
+- test/banner_test.rb
 - test/browser_launcher_test.rb
 - test/cli_test.rb
+- test/cors_test.rb
 - test/path_resolver_test.rb
+- test/range_request_test.rb
 - test/request_test.rb
 - test/response_test.rb
 - test/server_test.rb