pax_global_header00006660000000000000000000000064136717716360014533gustar00rootroot0000000000000052 comment=52808700e0ade4225625c6729529e13a6b31cc2f rack-2.1.4/000077500000000000000000000000001367177163600124575ustar00rootroot00000000000000rack-2.1.4/.circleci/000077500000000000000000000000001367177163600143125ustar00rootroot00000000000000rack-2.1.4/.circleci/config.yml000066400000000000000000000054511367177163600163070ustar00rootroot00000000000000workflows: version: 2 test: jobs: - test-jruby - test-ruby-2.2 - test-ruby-2.3 - test-ruby-2.4 - test-ruby-2.5 - test-ruby-2.6 - test-ruby-2.7 version: 2 default-steps: &default-steps - checkout - run: sudo apt-get install lighttpd libfcgi-dev libmemcached-dev # Restore bundle cache - type: cache-restore key: rack-{{ checksum "rack.gemspec" }}-{{ checksum "Gemfile" }} # Bundle install dependencies - run: bundle install --path vendor/bundle # Store bundle cache - type: cache-save key: rack-{{ checksum "rack.gemspec" }}-{{ checksum "Gemfile" }} paths: - vendor/bundle - run: bundle exec rubocop - run: bundle exec rake ci jobs: test-ruby-2.2: docker: - image: circleci/ruby:2.2 # Spawn a process owned by root # This works around an issue explained here: # https://github.com/circleci/circleci-images/pull/132 command: sudo /bin/sh - image: memcached:1.4 steps: *default-steps test-ruby-2.3: docker: - image: circleci/ruby:2.3 # Spawn a process owned by root # This works around an issue explained here: # https://github.com/circleci/circleci-images/pull/132 command: sudo /bin/sh - image: memcached:1.4 steps: *default-steps test-ruby-2.4: docker: - image: circleci/ruby:2.4 # Spawn a process owned by root # This works around an issue explained here: # https://github.com/circleci/circleci-images/pull/132 command: sudo /bin/sh - image: memcached:1.4 steps: *default-steps test-ruby-2.5: docker: - image: circleci/ruby:2.5 # Spawn a process owned by root # This works around an issue explained here: # https://github.com/circleci/circleci-images/pull/132 command: sudo /bin/sh - image: memcached:1.4 steps: *default-steps test-ruby-2.6: docker: - image: circleci/ruby:2.6 # Spawn a process owned by root # This works around an issue explained here: # https://github.com/circleci/circleci-images/pull/132 command: sudo /bin/sh - image: memcached:1.4 steps: *default-steps test-ruby-2.7: docker: - image: circleci/ruby:2.7 # Spawn a process owned by root # This works around an issue explained here: # https://github.com/circleci/circleci-images/pull/132 command: sudo /bin/sh - image: memcached:1.4 steps: *default-steps test-jruby: docker: - image: circleci/jruby # Spawn a process owned by root # This works around an issue explained here: # https://github.com/circleci/circleci-images/pull/132 command: sudo /bin/sh - image: memcached:1.4 steps: *default-steps rack-2.1.4/.gitignore000066400000000000000000000001421367177163600144440ustar00rootroot00000000000000RDOX ChangeLog *.gem lighttpd.errors *.rbc stage *.tar.gz Gemfile.lock .rbx doc /.bundle /.yardoc rack-2.1.4/.rubocop.yml000066400000000000000000000015341367177163600147340ustar00rootroot00000000000000AllCops: TargetRubyVersion: 2.2 DisabledByDefault: true Exclude: - '**/vendor/**/*' Style/FrozenStringLiteralComment: Enabled: true EnforcedStyle: always Exclude: - 'test/builder/bom.ru' # Use Ruby >= 1.9 syntax for hashes. Prefer { a: :b } over { :a => :b }. Style/HashSyntax: Enabled: true Layout/EmptyLineAfterMagicComment: Enabled: true Layout/LeadingCommentSpace: Enabled: true Exclude: - 'test/builder/options.ru' Layout/SpaceAfterColon: Enabled: true Layout/SpaceAfterComma: Enabled: true Layout/SpaceAroundEqualsInParameterDefault: Enabled: true Layout/SpaceAroundKeyword: Enabled: true Layout/SpaceAroundOperators: Enabled: true Layout/SpaceBeforeComma: Enabled: true Layout/SpaceBeforeFirstArg: Enabled: true # Use `{ a: 1 }` not `{a:1}`. Layout/SpaceInsideHashLiteralBraces: Enabled: true rack-2.1.4/.yardopts000066400000000000000000000000071367177163600143220ustar00rootroot00000000000000- SPEC rack-2.1.4/CHANGELOG.md000066400000000000000000000117631367177163600143000ustar00rootroot00000000000000## [2.1.4] - 2020-06-15 - [CVE-2020-8184] When parsing cookies, only decode the value ## [2.1.3] - 2020-05-12 - [CVE-2020-8161] Use Dir.entries instead of Dir[glob] to prevent user-specified glob metacharacters - ## [2.1.2] - 2020-01-27 - Fix multipart parser for some files to prevent denial of service ([@aiomaster](https://github.com/aiomaster)) - Fix `Rack::Builder#use` with keyword arguments ([@kamipo](https://github.com/kamipo)) - Skip deflating in Rack::Deflater if Content-Length is 0 ([@jeremyevans](https://github.com/jeremyevans)) - Remove `SessionHash#transform_keys`, no longer needed ([@pavel](https://github.com/pavel)) - Add to_hash to wrap Hash and Session classes ([@oleh-demyanyuk](https://github.com/oleh-demyanyuk)) - Handle case where session id key is requested but missing ([@jeremyevans](https://github.com/jeremyevans)) ## [2.1.1] - 2020-01-12 - Remove `Rack::Chunked` from `Rack::Server` default middleware. ([#1475](https://github.com/rack/rack/pull/1475), [@ioquatix](https://github.com/ioquatix)) ## [2.1.0] - 2020-01-10 ### Added - Add support for `SameSite=None` cookie value. ([@hennikul](https://github.com/hennikul)) - Add trailer headers. ([@eileencodes](https://github.com/eileencodes)) - Add MIME Types for video streaming. ([@styd](https://github.com/styd)) - Add MIME Type for WASM. ([@buildrtech](https://github.com/buildrtech)) - Add `Early Hints(103)` to status codes. ([@egtra](https://github.com/egtra)) - Add `Too Early(425)` to status codes. ([@y-yagi]((https://github.com/y-yagi))) - Add `Bandwidth Limit Exceeded(509)` to status codes. ([@CJKinni](https://github.com/CJKinni)) - Add method for custom `ip_filter`. ([@svcastaneda](https://github.com/svcastaneda)) - Add boot-time profiling capabilities to `rackup`. ([@tenderlove](https://github.com/tenderlove)) - Add multi mapping support for `X-Accel-Mappings` header. ([@yoshuki](https://github.com/yoshuki)) - Add `sync: false` option to `Rack::Deflater`. (Eric Wong) - Add `Builder#freeze_app` to freeze application and all middleware instances. ([@jeremyevans](https://github.com/jeremyevans)) - Add API to extract cookies from `Rack::MockResponse`. ([@petercline](https://github.com/petercline)) ### Changed - Don't propagate nil values from middleware. ([@ioquatix](https://github.com/ioquatix)) - Lazily initialize the response body and only buffer it if required. ([@ioquatix](https://github.com/ioquatix)) - Fix deflater zlib buffer errors on empty body part. ([@felixbuenemann](https://github.com/felixbuenemann)) - Set `X-Accel-Redirect` to percent-encoded path. ([@diskkid](https://github.com/diskkid)) - Remove unnecessary buffer growing when parsing multipart. ([@tainoe](https://github.com/tainoe)) - Expand the root path in `Rack::Static` upon initialization. ([@rosenfeld](https://github.com/rosenfeld)) - Make `ShowExceptions` work with binary data. ([@axyjo](https://github.com/axyjo)) - Use buffer string when parsing multipart requests. ([@janko-m](https://github.com/janko-m)) - Support optional UTF-8 Byte Order Mark (BOM) in config.ru. ([@mikegee](https://github.com/mikegee)) - Handle `X-Forwarded-For` with optional port. ([@dpritchett](https://github.com/dpritchett)) - Use `Time#httpdate` format for Expires, as proposed by RFC 7231. ([@nanaya](https://github.com/nanaya)) - Make `Utils.status_code` raise an error when the status symbol is invalid instead of `500`. ([@adambutler](https://github.com/adambutler)) - Rename `Request::SCHEME_WHITELIST` to `Request::ALLOWED_SCHEMES`. - Make `Multipart::Parser.get_filename` accept files with `+` in their name. ([@lucaskanashiro](https://github.com/lucaskanashiro)) - Add Falcon to the default handler fallbacks. ([@ioquatix](https://github.com/ioquatix)) - Update codebase to avoid string mutations in preparation for `frozen_string_literals`. ([@pat](https://github.com/pat)) - Change `MockRequest#env_for` to rely on the input optionally responding to `#size` instead of `#length`. ([@janko](https://github.com/janko)) - Rename `Rack::File` -> `Rack::Files` and add deprecation notice. ([@postmodern](https://github.com/postmodern)). - Prefer Base64 “strict encoding” for Base64 cookies. ([@ioquatix](https://github.com/ioquatix)) ### Removed - Remove `to_ary` from Response ([@tenderlove](https://github.com/tenderlove)) - Deprecate `Rack::Session::Memcache` in favor of `Rack::Session::Dalli` from dalli gem ([@fatkodima](https://github.com/fatkodima)) ### Fixed - Eliminate warnings for Ruby 2.7. ([@osamtimizer](https://github.com/osamtimizer])) ### Documentation - Update broken example in `Session::Abstract::ID` documentation. ([tonytonyjan](https://github.com/tonytonyjan)) - Add Padrino to the list of frameworks implmenting Rack. ([@wikimatze](https://github.com/wikimatze)) - Remove Mongrel from the suggested server options in the help output. ([@tricknotes](https://github.com/tricknotes)) - Replace `HISTORY.md` and `NEWS.md` with `CHANGELOG.md`. ([@twitnithegirl](https://github.com/twitnithegirl)) - CHANGELOG updates. ([@drenmi](https://github.com/Drenmi), [@p8](https://github.com/p8)) rack-2.1.4/Gemfile000066400000000000000000000015031367177163600137510ustar00rootroot00000000000000# frozen_string_literal: true source 'https://rubygems.org' gemspec # What we need to do here is just *exclude* JRuby, but bundler has no way to do # this, because of some argument that I know I had with Yehuda and Carl years # ago, but I've since forgotten. Anyway, we actually need it here, and it's not # avaialable, so prepare yourself for a yak shave when this breaks. c_platforms = Bundler::Dsl::VALID_PLATFORMS.dup.delete_if do |platform| platform =~ /jruby/ end gem "rubocop", "0.68.1", require: false # Alternative solution that might work, but it has bad interactions with # Gemfile.lock if that gets committed/reused: # c_platforms = [:mri] if Gem.platforms.last.os == "java" group :extra do gem 'fcgi', platforms: c_platforms gem 'dalli' gem 'thin', platforms: c_platforms end group :doc do gem 'rdoc' end rack-2.1.4/MIT-LICENSE000066400000000000000000000021241367177163600141120ustar00rootroot00000000000000The MIT License (MIT) Copyright (C) 2007-2019 Leah Neukirchen Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. rack-2.1.4/README.rdoc000066400000000000000000000221031367177163600142630ustar00rootroot00000000000000= \Rack, a modular Ruby webserver interface {rack powers web applications}[https://rack.github.io/] {CircleCI}[https://circleci.com/gh/rack/rack] {Gem Version}[http://badge.fury.io/rb/rack] {SemVer Stability}[https://dependabot.com/compatibility-score.html?dependency-name=rack&package-manager=bundler&version-scheme=semver] \Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call. The exact details of this are described in the \Rack specification, which all \Rack applications should conform to. == Supported web servers The included *handlers* connect all kinds of web servers to \Rack: * WEBrick[https://github.com/ruby/webrick] * FCGI * CGI * SCGI * LiteSpeed[https://www.litespeedtech.com/] * Thin[https://rubygems.org/gems/thin] These web servers include \Rack handlers in their distributions: * Agoo[https://github.com/ohler55/agoo] * Falcon[https://github.com/socketry/falcon] * {NGINX Unit}[https://unit.nginx.org/] * {Phusion Passenger}[https://www.phusionpassenger.com/] (which is mod_rack for Apache and for nginx) * Puma[https://puma.io/] * Unicorn[https://bogomips.org/unicorn/] * uWSGI[https://uwsgi-docs.readthedocs.io/en/latest/] Any valid \Rack app will run the same on all these handlers, without changing anything. == Supported web frameworks These frameworks include \Rack adapters in their distributions: * Camping[http://www.ruby-camping.com/] * Coset[http://leahneukirchen.org/repos/coset/] * Hanami[https://hanamirb.org/] * Padrino[http://padrinorb.com/] * Racktools::SimpleApplication * Ramaze[http://ramaze.net/] * Roda[https://github.com/jeremyevans/roda] * {Ruby on Rails}[https://rubyonrails.org/] * Rum[https://github.com/leahneukirchen/rum] * Sinatra[http://sinatrarb.com/] * Utopia[https://github.com/socketry/utopia] * WABuR[https://github.com/ohler55/wabur] * ... and many others. == Available middleware Between the server and the framework, \Rack can be customized to your applications needs using middleware, for example: * Rack::URLMap, to route to multiple applications inside the same process. * Rack::CommonLogger, for creating Apache-style logfiles. * Rack::ShowException, for catching unhandled exceptions and presenting them in a nice and helpful way with clickable backtrace. * Rack::Files, for serving static files. * ...many others! All these components use the same interface, which is described in detail in the \Rack specification. These optional components can be used in any way you wish. == Convenience If you want to develop outside of existing frameworks, implement your own ones, or develop middleware, \Rack provides many helpers to create \Rack applications quickly and without doing the same web stuff all over: * Rack::Request, which also provides query string parsing and multipart handling. * Rack::Response, for convenient generation of HTTP replies and cookie handling. * Rack::MockRequest and Rack::MockResponse for efficient and quick testing of \Rack application without real HTTP round-trips. == rack-contrib The plethora of useful middleware created the need for a project that collects fresh \Rack middleware. rack-contrib includes a variety of add-on components for \Rack and it is easy to contribute new modules. * https://github.com/rack/rack-contrib == rackup rackup is a useful tool for running \Rack applications, which uses the Rack::Builder DSL to configure middleware and build up applications easily. rackup automatically figures out the environment it is run in, and runs your application as FastCGI, CGI, or WEBrick---all from the same configuration. == Quick start Try the lobster! Either with the embedded WEBrick starter: ruby -Ilib lib/rack/lobster.rb Or with rackup: bin/rackup -Ilib example/lobster.ru By default, the lobster is found at http://localhost:9292. == Installing with RubyGems A Gem of \Rack is available at {rubygems.org}[https://rubygems.org/gems/rack]. You can install it with: gem install rack == Running the tests Testing \Rack requires the bacon testing framework: bundle install --without extra # to be able to run the fast tests Or: bundle install # this assumes that you have installed native extensions! There is a rake-based test task: rake test # tests all the tests The testsuite has no dependencies outside of the core Ruby installation and bacon. To run the test suite completely, you need: * fcgi * dalli * thin To test Memcache sessions, you need memcached (will be run on port 11211) and dalli installed. == Configuration Several parameters can be modified on Rack::Utils to configure \Rack behaviour. e.g: Rack::Utils.key_space_limit = 128 === key_space_limit The default number of bytes to allow a single parameter key to take up. This helps prevent a rogue client from flooding a Request. Default to 65536 characters (4 kiB in worst case). === multipart_part_limit The maximum number of parts a request can contain. Accepting too many part can lead to the server running out of file handles. The default is 128, which means that a single request can't upload more than 128 files at once. Set to 0 for no limit. Can also be set via the +RACK_MULTIPART_PART_LIMIT+ environment variable. == Changelog See {CHANGELOG.md}[https://github.com/rack/rack/blob/master/CHANGELOG.md]. == Contact Please post bugs, suggestions and patches to the bug tracker at {issues}[https://github.com/rack/rack/issues]. Please post security related bugs and suggestions to the core team at or rack-core@googlegroups.com. This list is not public. Due to wide usage of the library, it is strongly preferred that we manage timing in order to provide viable patches at the time of disclosure. Your assistance in this matter is greatly appreciated. Mailing list archives are available at . Git repository (send Git patches to the mailing list): * https://github.com/rack/rack * http://git.vuxu.org/cgi-bin/gitweb.cgi?p=rack-github.git You are also welcome to join the #rack channel on irc.freenode.net. == Thanks The \Rack Core Team, consisting of * Leah Neukirchen (leahneukirchen[https://github.com/leahneukirchen]) * James Tucker (raggi[https://github.com/raggi]) * Josh Peek (josh[https://github.com/josh]) * José Valim (josevalim[https://github.com/josevalim]) * Michael Fellinger (manveru[https://github.com/manveru]) * Aaron Patterson (tenderlove[https://github.com/tenderlove]) * Santiago Pastorino (spastorino[https://github.com/spastorino]) * Konstantin Haase (rkh[https://github.com/rkh]) and the \Rack Alumnis * Ryan Tomayko (rtomayko[https://github.com/rtomayko]) * Scytrin dai Kinthra (scytrin[https://github.com/scytrin]) would like to thank: * Adrian Madrid, for the LiteSpeed handler. * Christoffer Sawicki, for the first Rails adapter and Rack::Deflater. * Tim Fletcher, for the HTTP authentication code. * Luc Heinrich for the Cookie sessions, the static file handler and bugfixes. * Armin Ronacher, for the logo and racktools. * Alex Beregszaszi, Alexander Kahn, Anil Wadghule, Aredridel, Ben Alpert, Dan Kubb, Daniel Roethlisberger, Matt Todd, Tom Robinson, Phil Hagelberg, S. Brent Faulkner, Bosko Milekic, Daniel Rodríguez Troitiño, Genki Takiuchi, Geoffrey Grosenbach, Julien Sanchez, Kamal Fariz Mahyuddin, Masayoshi Takahashi, Patrick Aljordm, Mig, Kazuhiro Nishiyama, Jon Bardin, Konstantin Haase, Larry Siden, Matias Korhonen, Sam Ruby, Simon Chiang, Tim Connor, Timur Batyrshin, and Zach Brock for bug fixing and other improvements. * Eric Wong, Hongli Lai, Jeremy Kemper for their continuous support and API improvements. * Yehuda Katz and Carl Lerche for refactoring rackup. * Brian Candler, for Rack::ContentType. * Graham Batty, for improved handler loading. * Stephen Bannasch, for bug reports and documentation. * Gary Wright, for proposing a better Rack::Response interface. * Jonathan Buch, for improvements regarding Rack::Response. * Armin Röhrl, for tracking down bugs in the Cookie generator. * Alexander Kellett for testing the Gem and reviewing the announcement. * Marcus Rückert, for help with configuring and debugging lighttpd. * The WSGI team for the well-done and documented work they've done and \Rack builds up on. * All bug reporters and patch contributors not mentioned above. == Links \Rack:: Official \Rack repositories:: \Rack Bug Tracking:: rack-devel mailing list:: == License \Rack is released under the {MIT License}[https://opensource.org/licenses/MIT]. rack-2.1.4/Rakefile000066400000000000000000000063461367177163600141350ustar00rootroot00000000000000# frozen_string_literal: true require "rake/testtask" desc "Run all the tests" task default: :test desc "Install gem dependencies" task :deps do require 'rubygems' spec = Gem::Specification.load('rack.gemspec') spec.dependencies.each do |dep| reqs = dep.requirements_list reqs = (["-v"] * reqs.size).zip(reqs).flatten # Use system over sh, because we want to ignore errors! system Gem.ruby, "-S", "gem", "install", '--conservative', dep.name, *reqs end end desc "Make an archive as .tar.gz" task dist: %w[chmod changelog spec rdoc] do sh "git archive --format=tar --prefix=#{release}/ HEAD^{tree} >#{release}.tar" sh "pax -waf #{release}.tar -s ':^:#{release}/:' SPEC ChangeLog doc rack.gemspec" sh "gzip -f -9 #{release}.tar" end desc "Make an official release" task :officialrelease do puts "Official build for #{release}..." sh "rm -rf stage" sh "git clone --shared . stage" sh "cd stage && rake officialrelease_really" sh "mv stage/#{release}.tar.gz stage/#{release}.gem ." end task officialrelease_really: %w[spec dist gem] do sh "shasum #{release}.tar.gz #{release}.gem" end def release "rack-" + File.read('lib/rack.rb')[/RELEASE += +([\"\'])([\d][\w\.]+)\1/, 2] end desc "Make binaries executable" task :chmod do Dir["bin/*"].each { |binary| File.chmod(0755, binary) } Dir["test/cgi/test*"].each { |binary| File.chmod(0755, binary) } end desc "Generate a ChangeLog" task changelog: "ChangeLog" file '.git/index' file "ChangeLog" => '.git/index' do File.open("ChangeLog", "w") { |out| log = `git log -z` log.force_encoding(Encoding::BINARY) log.split("\0").map { |chunk| author = chunk[/Author: (.*)/, 1].strip date = chunk[/Date: (.*)/, 1].strip desc, detail = $'.strip.split("\n", 2) detail ||= "" detail = detail.gsub(/.*darcs-hash:.*/, '') detail.rstrip! out.puts "#{date} #{author}" out.puts " * #{desc.strip}" out.puts detail unless detail.empty? out.puts } } end desc "Generate Rack Specification" task spec: "SPEC" file 'lib/rack/lint.rb' file "SPEC" => 'lib/rack/lint.rb' do File.open("SPEC", "wb") { |file| IO.foreach("lib/rack/lint.rb") { |line| if line =~ /## (.*)/ file.puts $1 end } } end Rake::TestTask.new("test:regular") do |t| t.libs << "test" t.test_files = FileList["test/**/*_test.rb", "test/**/spec_*.rb", "test/gemloader.rb"] t.warning = false t.verbose = true end desc "Run all the fast + platform agnostic tests" task test: %w[spec test:regular] desc "Run all the tests we run on CI" task ci: :test task gem: :spec do sh "gem build rack.gemspec" end task doc: :rdoc desc "Generate RDoc documentation" task rdoc: %w[changelog spec] do sh(*%w{rdoc --line-numbers --main README.rdoc --title 'Rack\ Documentation' --charset utf-8 -U -o doc} + %w{README.rdoc KNOWN-ISSUES SPEC ChangeLog} + `git ls-files lib/\*\*/\*.rb`.strip.split) cp "contrib/rdoc.css", "doc/rdoc.css" end task pushdoc: :rdoc do sh "rsync -avz doc/ rack.rubyforge.org:/var/www/gforge-projects/rack/doc/" end task pushsite: :pushdoc do sh "cd site && git gc" sh "rsync -avz site/ rack.rubyforge.org:/var/www/gforge-projects/rack/" sh "cd site && git push" end rack-2.1.4/SECURITY_POLICY.md000066400000000000000000000110721367177163600153300ustar00rootroot00000000000000# Rack maintenance ## Supported versions ### New features New features will only be added to the master branch and will not be made available in point releases. ### Bug fixes Only the latest release series will receive bug fixes. When enough bugs are fixed and its deemed worthy to release a new gem, this is the branch it happens from. * Current release series: 2.0.x ### Security issues The current release series and the next most recent one will receive patches and new versions in case of a security issue. * Current release series: 2.0.x * Next most recent release series: 1.6.x ### Severe security issues For severe security issues we will provide new versions as above, and also the last major release series will receive patches and new versions. The classification of the security issue is judged by the core team. * Current release series: 2.0.x * Next most recent release series: 1.6.x * Last most recent release series: 1.5.x ### Unsupported Release Series When a release series is no longer supported, it’s your own responsibility to deal with bugs and security issues. We may provide back-ports of the fixes and publish them to git, however there will be no new versions released. If you are not comfortable maintaining your own versions, you should upgrade to a supported version. ## Reporting a bug All security bugs in Rack should be reported to the core team through our private mailing list [rack-core@googlegroups.com](https://groups.google.com/forum/#!forum/rack-core). Your report will be acknowledged within 24 hours, and you’ll receive a more detailed response to your email within 48 hours indicating the next steps in handling your report. After the initial reply to your report the security team will endeavor to keep you informed of the progress being made towards a fix and full announcement. These updates will be sent at least every five days, in reality this is more likely to be every 24-48 hours. If you have not received a reply to your email within 48 hours, or have not heard from the security team for the past five days there are a few steps you can take: * Contact the current security coordinator [Aaron Patterson](mailto:tenderlove@ruby-lang.org) directly ## Disclosure Policy Rack has a 5 step disclosure policy. 1. Security report received and is assigned a primary handler. This person will coordinate the fix and release process. 2. Problem is confirmed and, a list of all affected versions is determined. Code is audited to find any potential similar problems. 3. Fixes are prepared for all releases which are still supported. These fixes are not committed to the public repository but rather held locally pending the announcement. 4. A suggested embargo date for this vulnerability is chosen and distros@openwall is notified. This notification will include patches for all versions still under support and a contact address for packagers who need advice back-porting patches to older versions. 5. On the embargo date, the [ruby security announcement mailing list](mailto:ruby-security-ann@googlegroups.com) is sent a copy of the announcement. The changes are pushed to the public repository and new gems released to rubygems. Typically the embargo date will be set 72 hours from the time vendor-sec is first notified, however this may vary depending on the severity of the bug or difficulty in applying a fix. This process can take some time, especially when coordination is required with maintainers of other projects. Every effort will be made to handle the bug in as timely a manner as possible, however it’s important that we follow the release process above to ensure that the disclosure is handled in a consistent manner. ## Receiving Security Updates The best way to receive all the security announcements is to subscribe to the [ruby security announcement mailing list](mailto:ruby-security-ann@googlegroups.com). The mailing list is very low traffic, and it receives the public notifications the moment the embargo is lifted. If you produce packages of Rack and require prior notification of vulnerabilities, you should be subscribed to vendor-sec. No one outside the core team, the initial reporter or vendor-sec will be notified prior to the lifting of the embargo. We regret that we cannot make exceptions to this policy for high traffic or important sites, as any disclosure beyond the minimum required to coordinate a fix could cause an early leak of the vulnerability. ## Comments on this Policy If you have any suggestions to improve this policy, please send an email the core team at [rack-core@googlegroups.com](https://groups.google.com/forum/#!forum/rack-core). rack-2.1.4/SPEC000066400000000000000000000337631367177163600131500ustar00rootroot00000000000000This specification aims to formalize the Rack protocol. You can (and should) use Rack::Lint to enforce it. When you develop middleware, be sure to add a Lint before and after to catch all mistakes. = Rack applications A Rack application is a Ruby object (not a class) that responds to +call+. It takes exactly one argument, the *environment* and returns an Array of exactly three values: The *status*, the *headers*, and the *body*. == The Environment The environment must be an instance of Hash that includes CGI-like headers. The application is free to modify the environment. The environment is required to include these variables (adopted from PEP333), except when they'd be empty, but see below. REQUEST_METHOD:: The HTTP request method, such as "GET" or "POST". This cannot ever be an empty string, and so is always required. SCRIPT_NAME:: The initial portion of the request URL's "path" that corresponds to the application object, so that the application knows its virtual "location". This may be an empty string, if the application corresponds to the "root" of the server. PATH_INFO:: The remainder of the request URL's "path", designating the virtual "location" of the request's target within the application. This may be an empty string, if the request URL targets the application root and does not have a trailing slash. This value may be percent-encoded when originating from a URL. QUERY_STRING:: The portion of the request URL that follows the ?, if any. May be empty, but is always required! SERVER_NAME, SERVER_PORT:: When combined with SCRIPT_NAME and PATH_INFO, these variables can be used to complete the URL. Note, however, that HTTP_HOST, if present, should be used in preference to SERVER_NAME for reconstructing the request URL. SERVER_NAME and SERVER_PORT can never be empty strings, and so are always required. HTTP_ Variables:: Variables corresponding to the client-supplied HTTP request headers (i.e., variables whose names begin with HTTP_). The presence or absence of these variables should correspond with the presence or absence of the appropriate HTTP header in the request. See {RFC3875 section 4.1.18}[https://tools.ietf.org/html/rfc3875#section-4.1.18] for specific behavior. In addition to this, the Rack environment must include these Rack-specific variables: rack.version:: The Array representing this version of Rack See Rack::VERSION, that corresponds to the version of this SPEC. rack.url_scheme:: +http+ or +https+, depending on the request URL. rack.input:: See below, the input stream. rack.errors:: See below, the error stream. rack.multithread:: true if the application object may be simultaneously invoked by another thread in the same process, false otherwise. rack.multiprocess:: true if an equivalent application object may be simultaneously invoked by another process, false otherwise. rack.run_once:: true if the server expects (but does not guarantee!) that the application will only be invoked this one time during the life of its containing process. Normally, this will only be true for a server based on CGI (or something similar). rack.hijack?:: present and true if the server supports connection hijacking. See below, hijacking. rack.hijack:: an object responding to #call that must be called at least once before using rack.hijack_io. It is recommended #call return rack.hijack_io as well as setting it in env if necessary. rack.hijack_io:: if rack.hijack? is true, and rack.hijack has received #call, this will contain an object resembling an IO. See hijacking. Additional environment specifications have approved to standardized middleware APIs. None of these are required to be implemented by the server. rack.session:: A hash like interface for storing request session data. The store must implement: store(key, value) (aliased as []=); fetch(key, default = nil) (aliased as []); delete(key); clear; rack.logger:: A common object interface for logging messages. The object must implement: info(message, &block) debug(message, &block) warn(message, &block) error(message, &block) fatal(message, &block) rack.multipart.buffer_size:: An Integer hint to the multipart parser as to what chunk size to use for reads and writes. rack.multipart.tempfile_factory:: An object responding to #call with two arguments, the filename and content_type given for the multipart form field, and returning an IO-like object that responds to #<< and optionally #rewind. This factory will be used to instantiate the tempfile for each multipart form file upload field, rather than the default class of Tempfile. The server or the application can store their own data in the environment, too. The keys must contain at least one dot, and should be prefixed uniquely. The prefix rack. is reserved for use with the Rack core distribution and other accepted specifications and must not be used otherwise. The environment must not contain the keys HTTP_CONTENT_TYPE or HTTP_CONTENT_LENGTH (use the versions without HTTP_). The CGI keys (named without a period) must have String values. There are the following restrictions: * rack.version must be an array of Integers. * rack.url_scheme must either be +http+ or +https+. * There must be a valid input stream in rack.input. * There must be a valid error stream in rack.errors. * There may be a valid hijack stream in rack.hijack_io * The REQUEST_METHOD must be a valid token. * The SCRIPT_NAME, if non-empty, must start with / * The PATH_INFO, if non-empty, must start with / * The CONTENT_LENGTH, if given, must consist of digits only. * One of SCRIPT_NAME or PATH_INFO must be set. PATH_INFO should be / if SCRIPT_NAME is empty. SCRIPT_NAME never should be /, but instead be empty. === The Input Stream The input stream is an IO-like object which contains the raw HTTP POST data. When applicable, its external encoding must be "ASCII-8BIT" and it must be opened in binary mode, for Ruby 1.9 compatibility. The input stream must respond to +gets+, +each+, +read+ and +rewind+. * +gets+ must be called without arguments and return a string, or +nil+ on EOF. * +read+ behaves like IO#read. Its signature is read([length, [buffer]]). If given, +length+ must be a non-negative Integer (>= 0) or +nil+, and +buffer+ must be a String and may not be nil. If +length+ is given and not nil, then this method reads at most +length+ bytes from the input stream. If +length+ is not given or nil, then this method reads all data until EOF. When EOF is reached, this method returns nil if +length+ is given and not nil, or "" if +length+ is not given or is nil. If +buffer+ is given, then the read data will be placed into +buffer+ instead of a newly created String object. * +each+ must be called without arguments and only yield Strings. * +rewind+ must be called without arguments. It rewinds the input stream back to the beginning. It must not raise Errno::ESPIPE: that is, it may not be a pipe or a socket. Therefore, handler developers must buffer the input data into some rewindable object if the underlying input stream is not rewindable. * +close+ must never be called on the input stream. === The Error Stream The error stream must respond to +puts+, +write+ and +flush+. * +puts+ must be called with a single argument that responds to +to_s+. * +write+ must be called with a single argument that is a String. * +flush+ must be called without arguments and must be called in order to make the error appear for sure. * +close+ must never be called on the error stream. === Hijacking ==== Request (before status) If rack.hijack? is true then rack.hijack must respond to #call. rack.hijack must return the io that will also be assigned (or is already present, in rack.hijack_io. rack.hijack_io must respond to: read, write, read_nonblock, write_nonblock, flush, close, close_read, close_write, closed? The semantics of these IO methods must be a best effort match to those of a normal ruby IO or Socket object, using standard arguments and raising standard exceptions. Servers are encouraged to simply pass on real IO objects, although it is recognized that this approach is not directly compatible with SPDY and HTTP 2.0. IO provided in rack.hijack_io should preference the IO::WaitReadable and IO::WaitWritable APIs wherever supported. There is a deliberate lack of full specification around rack.hijack_io, as semantics will change from server to server. Users are encouraged to utilize this API with a knowledge of their server choice, and servers may extend the functionality of hijack_io to provide additional features to users. The purpose of rack.hijack is for Rack to "get out of the way", as such, Rack only provides the minimum of specification and support. If rack.hijack? is false, then rack.hijack should not be set. If rack.hijack? is false, then rack.hijack_io should not be set. ==== Response (after headers) It is also possible to hijack a response after the status and headers have been sent. In order to do this, an application may set the special header rack.hijack to an object that responds to call accepting an argument that conforms to the rack.hijack_io protocol. After the headers have been sent, and this hijack callback has been called, the application is now responsible for the remaining lifecycle of the IO. The application is also responsible for maintaining HTTP semantics. Of specific note, in almost all cases in the current SPEC, applications will have wanted to specify the header Connection:close in HTTP/1.1, and not Connection:keep-alive, as there is no protocol for returning hijacked sockets to the web server. For that purpose, use the body streaming API instead (progressively yielding strings via each). Servers must ignore the body part of the response tuple when the rack.hijack response API is in use. The special response header rack.hijack must only be set if the request env has rack.hijack? true. ==== Conventions * Middleware should not use hijack unless it is handling the whole response. * Middleware may wrap the IO object for the response pattern. * Middleware should not wrap the IO object for the request pattern. The request pattern is intended to provide the hijacker with "raw tcp". == The Response === The Status This is an HTTP status. When parsed as integer (+to_i+), it must be greater than or equal to 100. === The Headers The header must respond to +each+, and yield values of key and value. The header keys must be Strings. Special headers starting "rack." are for communicating with the server, and must not be sent back to the client. The header must not contain a +Status+ key. The header must conform to RFC7230 token specification, i.e. cannot contain non-printable ASCII, DQUOTE or "(),/:;<=>?@[\]{}". The values of the header must be Strings, consisting of lines (for multiple header values, e.g. multiple Set-Cookie values) separated by "\\n". The lines must not contain characters below 037. === The Content-Type There must not be a Content-Type, when the +Status+ is 1xx, 204 or 304. === The Content-Length There must not be a Content-Length header when the +Status+ is 1xx, 204 or 304. === The Body The Body must respond to +each+ and must only yield String values. The Body itself should not be an instance of String, as this will break in Ruby 1.9. If the Body responds to +close+, it will be called after iteration. If the body is replaced by a middleware after action, the original body must be closed first, if it responds to close. If the Body responds to +to_path+, it must return a String identifying the location of a file whose contents are identical to that produced by calling +each+; this may be used by the server as an alternative, possibly more efficient way to transport the response. The Body commonly is an Array of Strings, the application instance itself, or a File-like object. == Thanks Some parts of this specification are adopted from PEP333: Python Web Server Gateway Interface v1.0 (http://www.python.org/dev/peps/pep-0333/). I'd like to thank everyone involved in that effort. rack-2.1.4/bin/000077500000000000000000000000001367177163600132275ustar00rootroot00000000000000rack-2.1.4/bin/rackup000077500000000000000000000001251367177163600144400ustar00rootroot00000000000000#!/usr/bin/env ruby # frozen_string_literal: true require "rack" Rack::Server.start rack-2.1.4/contrib/000077500000000000000000000000001367177163600141175ustar00rootroot00000000000000rack-2.1.4/contrib/rack.png000066400000000000000000000563751367177163600155650ustar00rootroot00000000000000PNG  IHDR@@e6sRGBbKGD pHYs B(xtIME ,+( IDATxyyhB#mɎ96ƾ %8q9J;n%Zw>;ݑ;#؉LNDxBF 1k@4cʩ{nIT "\\N|pvu7p7-cߔThՄNU7 (V a}v$o0e(""}v4$x_@QvLe_#AtVE9.Q1?F0:wZ]Jhzm\BEʫ 9MjpQ]P.lEC-B"L{.`^NbB*nbh9("chl9%2c Q<)""T23Ż+>Iו%wcqnzHP]1KѴիn]CDD$u^MzC8BiYZ,"" ^fZT&~2Vo~5VQ9ykiӜWOLZa-"Ü4O0TtԎ@cf>R#At}ʌՊn3.~ů:3%WYLe^EFՋN3"~:s43cih\CuF-ИmN-"Rf %p!yI\j&62VϏ""RUTff MXfhգNrAfLCNX}\'cx7kttUU} uGX+Иg9""'H73?p53Ke^M;k9 CJ33v斴h\E:ozS*"1$VB 4I&{_; |S9=S" `!2<~\%}{N/ QI\=U`~p#D8M9A4zթڐDk""`4!Dvl!9㌈Afk)cD$)r+pJzS"r{53V'zwwよTiyj Rȉȟu*иj+HxUjʑ[hE(&j$gSV,SDN|!f9"2nZFH?խctb."` -3~P܇HR ' j&6*ШZD*ÿ"uc6-cƚ ]7Vt@,$2c .u2V|CINHxuy>`D]ɌU;a>y{+|{?Y"YƪR'[13V@$AƯ5Kff9oZ3Az>v3*۲2,D8[VNh7}m*CXAuRGѵwRHgAcuU5:aH8/~e)^Yf >G[kfnS= N4 o&CD 4VԒMD7u4d,U9cJZEe՛Lwg8""NU锱ZTxZfX<p8""MXfh'!^tTofJ03s:DD:Lh@S}BIDD0Z;> :E~ xCx`5U,ފ[EDQ.ѭN+k l<hYa7J]A}~H+ev+Ԑ_-IE |&Hwʫq>gѣ;<. 'S'D(QZ=ܺx<Œ(1~ߗe;"xϋ ^ \ua;jZ۴w^]f Ď(2At914F xO|)*9Ҭٰ.ˎ ;DDDڙFP=PN%-G@ q%:~L+ \F+J&CBDJHCH}XDD$BL]L^%d9 '!3$""9v] ]y\|G }^2At_$""(.S»^` >NH3\ `qrHgLS٭zLB0S΁9¡#]""=/~$^q~`$  Q,u4)Rw0x{|E=n\Bzܟk-|u^zNE0`.!r|F"]+چDD4M=2 4c %f%A-S]b""33Yĩ]43xXޚg ֧DDJa* US|?\)pBzi10X 2\H \?F{ܾS1RTz!7X&m=Dޒ`@sZ@U1PmԿ6 Z!.s1gڋ%?O<"^*Rbkmyx#/ѯ.{IE{Ĺs(ykUD̏ў%>=}ɌYl*"U1c|ޖQ{^uq@M`"k=O3 uvEC ϕUQG{~\RP5DhFm"ȉ05F{nMDgpE. PoX(Nl*"Y`}exCky_OuEz1HϠά躋Ds(Eua7DZHϯcPϙ,SujaH:MYJ3NrEj,B*钟% Ek\: )ÜbYA/!:>47b@v)3y evӝb$=ϖL.aiϏ \ӫ\N 3<=cg^7ۥrhj|m" "uQl/޾?j8f)@RukMqE 1jag 6f)$16)N+( K?E5!X,H&MԔ&EVy>~`5htKP$cmV̏ў%cFMx19ۥfu?ͪMdW3 ;(.\J' Y.K414kVhS,oDZ/5ݓ @4k6_%5Ò1-*0^gT@һ4kVh6=e9D-lC;RiZck6sV\[?*y]?Q_'.f:\ Ѥ/fHX 0V#C̢=n g K$Rue^d`f<6OS`_ {Pix*DNj.WТ@zSgў2{0sBl*0Ƨ7ႇ;"afB`=!Zti\ǫ*E )E6=27WQz> ? |/'9ŵe!s=Vʋ> |2 l)0&MH ҶkWJ'l/y<@fαOu@"U "-6n3jbkS)M`S`"! !%Lj<ԧOc.DHud:.>| / #N;X&` TىўV`~&;\ : vuNw/%]ֈt|y*Hh ڛY_G^8><7F .HSP;5-_Ci=K";}4Mod8o?,yhyByp)DzY _)s^ˋ s7-_`ΊQE);cth9`^J#5% qndU`8\ Py4kc~4F{Nm@ P=毣+9ڳ7ўR<@DD@_⛀KO灚n* 63A+DI<rrMkOs)AO|EG\Vm6)';B s-zHDz=ˉK Q=0/XE4842('DҬR\!tQ;lf G mge@" 9._*XgMM~Bs~O"'HD9 |76l|Z[TpnۀS%0iz9ݩ2(tH$"R \Lk_>K|P#PT0h'8dpO<2 sm\B L5Hr zdc BoQ3iK:D>zHw9x[0 s16肈ȉ| 2& >Nq<2.%D 0T-"?FD5_.ʉ˘x$ 56/:]"r(DzYQd\y_!˾DwcH ș^kFbGCwhn%԰POy%ぷS{?M eh@D4FDv.'x$iz=DH%vLD@ sfG=ZdN<Rcѷ)4Q)DgpuN\y"t # A+]f0-9H?N/u9O&&`vN]C1た x'R+z2TWl! o3QֱV;nv}|\c%`욳H\BKUDx\$*+zb}|<[HcT5)m L$m=}?p;BdO߇`2˻&hoױut!)9sQ|E+i pS<N v"kOE1ܯe馵sV=zI=cC:knåp6-ք_/yOUdE3PcRIמ ]s;.@,ѓ&gۖn_@R6zQn397eWnz&`e<k>al h p[/)DN#@iHy# pdeh|D$3ix6'>J+xs} .P/3zxG9ugvNnOx-좿(e~_$%3b]  #h/^yЏj-?6l>aWN cfل⚓b}<6xxVjӷ)0)IMh#@15=)6rvJ\c)+vGM CzSYOѓLHgKQOm#S"JQIU+Pb Ic:&ua,LIL):\ :p.:E6R5um ӷHfj5I_]&oOULUW nfR}Ds!rEҴٹ߇)I7׭]N"eCsoO]hW]: MR"$}s|3vBhN`<>F0-_/.&xR 0!! 1HwUk pNJbeS=s-0+s*g/&}ȝmH(+&ԫ2A1-Rv Q-2bMEFˡhm2/%|),f|}<c=0%0Me%Iz4XI!WZm&ho1Vu xNQ5S`㩇vi#z1{y!)Y/ a}<~P>m&DN:xVuNtP=p)] ?_6"ݠ.:sꤍ @3iŸMAa.RA+Lψ3bSR90qy$AZM(֘ F+J|֓*^6:\@CKڵ?p.Ut$'8bhs ?vGIL.H߳N]#]P K ic{Ax$P1rlo۳ɢ'u#zx !~eKCwӊc+9N]myU9U^ ܅E8BZسTbB;n p<_I[aԈD>ׯ!$Gosnἂ5PzoĖȉQ$t\ETqIU= 9~n_5:\l3!" P;cg .dxjkbǚ"R4ЋW/vw=Ww @3CO?M(^&"RWg8fවH@\.sPS.n0""Mpg<;[k9 4g&Z{n0 B~D)Ň(CD:LY1`iWοm `K0s >tzD!|D:+pUGn~hUD)(H*wIг ׀x~᪖B|>,("h!8->>A6F0x7$:鲻U.vf&DS~^np.coQPD)GrB IDAT腄{ ˖HZ7y}1z[>r7ގo]m7(" ϸ?VZcrh}Gsoxۍrg㍷씋("ioבr|zT-ZOX'0eQ5Esz+?O_\{6C3#w=yj):l/hg=m:uD3} xSry(J`-r{E/EtaSJ&ӊo 흿 ޢ'ڙ6bZD:C{NHҏ8o@ǺcZD@UR'E=.-бhsEDT%6o=(alިRuԳLecxwa,T\v(NiIꓧ]ԥ]G7(]ZRQu{1v" ^N:'x}w<@xE@ *kQ*"p9(꒧2Q5l O%Ll779 K,O u(Mư#(]RKO6Zs]"G+jM{ ?6JEN(oi1%-becxm 9nsJ@u`&XIߌs&\Dj"s%̈́\u@: :Zׁ/Jz|M@ 2)wώo:m 3 V>|ЄVDj" 9:F:uJNW \'B-u0˩4S*[+z˶u'I gWsOn?M0*o$t D$uf$ 9^$j',v_"x0ĩ$p_U|}k)dP #7MBԻv}+aSJ_7[a(Cу E$e2P$ďT_mwIrGJ9Ck LDS H(`lNj1\f%|ѡQ-%4Ip|  IMM \L+:4?F΋(־AB()"r4sy{Fz #@c7DG/XHa' Бx^,wԔ0$ub_?OZҪ_sN/s agOTzP(&wѣrJ|2Àrb Ds4C[[2S)R;^C\@gv<ѣrJC9Ls>EǛsҩ<->4`Yt`)$E ; պHf쥿hXxVbգn:"1zBZ*P]qtKt"Iuw.a%N5jw>GE6OMT#@"cF$rcLU"S)$.;踉R#@5T!:C)WiY=1T 5V7UFzWQ=2FDnN'*MZCwyL͑"udGu@%=+ #@5D?tC9.UVңHȔ1YGUx { ?|@"1`N^FuLrj)L qTxȉTO4Cwh:rBNF|4+*DO/p-Rt =n?ĩSՄ9S=vm~1oaT%9Y%]eٱNC ˕[բg iW= \&)e1Rrvk#Edpy\ݘw'j:V"]mH7E{+<&DD6(Dt~`&&r^>yஜ k1?fUxKNu=H>㲜$?UBHjTFBz.B:-"=!Ǽu-~ZѡuKNgL~6ߥ~" ЄTNLưmo%lOO#~z/h!ҳbѳ(z(@ 9-VFq1|DseۀoD1t SY"=P]3?[kHHD sQJLK /w_@7Ec[HD:>˦WT[c븝f@6BƼx[UpPC&`T@""Ѷ%r:=ۮ$NX,,/ǵz i4vvWP7m%a\_O<Eu ٗP {B;V{?4x3iCj;vE ԝM#a/޳:cԮcԾx?pFrG=_vQ)Dlk dR?Tvyފ UWyK(@"ҋԵ]f®sn>Q$pNQ>貯 .RvstWmBZYEO LD$QuNUGإ43s߉}3t?`Yέ/M::FDD*d3GК!gl?<(;y5= ~J{RHOJ]d.h,!Ty.®9Q)DDJ.п]5 k>]vP?"'BzB$"R:͉+1P2wFB.Ơ ZD^?",> ?8HHH(P!ydHDN 6o#Ժ,<o>JyO0!u#tTPTW0TDu8qט':4w)".o p)D)Q,%ZKR!tKx﫹9Bتj{IOrѦD:bV7:(fJHޚnύEX˦R=@"=Y[oFB疥mnQ{(Zξ8kSz $tߋFQN0j\#LIL~ 0M{ [4I#lts:۩㰤cK$f7.xl!Bg:]%+z* ne6Z5GH8`S=o!j"YP}$2`*'ȯXop) !uB]=*xud~a\ zsߐ7 ?hWH0`\Sc2x@1Ɲ6"G"e.00= LJ\ߍ⛄,N09q:u'm{ԜǗN+>B]gEx= H0MgB5ᵄG\"@FD`p-Bt?ߍhZBA '1*'Sz6B?W']H3\Aʻ)w~Py-pl}F^]} bUD9*U(ʋ"BQ=s}&;RsIs  me݇)Lę.HJ-&n8rtHd-& uj1ṉ́eWRU3鲽(@Q-&FUcDl1!u=]6P :J*Q)jHB*.-&-&&xpVǟSM(@ZDyedbB鲣1BwI9(_=bB .upnb;PW+۔p3Fo{ϡ*O[imMńH1v>nl:0ٯeydt#,{..h@l1!"h>BlN"9/8 ^@u8 9>:8?~)_K/'|lVv)$K#lsϔǀ@:iIz hck-R<;rg.i ٟfo<|8u ^I #~\bByddy(˶6R%{کl$jDPʡ^`y|qzEz|liVovvNq.U-{)#3vo"tٗՉtN?SՇ+A>O(kS%"5@L~ $1_͟_v@=~PptR=[9Ghїp<۰wٱXQ`\;\ 9 &.%tTH PyDxZBO;\@_7oJ`!0i vFG< # ]ԋ m5,0[YhbB~8/bth10 jtӘ.+*p-lt/H2jM) ˺_ޟt*Ҭ-:å"juK-dl}[wбnT 1ZBi/]97Au/r(D́e#OE.5Nرr1ηnDdKl7tټ kes*Q9^LF\Q5|)Mm.T|9+dģC+ճm*jof);]s.P7NV ^Q5eAѡI{W8AL.Kodvl.de P7o½aQI7C nQ-~%5M|]" Ѿ7gpma08q(R`J.:L7({N-]9u]N(@72Q5|,bGKXӬJI]"萈)]Yj*À7v7F;eR5_$R;: :3Psވ/uDjC7F觜>Pn7?p!5 8{(@c .@w@Me2a).|O9]r& [{RCn'lkOM= !,;)4lFTSE& pIun+p ,z 9cw|@$zBݡofݡRz.QI9yB;-%IӁ[[ӷk_D3K}j1>s@VJ(eDR \+d_)6P #E@ Ium8 9q_&('`%%.03P} <sJ@Fv4 Hb!+ }D@My K陨RIFj؞ K5-%QI5Jn`5+)À>B2߽5*O_y6_v:"RW*,W  SV-Fz `ib\G+:d!F94AƳl poϫu]/{t@R-YyTm:6Ry N(z"`5Օ ܾ\xSئP[ftH@=B|%!TUͳ8gQ17JM`U"<P8*z쎢5JNHä\t!Q5Y~QU4ZZ$͈'6ӝ.(YtUf^O0TqqKwӮfXLCd׫bE *HdHP !imBB<5n-p-W@"'zthy" n2%*;H$R:KTeZ q@r]ѤQC_-4m YKh)BMXG=k:e"n {]Nwx~q5_G5uDh&zG֑ eIDATHDJEQ}_l[qBSŵ;203ET= |9jITWISZ4v I;tZ HEQݟq4zY`,ܔ6$Rߏ\4- ÁZM0U1飚݈ U%`( i':iE*v2 DFןhmS.cW"i!H}3p)<*uMGL~bܾ|}בDdMQWǟF1GZua8FhԘ " ՗1蹚j`= 5fϓNHDz|th (A]Њ! CvIwFs |, y{ME\G(_um'1_$rOQ0߿G.oRҙu.-M t'MH@b߲ f>O u5A&{jOq=e4fp)DzI [_8Ci1pkq/0ޗ4Mȉd"V ~;9za F^jZYtFA:ctS`~I *8_ QQ c>:R<,?PzK=N(RhjHl!=V$\D%T_/3ş7k ߝ/!{V|v'wzSIALISXP+ SK$Dv)XF ̎r,_`._۔6$"u`+!MrPVw2BB4z bEюҍy 1$M3ZAZt佌EN&4{kMU\ÄH.P}K$Ja(&(A: "a+ [ƫ̈́\`-y\_p)D@39z&rBIО kW]}ԗ .~E$(+2tX75AH/`<>N;NBݡI ߔx!\<wHDl&4!(A DY>KP0&uL ۣoE#e*s忕tSR\^k5Hv q@lB5M=v\X/v@",&Ft}u]^>MHU;BDm-n^p)DJybM`ޫ . pi I"QiHфf< o'#>Ja_O?% I Hzs_^i~Tvل(F˚(`V\QXl(u@;UMx#1zSUN<%[R6Y~8Bf}1T$S)HT)Ju-VuTD2J:d=sH@z4@3VEL20ryJ$*SI'(RgBآ 6%HOT ) xL:@iq&P~+i7L7_'LEWǟ\߁}wPhJh8-惉}Y>[һJf iJ( S.Љ2XD0=2\f"4ZMT me>). )z0iJT z?iZ@|lp)/<, Ъ{iUf#W'EvzgvEؖ2s_p.YeUrh9e=Ōm@ >[i%R_=E3!7r5{ پG/ԪʾI$E+Mn5ޠ0WBflԛLk#)5Z;hs_f6Y.F"LDi /gK_ԫGQ6éSIh$`-P7S[0 XKg_M7f׀ޓ"2 KV 2+λ'BYIS #@ P$t[*)ͯ>[Ed Dni!{dF(HgkS("@yFӿkÃmc8jFhP3ct[3uˤW>;6HVt@ M0^_WtYm)o \ >𽄣C x#ZmP(OgkS#" v&ӪLdhCs\gdp)| ;H}Pa1t/^`]#ZrrR`_rzO V`f v&<9+^+ѡTP(#T ݄]""$9cpwI/iI. }W|PHJhsEx 6PfY!B!eeh>(q/L/<0)@|5 M]fhҥbΉQv{"^"jg6A*`gh.;ۘc3 '8S%sjD$3xSZ鼷e 68L׀8E"WJh+QA,S)ͫN0KFzCapS%"=..4ԇ o~~+"vz{0`>i6¬KcJDP;c \o Cs }g8`[M(ҍX;D-&Pl7ԔѹvGT(@N~{9Qq)VJ@\Bs iDqH4Z\I4:+_ʷi ɺ"MVNHԏ?NA?QAXl)='8.3,LHH}S%W0Z<:z3uKEH6{" 96y3 -3KqKEH$g:U" y?Lfn~N)p^Ϲ|$FjQ՗O'Mpa"G#oޞ zS%~ԦV;n 3>ϧ)ӴSY7qD@2 Y; w<Žn כhRk}M,NqD@2 y3ujRQL} i:Ū^y#<{hpD@2 Y)!}@69ҍ%ni:U" )ԩZBh4ؿ,dR&ڔE@2TqZ,R6RS S8`VILїUN4R(\C_""v$FI3ϼ8өQQ95>N)KRF>BzQduW.'I':U" 9*C~- ^jwi1x/g\e?;Rgz-#N(@rL-x;ri n9^ZF곜*Q)䘌N,M%oޏFjԍˀu9|+B*jyJbh-#iN4 MRG6:k^{0O(gT\zziE6V N(a~Vխ[z 't_{ʬwvPfDDzS% ~teўCp)EdO%&v2RtD<ӢyA=" R7R/'4R+@i0$U:)N3}iV)}>,.?B l""]'e#ABj)pSh]=YLy/"Us.iWM@rLYCF*X`YRy&>-MN+#T֨12ĊAQTOaqY'wDgǙs|?ɔdw9s%i$ _%˗6+`NZjxϞn^~I>HZ* :D si۳!VQQ^zxXPC(ib{l<ݓKyA gY =`4HDK Rے7yN>`HREBPYᚺ=u.IjAszJ AhHTr4UzCeTT~Qr$Uz@Cq Fݞe&~67C*6X:_#It8@An,WSN{I*AV3* (֒OdnӤ%F=$HyRҥha9;lGb9%Ij uΝs;]pp=g, XIAAꜧZLF񱥆o)޻$R~RiA QINIJiL>:$YAv>H-$IjjR>-|>vM.IԶE. hE5R$IꆭK,|/:V$IY&ܜ%O1!$IukW5y%IR6D|v0RIc'hmGS($I.nF)9`K$p$k.XiҎԒ$I$I$I$I$I$i nsIENDB`rack-2.1.4/contrib/rack.svg000066400000000000000000000271371367177163600155720ustar00rootroot00000000000000 image/svg+xml rack-2.1.4/contrib/rack_logo.svg000066400000000000000000000407621367177163600166110ustar00rootroot00000000000000 rack-2.1.4/contrib/rdoc.css000066400000000000000000000162351367177163600155670ustar00rootroot00000000000000/* Forked from the Darkfish templates rdoc.css file, much hacked, probably * imperfect */ html { max-width: 960px; margin: 0 auto; } body { font: 14px "Helvetica Neue", Helvetica, Tahoma, sans-serif; } body.file-popup { font-size: 90%; margin-left: 0; } h1 { color: #4183C4; } :link, :visited { color: #4183C4; text-decoration: none; } :link:hover, :visited:hover { border-bottom: 1px dotted #4183C4; } pre, pre.description { font: 12px Monaco,"Courier New","DejaVu Sans Mono","Bitstream Vera Sans Mono",monospace; padding: 1em; overflow: auto; line-height: 1.4; } /* @group Generic Classes */ .initially-hidden { display: none; } #search-field { width: 98%; } .missing-docs { font-size: 120%; background: white url(images/wrench_orange.png) no-repeat 4px center; color: #ccc; line-height: 2em; border: 1px solid #d00; opacity: 1; text-indent: 24px; letter-spacing: 3px; font-weight: bold; -webkit-border-radius: 5px; -moz-border-radius: 5px; } .target-section { border: 2px solid #dcce90; border-left-width: 8px; background: #fff3c2; } /* @end */ /* @group Index Page, Standalone file pages */ .indexpage ul { line-height: 160%; list-style: none; } .indexpage ul :link, .indexpage ul :visited { font-size: 16px; } .indexpage li { padding-left: 20px; } .indexpage ul > li { background: url(images/bullet_black.png) no-repeat left 4px; } .indexpage li.method { background: url(images/plugin.png) no-repeat left 4px; } .indexpage li.module { background: url(images/package.png) no-repeat left 4px; } .indexpage li.class { background: url(images/ruby.png) no-repeat left 4px; } .indexpage li.file { background: url(images/page_white_text.png) no-repeat left 4px; } .indexpage li li { background: url(images/tag_blue.png) no-repeat left 4px; } .indexpage li .toc-toggle { width: 16px; height: 16px; background: url(images/add.png) no-repeat; } .indexpage li .toc-toggle.open { background: url(images/delete.png) no-repeat; } /* @end */ /* @group Top-Level Structure */ .project-section, #file-metadata, #class-metadata { display: block; background: #f5f5f5; margin-bottom: 1em; padding: 0.5em; } .project-section h3, #file-metadata h3, #class-metadata h3 { margin: 0; } #metadata { float: left; width: 280px; } #documentation { margin: 2em 1em 2em 300px; } #validator-badges { clear: both; margin: 1em 1em 2em; font-size: smaller; } /* @end */ /* @group Metadata Section */ #metadata ul, #metadata dl, #metadata p { padding: 0px; list-style: none; } dl.svninfo { color: #666; margin: 0; } dl.svninfo dt { font-weight: bold; } ul.link-list li { white-space: nowrap; } ul.link-list .type { font-size: 8px; text-transform: uppercase; color: white; background: #969696; } /* @end */ /* @group Documentation Section */ .note-list { margin: 8px 0; } .label-list { margin: 8px 1.5em; border: 1px solid #ccc; } .description .label-list { font-size: 14px; } .note-list dt { font-weight: bold; } .note-list dd { } .label-list dt { font-weight: bold; background: #ddd; } .label-list dd { } .label-list dd + dt, .note-list dd + dt { margin-top: 0.7em; } #documentation .section { font-size: 90%; } #documentation h2.section-header { color: #333; font-size: 175%; } .documentation-section-title { position: relative; } .documentation-section-title .section-click-top { position: absolute; top: 6px; right: 12px; font-size: 10px; visibility: hidden; } .documentation-section-title:hover .section-click-top { visibility: visible; } #documentation h3.section-header { color: #333; font-size: 150%; } #constants-list > dl, #attributes-list > dl { margin: 1em 0 2em; border: 0; } #constants-list > dl dt, #attributes-list > dl dt { font-weight: bold; font-family: Monaco, "Andale Mono"; background: inherit; } #constants-list > dl dt a, #attributes-list > dl dt a { color: inherit; } #constants-list > dl dd, #attributes-list > dl dd { margin: 0 0 1em 0; color: #666; } .documentation-section h2 { position: relative; } .documentation-section h2 a { position: absolute; top: 8px; right: 10px; font-size: 12px; color: #9b9877; visibility: hidden; } .documentation-section h2:hover a { visibility: visible; } /* @group Method Details */ #documentation .method-source-code { display: none; } #documentation .method-detail { margin: 0.2em 0.2em; padding: 0.5em; } #documentation .method-detail:hover { background-color: #f5f5f5; } #documentation .method-heading { cursor: pointer; position: relative; font-size: 125%; line-height: 125%; font-weight: bold; color: #333; background: url(images/brick.png) no-repeat left bottom; padding-left: 20px; } #documentation .method-heading :link, #documentation .method-heading :visited { color: inherit; } #documentation .method-click-advice { position: absolute; right: 5px; font-size: 10px; color: #aaa; visibility: hidden; background: url(images/zoom.png) no-repeat right 5px; padding-right: 20px; overflow: show; } #documentation .method-heading:hover .method-click-advice { visibility: visible; } #documentation .method-alias .method-heading { color: #666; background: url(images/brick_link.png) no-repeat left bottom; } #documentation .method-description, #documentation .aliases { margin: 0 20px; color: #666; } #documentation .method-description p, #documentation .aliases p { line-height: 1.2em; } #documentation .aliases { font-style: italic; cursor: default; } #documentation .method-description p { margin-bottom: 0.5em; } #documentation .method-description ul { margin-left: 1.5em; } #documentation .attribute-method-heading { background: url(images/tag_green.png) no-repeat left bottom; } #documentation #attribute-method-details .method-detail:hover { background-color: transparent; cursor: default; } #documentation .attribute-access-type { font-size: 60%; text-transform: uppercase; vertical-align: super; } .method-section .method-source-code { background: white; } /* @group Source Code */ .ruby-constant .ruby-keyword .ruby-ivar .ruby-operator .ruby-identifier .ruby-node .ruby-comment .ruby-regexp .ruby-value { background: transparent; } /* Thanks GitHub!!! */ .ruby-constant { color: #458; font-weight: bold; } .ruby-keyword { color: black; font-weight: bold; } .ruby-ivar { color: teal; } .ruby-operator { color: #000; } .ruby-identifier { color: black; } .ruby-node { color: red; } .ruby-comment { color: #998; font-weight: bold; } .ruby-regexp { color: #009926; } .ruby-value { color: #099; } .ruby-string { color: red; } /* @group search results */ #search-section .section-header { margin: 0; padding: 0; } #search-results { width: 100%; list-style: none; margin: 0; padding: 0; } #search-results h1 { font-size: 1em; font-weight: normal; text-shadow: none; } #search-results .current { background: #eee; } #search-results li { list-style: none; line-height: 1em; padding: 0.5em; border-bottom: 1px solid black; } #search-results .search-namespace { font-weight: bold; } #search-results li em { background: yellow; font-style: normal; } #search-results pre { margin: 0.5em; } rack-2.1.4/example/000077500000000000000000000000001367177163600141125ustar00rootroot00000000000000rack-2.1.4/example/lobster.ru000066400000000000000000000001461367177163600161350ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/lobster' use Rack::ShowExceptions run Rack::Lobster.new rack-2.1.4/example/protectedlobster.rb000066400000000000000000000006501367177163600200240ustar00rootroot00000000000000# frozen_string_literal: true require 'rack' require 'rack/lobster' lobster = Rack::Lobster.new protected_lobster = Rack::Auth::Basic.new(lobster) do |username, password| Rack::Utils.secure_compare('secret', password) end protected_lobster.realm = 'Lobster 2.0' pretty_protected_lobster = Rack::ShowStatus.new(Rack::ShowExceptions.new(protected_lobster)) Rack::Server.start app: pretty_protected_lobster, Port: 9292 rack-2.1.4/example/protectedlobster.ru000066400000000000000000000003311367177163600200430ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/lobster' use Rack::ShowExceptions use Rack::Auth::Basic, "Lobster 2.0" do |username, password| Rack::Utils.secure_compare('secret', password) end run Rack::Lobster.new rack-2.1.4/lib/000077500000000000000000000000001367177163600132255ustar00rootroot00000000000000rack-2.1.4/lib/rack.rb000066400000000000000000000125261367177163600145000ustar00rootroot00000000000000# frozen_string_literal: true # Copyright (C) 2007-2019 Leah Neukirchen # # Rack is freely distributable under the terms of an MIT-style license. # See MIT-LICENSE or https://opensource.org/licenses/MIT. # The Rack main module, serving as a namespace for all core Rack # modules and classes. # # All modules meant for use in your application are autoloaded here, # so it should be enough just to require 'rack' in your code. module Rack # The Rack protocol version number implemented. VERSION = [1, 3] # Return the Rack protocol version as a dotted string. def self.version VERSION.join(".") end RELEASE = "2.1.4" # Return the Rack release as a dotted string. def self.release RELEASE end HTTP_HOST = 'HTTP_HOST' HTTP_VERSION = 'HTTP_VERSION' HTTPS = 'HTTPS' PATH_INFO = 'PATH_INFO' REQUEST_METHOD = 'REQUEST_METHOD' REQUEST_PATH = 'REQUEST_PATH' SCRIPT_NAME = 'SCRIPT_NAME' QUERY_STRING = 'QUERY_STRING' SERVER_PROTOCOL = 'SERVER_PROTOCOL' SERVER_NAME = 'SERVER_NAME' SERVER_ADDR = 'SERVER_ADDR' SERVER_PORT = 'SERVER_PORT' CACHE_CONTROL = 'Cache-Control' CONTENT_LENGTH = 'Content-Length' CONTENT_TYPE = 'Content-Type' SET_COOKIE = 'Set-Cookie' TRANSFER_ENCODING = 'Transfer-Encoding' HTTP_COOKIE = 'HTTP_COOKIE' ETAG = 'ETag' # HTTP method verbs GET = 'GET' POST = 'POST' PUT = 'PUT' PATCH = 'PATCH' DELETE = 'DELETE' HEAD = 'HEAD' OPTIONS = 'OPTIONS' LINK = 'LINK' UNLINK = 'UNLINK' TRACE = 'TRACE' # Rack environment variables RACK_VERSION = 'rack.version' RACK_TEMPFILES = 'rack.tempfiles' RACK_ERRORS = 'rack.errors' RACK_LOGGER = 'rack.logger' RACK_INPUT = 'rack.input' RACK_SESSION = 'rack.session' RACK_SESSION_OPTIONS = 'rack.session.options' RACK_SHOWSTATUS_DETAIL = 'rack.showstatus.detail' RACK_MULTITHREAD = 'rack.multithread' RACK_MULTIPROCESS = 'rack.multiprocess' RACK_RUNONCE = 'rack.run_once' RACK_URL_SCHEME = 'rack.url_scheme' RACK_HIJACK = 'rack.hijack' RACK_IS_HIJACK = 'rack.hijack?' RACK_HIJACK_IO = 'rack.hijack_io' RACK_RECURSIVE_INCLUDE = 'rack.recursive.include' RACK_MULTIPART_BUFFER_SIZE = 'rack.multipart.buffer_size' RACK_MULTIPART_TEMPFILE_FACTORY = 'rack.multipart.tempfile_factory' RACK_REQUEST_FORM_INPUT = 'rack.request.form_input' RACK_REQUEST_FORM_HASH = 'rack.request.form_hash' RACK_REQUEST_FORM_VARS = 'rack.request.form_vars' RACK_REQUEST_COOKIE_HASH = 'rack.request.cookie_hash' RACK_REQUEST_COOKIE_STRING = 'rack.request.cookie_string' RACK_REQUEST_QUERY_HASH = 'rack.request.query_hash' RACK_REQUEST_QUERY_STRING = 'rack.request.query_string' RACK_METHODOVERRIDE_ORIGINAL_METHOD = 'rack.methodoverride.original_method' RACK_SESSION_UNPACKED_COOKIE_DATA = 'rack.session.unpacked_cookie_data' autoload :Builder, "rack/builder" autoload :BodyProxy, "rack/body_proxy" autoload :Cascade, "rack/cascade" autoload :Chunked, "rack/chunked" autoload :CommonLogger, "rack/common_logger" autoload :ConditionalGet, "rack/conditional_get" autoload :Config, "rack/config" autoload :ContentLength, "rack/content_length" autoload :ContentType, "rack/content_type" autoload :ETag, "rack/etag" autoload :File, "rack/file" autoload :Files, "rack/files" autoload :Deflater, "rack/deflater" autoload :Directory, "rack/directory" autoload :ForwardRequest, "rack/recursive" autoload :Handler, "rack/handler" autoload :Head, "rack/head" autoload :Lint, "rack/lint" autoload :Lock, "rack/lock" autoload :Logger, "rack/logger" autoload :MethodOverride, "rack/method_override" autoload :Mime, "rack/mime" autoload :NullLogger, "rack/null_logger" autoload :Recursive, "rack/recursive" autoload :Reloader, "rack/reloader" autoload :Runtime, "rack/runtime" autoload :Sendfile, "rack/sendfile" autoload :Server, "rack/server" autoload :ShowExceptions, "rack/show_exceptions" autoload :ShowStatus, "rack/show_status" autoload :Static, "rack/static" autoload :TempfileReaper, "rack/tempfile_reaper" autoload :URLMap, "rack/urlmap" autoload :Utils, "rack/utils" autoload :Multipart, "rack/multipart" autoload :MockRequest, "rack/mock" autoload :MockResponse, "rack/mock" autoload :Request, "rack/request" autoload :Response, "rack/response" module Auth autoload :Basic, "rack/auth/basic" autoload :AbstractRequest, "rack/auth/abstract/request" autoload :AbstractHandler, "rack/auth/abstract/handler" module Digest autoload :MD5, "rack/auth/digest/md5" autoload :Nonce, "rack/auth/digest/nonce" autoload :Params, "rack/auth/digest/params" autoload :Request, "rack/auth/digest/request" end end module Session autoload :Cookie, "rack/session/cookie" autoload :Pool, "rack/session/pool" autoload :Memcache, "rack/session/memcache" end end rack-2.1.4/lib/rack/000077500000000000000000000000001367177163600141455ustar00rootroot00000000000000rack-2.1.4/lib/rack/auth/000077500000000000000000000000001367177163600151065ustar00rootroot00000000000000rack-2.1.4/lib/rack/auth/abstract/000077500000000000000000000000001367177163600167115ustar00rootroot00000000000000rack-2.1.4/lib/rack/auth/abstract/handler.rb000066400000000000000000000014561367177163600206610ustar00rootroot00000000000000# frozen_string_literal: true module Rack module Auth # Rack::Auth::AbstractHandler implements common authentication functionality. # # +realm+ should be set for all handlers. class AbstractHandler attr_accessor :realm def initialize(app, realm = nil, &authenticator) @app, @realm, @authenticator = app, realm, authenticator end private def unauthorized(www_authenticate = challenge) return [ 401, { CONTENT_TYPE => 'text/plain', CONTENT_LENGTH => '0', 'WWW-Authenticate' => www_authenticate.to_s }, [] ] end def bad_request return [ 400, { CONTENT_TYPE => 'text/plain', CONTENT_LENGTH => '0' }, [] ] end end end end rack-2.1.4/lib/rack/auth/abstract/request.rb000066400000000000000000000015311367177163600207260ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/request' module Rack module Auth class AbstractRequest def initialize(env) @env = env end def request @request ||= Request.new(@env) end def provided? !authorization_key.nil? && valid? end def valid? !@env[authorization_key].nil? end def parts @parts ||= @env[authorization_key].split(' ', 2) end def scheme @scheme ||= parts.first && parts.first.downcase end def params @params ||= parts.last end private AUTHORIZATION_KEYS = ['HTTP_AUTHORIZATION', 'X-HTTP_AUTHORIZATION', 'X_HTTP_AUTHORIZATION'] def authorization_key @authorization_key ||= AUTHORIZATION_KEYS.detect { |key| @env.has_key?(key) } end end end end rack-2.1.4/lib/rack/auth/basic.rb000066400000000000000000000023231367177163600165140ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/auth/abstract/handler' require 'rack/auth/abstract/request' require 'base64' module Rack module Auth # Rack::Auth::Basic implements HTTP Basic Authentication, as per RFC 2617. # # Initialize with the Rack application that you want protecting, # and a block that checks if a username and password pair are valid. # # See also: example/protectedlobster.rb class Basic < AbstractHandler def call(env) auth = Basic::Request.new(env) return unauthorized unless auth.provided? return bad_request unless auth.basic? if valid?(auth) env['REMOTE_USER'] = auth.username return @app.call(env) end unauthorized end private def challenge 'Basic realm="%s"' % realm end def valid?(auth) @authenticator.call(*auth.credentials) end class Request < Auth::AbstractRequest def basic? "basic" == scheme end def credentials @credentials ||= Base64.decode64(params).split(':', 2) end def username credentials.first end end end end end rack-2.1.4/lib/rack/auth/digest/000077500000000000000000000000001367177163600163655ustar00rootroot00000000000000rack-2.1.4/lib/rack/auth/digest/md5.rb000066400000000000000000000061711367177163600174040ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/auth/abstract/handler' require 'rack/auth/digest/request' require 'rack/auth/digest/params' require 'rack/auth/digest/nonce' require 'digest/md5' module Rack module Auth module Digest # Rack::Auth::Digest::MD5 implements the MD5 algorithm version of # HTTP Digest Authentication, as per RFC 2617. # # Initialize with the [Rack] application that you want protecting, # and a block that looks up a plaintext password for a given username. # # +opaque+ needs to be set to a constant base64/hexadecimal string. # class MD5 < AbstractHandler attr_accessor :opaque attr_writer :passwords_hashed def initialize(app, realm = nil, opaque = nil, &authenticator) @passwords_hashed = nil if opaque.nil? and realm.respond_to? :values_at realm, opaque, @passwords_hashed = realm.values_at :realm, :opaque, :passwords_hashed end super(app, realm, &authenticator) @opaque = opaque end def passwords_hashed? !!@passwords_hashed end def call(env) auth = Request.new(env) unless auth.provided? return unauthorized end if !auth.digest? || !auth.correct_uri? || !valid_qop?(auth) return bad_request end if valid?(auth) if auth.nonce.stale? return unauthorized(challenge(stale: true)) else env['REMOTE_USER'] = auth.username return @app.call(env) end end unauthorized end private QOP = 'auth' def params(hash = {}) Params.new do |params| params['realm'] = realm params['nonce'] = Nonce.new.to_s params['opaque'] = H(opaque) params['qop'] = QOP hash.each { |k, v| params[k] = v } end end def challenge(hash = {}) "Digest #{params(hash)}" end def valid?(auth) valid_opaque?(auth) && valid_nonce?(auth) && valid_digest?(auth) end def valid_qop?(auth) QOP == auth.qop end def valid_opaque?(auth) H(opaque) == auth.opaque end def valid_nonce?(auth) auth.nonce.valid? end def valid_digest?(auth) pw = @authenticator.call(auth.username) pw && Rack::Utils.secure_compare(digest(auth, pw), auth.response) end def md5(data) ::Digest::MD5.hexdigest(data) end alias :H :md5 def KD(secret, data) H "#{secret}:#{data}" end def A1(auth, password) "#{auth.username}:#{auth.realm}:#{password}" end def A2(auth) "#{auth.method}:#{auth.uri}" end def digest(auth, password) password_hash = passwords_hashed? ? password : H(A1(auth, password)) KD password_hash, "#{auth.nonce}:#{auth.nc}:#{auth.cnonce}:#{QOP}:#{H A2(auth)}" end end end end end rack-2.1.4/lib/rack/auth/digest/nonce.rb000066400000000000000000000023611367177163600200160ustar00rootroot00000000000000# frozen_string_literal: true require 'digest/md5' require 'base64' module Rack module Auth module Digest # Rack::Auth::Digest::Nonce is the default nonce generator for the # Rack::Auth::Digest::MD5 authentication handler. # # +private_key+ needs to set to a constant string. # # +time_limit+ can be optionally set to an integer (number of seconds), # to limit the validity of the generated nonces. class Nonce class << self attr_accessor :private_key, :time_limit end def self.parse(string) new(*Base64.decode64(string).split(' ', 2)) end def initialize(timestamp = Time.now, given_digest = nil) @timestamp, @given_digest = timestamp.to_i, given_digest end def to_s Base64.encode64("#{@timestamp} #{digest}").strip end def digest ::Digest::MD5.hexdigest("#{@timestamp}:#{self.class.private_key}") end def valid? digest == @given_digest end def stale? !self.class.time_limit.nil? && (Time.now.to_i - @timestamp) > self.class.time_limit end def fresh? !stale? end end end end end rack-2.1.4/lib/rack/auth/digest/params.rb000066400000000000000000000021071367177163600201750ustar00rootroot00000000000000# frozen_string_literal: true module Rack module Auth module Digest class Params < Hash def self.parse(str) Params[*split_header_value(str).map do |param| k, v = param.split('=', 2) [k, dequote(v)] end.flatten] end def self.dequote(str) # From WEBrick::HTTPUtils ret = (/\A"(.*)"\Z/ =~ str) ? $1 : str.dup ret.gsub!(/\\(.)/, "\\1") ret end def self.split_header_value(str) str.scan(/\w+\=(?:"[^\"]+"|[^,]+)/n) end def initialize super() yield self if block_given? end def [](k) super k.to_s end def []=(k, v) super k.to_s, v.to_s end UNQUOTED = ['nc', 'stale'] def to_s map do |k, v| "#{k}=#{(UNQUOTED.include?(k) ? v.to_s : quote(v))}" end.join(', ') end def quote(str) # From WEBrick::HTTPUtils '"' + str.gsub(/[\\\"]/o, "\\\1") + '"' end end end end end rack-2.1.4/lib/rack/auth/digest/request.rb000066400000000000000000000017271367177163600204110ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/auth/abstract/request' require 'rack/auth/digest/params' require 'rack/auth/digest/nonce' module Rack module Auth module Digest class Request < Auth::AbstractRequest def method @env[RACK_METHODOVERRIDE_ORIGINAL_METHOD] || @env[REQUEST_METHOD] end def digest? "digest" == scheme end def correct_uri? request.fullpath == uri end def nonce @nonce ||= Nonce.parse(params['nonce']) end def params @params ||= Params.parse(parts.last) end def respond_to?(sym, *) super or params.has_key? sym.to_s end def method_missing(sym, *args) return super unless params.has_key?(key = sym.to_s) return params[key] if args.size == 0 raise ArgumentError, "wrong number of arguments (#{args.size} for 0)" end end end end end rack-2.1.4/lib/rack/body_proxy.rb000066400000000000000000000017101367177163600166670ustar00rootroot00000000000000# frozen_string_literal: true module Rack class BodyProxy def initialize(body, &block) @body = body @block = block @closed = false end def respond_to?(method_name, include_all = false) super or @body.respond_to?(method_name, include_all) end def close return if @closed @closed = true begin @body.close if @body.respond_to? :close ensure @block.call end end def closed? @closed end # N.B. This method is a special case to address the bug described by #434. # We are applying this special case for #each only. Future bugs of this # class will be handled by requesting users to patch their ruby # implementation, to save adding too many methods in this class. def each @body.each { |body| yield body } end def method_missing(method_name, *args, &block) @body.__send__(method_name, *args, &block) end end end rack-2.1.4/lib/rack/builder.rb000066400000000000000000000117631367177163600161300ustar00rootroot00000000000000# frozen_string_literal: true module Rack # Rack::Builder implements a small DSL to iteratively construct Rack # applications. # # Example: # # require 'rack/lobster' # app = Rack::Builder.new do # use Rack::CommonLogger # use Rack::ShowExceptions # map "/lobster" do # use Rack::Lint # run Rack::Lobster.new # end # end # # run app # # Or # # app = Rack::Builder.app do # use Rack::CommonLogger # run lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['OK']] } # end # # run app # # +use+ adds middleware to the stack, +run+ dispatches to an application. # You can use +map+ to construct a Rack::URLMap in a convenient way. class Builder # https://stackoverflow.com/questions/2223882/whats-the-difference-between-utf-8-and-utf-8-without-bom UTF_8_BOM = '\xef\xbb\xbf' def self.parse_file(config, opts = Server::Options.new) if config.end_with?('.ru') return self.load_file(config, opts) else require config app = Object.const_get(::File.basename(config, '.rb').split('_').map(&:capitalize).join('')) return app, {} end end def self.load_file(path, opts = Server::Options.new) options = {} cfgfile = ::File.read(path) cfgfile.slice!(/\A#{UTF_8_BOM}/) if cfgfile.encoding == Encoding::UTF_8 if cfgfile[/^#\\(.*)/] && opts options = opts.parse! $1.split(/\s+/) end cfgfile.sub!(/^__END__\n.*\Z/m, '') app = new_from_string cfgfile, path return app, options end def self.new_from_string(builder_script, file = "(rackup)") eval "Rack::Builder.new {\n" + builder_script + "\n}.to_app", TOPLEVEL_BINDING, file, 0 end def initialize(default_app = nil, &block) @use, @map, @run, @warmup, @freeze_app = [], nil, default_app, nil, false instance_eval(&block) if block_given? end def self.app(default_app = nil, &block) self.new(default_app, &block).to_app end # Specifies middleware to use in a stack. # # class Middleware # def initialize(app) # @app = app # end # # def call(env) # env["rack.some_header"] = "setting an example" # @app.call(env) # end # end # # use Middleware # run lambda { |env| [200, { "Content-Type" => "text/plain" }, ["OK"]] } # # All requests through to this application will first be processed by the middleware class. # The +call+ method in this example sets an additional environment key which then can be # referenced in the application if required. def use(middleware, *args, &block) if @map mapping, @map = @map, nil @use << proc { |app| generate_map(app, mapping) } end @use << proc { |app| middleware.new(app, *args, &block) } end ruby2_keywords(:use) if respond_to?(:ruby2_keywords, true) # Takes an argument that is an object that responds to #call and returns a Rack response. # The simplest form of this is a lambda object: # # run lambda { |env| [200, { "Content-Type" => "text/plain" }, ["OK"]] } # # However this could also be a class: # # class Heartbeat # def self.call(env) # [200, { "Content-Type" => "text/plain" }, ["OK"]] # end # end # # run Heartbeat def run(app) @run = app end # Takes a lambda or block that is used to warm-up the application. # # warmup do |app| # client = Rack::MockRequest.new(app) # client.get('/') # end # # use SomeMiddleware # run MyApp def warmup(prc = nil, &block) @warmup = prc || block end # Creates a route within the application. # # Rack::Builder.app do # map '/' do # run Heartbeat # end # end # # The +use+ method can also be used here to specify middleware to run under a specific path: # # Rack::Builder.app do # map '/' do # use Middleware # run Heartbeat # end # end # # This example includes a piece of middleware which will run before requests hit +Heartbeat+. # def map(path, &block) @map ||= {} @map[path] = block end # Freeze the app (set using run) and all middleware instances when building the application # in to_app. def freeze_app @freeze_app = true end def to_app app = @map ? generate_map(@run, @map) : @run fail "missing run or map statement" unless app app.freeze if @freeze_app app = @use.reverse.inject(app) { |a, e| e[a].tap { |x| x.freeze if @freeze_app } } @warmup.call(app) if @warmup app end def call(env) to_app.call(env) end private def generate_map(default_app, mapping) mapped = default_app ? { '/' => default_app } : {} mapping.each { |r, b| mapped[r] = self.class.new(default_app, &b).to_app } URLMap.new(mapped) end end end rack-2.1.4/lib/rack/cascade.rb000066400000000000000000000025211367177163600160550ustar00rootroot00000000000000# frozen_string_literal: true module Rack # Rack::Cascade tries a request on several apps, and returns the # first response that is not 404 or 405 (or in a list of configurable # status codes). class Cascade NotFound = [404, { CONTENT_TYPE => "text/plain" }, []] attr_reader :apps def initialize(apps, catch = [404, 405]) @apps = [] apps.each { |app| add app } @catch = {} [*catch].each { |status| @catch[status] = true } end def call(env) result = NotFound last_body = nil @apps.each do |app| # The SPEC says that the body must be closed after it has been iterated # by the server, or if it is replaced by a middleware action. Cascade # replaces the body each time a cascade happens. It is assumed that nil # does not respond to close, otherwise the previous application body # will be closed. The final application body will not be closed, as it # will be passed to the server as a result. last_body.close if last_body.respond_to? :close result = app.call(env) last_body = result[2] break unless @catch.include?(result[0].to_i) end result end def add(app) @apps << app end def include?(app) @apps.include?(app) end alias_method :<<, :add end end rack-2.1.4/lib/rack/chunked.rb000066400000000000000000000036671367177163600161270ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/utils' module Rack # Middleware that applies chunked transfer encoding to response bodies # when the response does not include a Content-Length header. class Chunked include Rack::Utils # A body wrapper that emits chunked responses class Body TERM = "\r\n" TAIL = "0#{TERM}" include Rack::Utils def initialize(body) @body = body end def each(&block) term = TERM @body.each do |chunk| size = chunk.bytesize next if size == 0 chunk = chunk.b yield [size.to_s(16), term, chunk, term].join end yield TAIL insert_trailers(&block) yield TERM end def close @body.close if @body.respond_to?(:close) end private def insert_trailers(&block) end end class TrailerBody < Body private def insert_trailers(&block) @body.trailers.each_pair do |k, v| yield "#{k}: #{v}\r\n" end end end def initialize(app) @app = app end # pre-HTTP/1.0 (informally "HTTP/0.9") HTTP requests did not have # a version (nor response headers) def chunkable_version?(ver) case ver when 'HTTP/1.0', nil, 'HTTP/0.9' false else true end end def call(env) status, headers, body = @app.call(env) headers = HeaderHash.new(headers) if ! chunkable_version?(env[SERVER_PROTOCOL]) || STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i) || headers[CONTENT_LENGTH] || headers[TRANSFER_ENCODING] [status, headers, body] else headers.delete(CONTENT_LENGTH) headers[TRANSFER_ENCODING] = 'chunked' if headers['Trailer'] [status, headers, TrailerBody.new(body)] else [status, headers, Body.new(body)] end end end end end rack-2.1.4/lib/rack/common_logger.rb000066400000000000000000000045041367177163600173240ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/body_proxy' module Rack # Rack::CommonLogger forwards every request to the given +app+, and # logs a line in the # {Apache common log format}[http://httpd.apache.org/docs/1.3/logs.html#common] # to the +logger+. # # If +logger+ is nil, CommonLogger will fall back +rack.errors+, which is # an instance of Rack::NullLogger. # # +logger+ can be any class, including the standard library Logger, and is # expected to have either +write+ or +<<+ method, which accepts the CommonLogger::FORMAT. # According to the SPEC, the error stream must also respond to +puts+ # (which takes a single argument that responds to +to_s+), and +flush+ # (which is called without arguments in order to make the error appear for # sure) class CommonLogger # Common Log Format: http://httpd.apache.org/docs/1.3/logs.html#common # # lilith.local - - [07/Aug/2006 23:58:02 -0400] "GET / HTTP/1.1" 500 - # # %{%s - %s [%s] "%s %s%s %s" %d %s\n} % FORMAT = %{%s - %s [%s] "%s %s%s %s" %d %s %0.4f\n} def initialize(app, logger = nil) @app = app @logger = logger end def call(env) began_at = Utils.clock_time status, header, body = @app.call(env) header = Utils::HeaderHash.new(header) body = BodyProxy.new(body) { log(env, status, header, began_at) } [status, header, body] end private def log(env, status, header, began_at) length = extract_content_length(header) msg = FORMAT % [ env['HTTP_X_FORWARDED_FOR'] || env["REMOTE_ADDR"] || "-", env["REMOTE_USER"] || "-", Time.now.strftime("%d/%b/%Y:%H:%M:%S %z"), env[REQUEST_METHOD], env[PATH_INFO], env[QUERY_STRING].empty? ? "" : "?#{env[QUERY_STRING]}", env[SERVER_PROTOCOL], status.to_s[0..3], length, Utils.clock_time - began_at ] logger = @logger || env[RACK_ERRORS] # Standard library logger doesn't support write but it supports << which actually # calls to write on the log device without formatting if logger.respond_to?(:write) logger.write(msg) else logger << msg end end def extract_content_length(headers) value = headers[CONTENT_LENGTH] !value || value.to_s == '0' ? '-' : value end end end rack-2.1.4/lib/rack/conditional_get.rb000066400000000000000000000050321367177163600176340ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/utils' module Rack # Middleware that enables conditional GET using If-None-Match and # If-Modified-Since. The application should set either or both of the # Last-Modified or Etag response headers according to RFC 2616. When # either of the conditions is met, the response body is set to be zero # length and the response status is set to 304 Not Modified. # # Applications that defer response body generation until the body's each # message is received will avoid response body generation completely when # a conditional GET matches. # # Adapted from Michael Klishin's Merb implementation: # https://github.com/wycats/merb/blob/master/merb-core/lib/merb-core/rack/middleware/conditional_get.rb class ConditionalGet def initialize(app) @app = app end def call(env) case env[REQUEST_METHOD] when "GET", "HEAD" status, headers, body = @app.call(env) headers = Utils::HeaderHash.new(headers) if status == 200 && fresh?(env, headers) status = 304 headers.delete(CONTENT_TYPE) headers.delete(CONTENT_LENGTH) original_body = body body = Rack::BodyProxy.new([]) do original_body.close if original_body.respond_to?(:close) end end [status, headers, body] else @app.call(env) end end private def fresh?(env, headers) modified_since = env['HTTP_IF_MODIFIED_SINCE'] none_match = env['HTTP_IF_NONE_MATCH'] return false unless modified_since || none_match success = true success &&= modified_since?(to_rfc2822(modified_since), headers) if modified_since success &&= etag_matches?(none_match, headers) if none_match success end def etag_matches?(none_match, headers) etag = headers['ETag'] and etag == none_match end def modified_since?(modified_since, headers) last_modified = to_rfc2822(headers['Last-Modified']) and modified_since and modified_since >= last_modified end def to_rfc2822(since) # shortest possible valid date is the obsolete: 1 Nov 97 09:55 A # anything shorter is invalid, this avoids exceptions for common cases # most common being the empty string if since && since.length >= 16 # NOTE: there is no trivial way to write this in a non exception way # _rfc2822 returns a hash but is not that usable Time.rfc2822(since) rescue nil else nil end end end end rack-2.1.4/lib/rack/config.rb000066400000000000000000000006321367177163600157400ustar00rootroot00000000000000# frozen_string_literal: true module Rack # Rack::Config modifies the environment using the block given during # initialization. # # Example: # use Rack::Config do |env| # env['my-key'] = 'some-value' # end class Config def initialize(app, &block) @app = app @block = block end def call(env) @block.call(env) @app.call(env) end end end rack-2.1.4/lib/rack/content_length.rb000066400000000000000000000015401367177163600175050ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/utils' require 'rack/body_proxy' module Rack # Sets the Content-Length header on responses with fixed-length bodies. class ContentLength include Rack::Utils def initialize(app) @app = app end def call(env) status, headers, body = @app.call(env) headers = HeaderHash.new(headers) if !STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i) && !headers[CONTENT_LENGTH] && !headers[TRANSFER_ENCODING] && body.respond_to?(:to_ary) obody = body body, length = [], 0 obody.each { |part| body << part; length += part.bytesize } body = BodyProxy.new(body) do obody.close if obody.respond_to?(:close) end headers[CONTENT_LENGTH] = length.to_s end [status, headers, body] end end end rack-2.1.4/lib/rack/content_type.rb000066400000000000000000000012761367177163600172130ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/utils' module Rack # Sets the Content-Type header on responses which don't have one. # # Builder Usage: # use Rack::ContentType, "text/plain" # # When no content type argument is provided, "text/html" is assumed. class ContentType include Rack::Utils def initialize(app, content_type = "text/html") @app, @content_type = app, content_type end def call(env) status, headers, body = @app.call(env) headers = Utils::HeaderHash.new(headers) unless STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i) headers[CONTENT_TYPE] ||= @content_type end [status, headers, body] end end end rack-2.1.4/lib/rack/core_ext/000077500000000000000000000000001367177163600157555ustar00rootroot00000000000000rack-2.1.4/lib/rack/core_ext/regexp.rb000066400000000000000000000004631367177163600175770ustar00rootroot00000000000000# frozen_string_literal: true # Regexp has `match?` since Ruby 2.4 # so to support Ruby < 2.4 we need to define this method module Rack module RegexpExtensions refine Regexp do def match?(string, pos = 0) !!match(string, pos) end end unless //.respond_to?(:match?) end end rack-2.1.4/lib/rack/deflater.rb000066400000000000000000000106231367177163600162620ustar00rootroot00000000000000# frozen_string_literal: true require "zlib" require "time" # for Time.httpdate require 'rack/utils' require_relative 'core_ext/regexp' module Rack # This middleware enables compression of http responses. # # Currently supported compression algorithms: # # * gzip # * identity (no transformation) # # The middleware automatically detects when compression is supported # and allowed. For example no transformation is made when a cache # directive of 'no-transform' is present, or when the response status # code is one that doesn't allow an entity body. class Deflater using ::Rack::RegexpExtensions ## # Creates Rack::Deflater middleware. # # [app] rack app instance # [options] hash of deflater options, i.e. # 'if' - a lambda enabling / disabling deflation based on returned boolean value # e.g use Rack::Deflater, :if => lambda { |*, body| sum=0; body.each { |i| sum += i.length }; sum > 512 } # 'include' - a list of content types that should be compressed # 'sync' - determines if the stream is going to be flushed after every chunk. # Flushing after every chunk reduces latency for # time-sensitive streaming applications, but hurts # compression and throughput. Defaults to `true'. def initialize(app, options = {}) @app = app @condition = options[:if] @compressible_types = options[:include] @sync = options[:sync] == false ? false : true end def call(env) status, headers, body = @app.call(env) headers = Utils::HeaderHash.new(headers) unless should_deflate?(env, status, headers, body) return [status, headers, body] end request = Request.new(env) encoding = Utils.select_best_encoding(%w(gzip identity), request.accept_encoding) # Set the Vary HTTP header. vary = headers["Vary"].to_s.split(",").map(&:strip) unless vary.include?("*") || vary.include?("Accept-Encoding") headers["Vary"] = vary.push("Accept-Encoding").join(",") end case encoding when "gzip" headers['Content-Encoding'] = "gzip" headers.delete('Content-Length') mtime = headers["Last-Modified"] mtime = Time.httpdate(mtime).to_i if mtime [status, headers, GzipStream.new(body, mtime, @sync)] when "identity" [status, headers, body] when nil message = "An acceptable encoding for the requested resource #{request.fullpath} could not be found." bp = Rack::BodyProxy.new([message]) { body.close if body.respond_to?(:close) } [406, { 'Content-Type' => "text/plain", 'Content-Length' => message.length.to_s }, bp] end end class GzipStream def initialize(body, mtime, sync) @sync = sync @body = body @mtime = mtime end def each(&block) @writer = block gzip = ::Zlib::GzipWriter.new(self) gzip.mtime = @mtime if @mtime @body.each { |part| len = gzip.write(part) # Flushing empty parts would raise Zlib::BufError. gzip.flush if @sync && len > 0 } ensure gzip.close @writer = nil end def write(data) @writer.call(data) end def close @body.close if @body.respond_to?(:close) @body = nil end end private def should_deflate?(env, status, headers, body) # Skip compressing empty entity body responses and responses with # no-transform set. if Utils::STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i) || /\bno-transform\b/.match?(headers['Cache-Control'].to_s) || (headers['Content-Encoding'] && headers['Content-Encoding'] !~ /\bidentity\b/) return false end # Skip if @compressible_types are given and does not include request's content type return false if @compressible_types && !(headers.has_key?('Content-Type') && @compressible_types.include?(headers['Content-Type'][/[^;]*/])) # Skip if @condition lambda is given and evaluates to false return false if @condition && !@condition.call(env, status, headers, body) # No point in compressing empty body, also handles usage with # Rack::Sendfile. return false if headers[CONTENT_LENGTH] == '0' true end end end rack-2.1.4/lib/rack/directory.rb000066400000000000000000000117371367177163600165070ustar00rootroot00000000000000# frozen_string_literal: true require 'time' require 'rack/utils' require 'rack/mime' require 'rack/files' module Rack # Rack::Directory serves entries below the +root+ given, according to the # path info of the Rack request. If a directory is found, the file's contents # will be presented in an html based index. If a file is found, the env will # be passed to the specified +app+. # # If +app+ is not specified, a Rack::Files of the same +root+ will be used. class Directory DIR_FILE = "%s%s%s%s" DIR_PAGE = <<-PAGE %s

%s

%s
Name Size Type Last Modified
PAGE class DirectoryBody < Struct.new(:root, :path, :files) def each show_path = Rack::Utils.escape_html(path.sub(/^#{root}/, '')) listings = files.map{|f| DIR_FILE % DIR_FILE_escape(*f) } * "\n" page = DIR_PAGE % [ show_path, show_path, listings ] page.each_line{|l| yield l } end private # Assumes url is already escaped. def DIR_FILE_escape url, *html [url, *html.map { |e| Utils.escape_html(e) }] end end attr_reader :root, :path def initialize(root, app = nil) @root = ::File.expand_path(root) @app = app || Rack::Files.new(@root) @head = Rack::Head.new(lambda { |env| get env }) end def call(env) # strip body if this is a HEAD call @head.call env end def get(env) script_name = env[SCRIPT_NAME] path_info = Utils.unescape_path(env[PATH_INFO]) if bad_request = check_bad_request(path_info) bad_request elsif forbidden = check_forbidden(path_info) forbidden else path = ::File.join(@root, path_info) list_path(env, path, path_info, script_name) end end def check_bad_request(path_info) return if Utils.valid_path?(path_info) body = "Bad Request\n" size = body.bytesize return [400, { CONTENT_TYPE => "text/plain", CONTENT_LENGTH => size.to_s, "X-Cascade" => "pass" }, [body]] end def check_forbidden(path_info) return unless path_info.include? ".." body = "Forbidden\n" size = body.bytesize return [403, { CONTENT_TYPE => "text/plain", CONTENT_LENGTH => size.to_s, "X-Cascade" => "pass" }, [body]] end def list_directory(path_info, path, script_name) files = [['../', 'Parent Directory', '', '', '']] url_head = (script_name.split('/') + path_info.split('/')).map do |part| Rack::Utils.escape_path part end Dir.entries(path).reject { |e| e.start_with?('.') }.sort.each do |node| node = ::File.join path, node stat = stat(node) next unless stat basename = ::File.basename(node) ext = ::File.extname(node) url = ::File.join(*url_head + [Rack::Utils.escape_path(basename)]) size = stat.size type = stat.directory? ? 'directory' : Mime.mime_type(ext) size = stat.directory? ? '-' : filesize_format(size) mtime = stat.mtime.httpdate url << '/' if stat.directory? basename << '/' if stat.directory? files << [ url, basename, size, type, mtime ] end return [ 200, { CONTENT_TYPE => 'text/html; charset=utf-8' }, DirectoryBody.new(@root, path, files) ] end def stat(node) ::File.stat(node) rescue Errno::ENOENT, Errno::ELOOP return nil end # TODO: add correct response if not readable, not sure if 404 is the best # option def list_path(env, path, path_info, script_name) stat = ::File.stat(path) if stat.readable? return @app.call(env) if stat.file? return list_directory(path_info, path, script_name) if stat.directory? else raise Errno::ENOENT, 'No such file or directory' end rescue Errno::ENOENT, Errno::ELOOP return entity_not_found(path_info) end def entity_not_found(path_info) body = "Entity not found: #{path_info}\n" size = body.bytesize return [404, { CONTENT_TYPE => "text/plain", CONTENT_LENGTH => size.to_s, "X-Cascade" => "pass" }, [body]] end # Stolen from Ramaze FILESIZE_FORMAT = [ ['%.1fT', 1 << 40], ['%.1fG', 1 << 30], ['%.1fM', 1 << 20], ['%.1fK', 1 << 10], ] def filesize_format(int) FILESIZE_FORMAT.each do |format, size| return format % (int.to_f / size) if int >= size end "#{int}B" end end end rack-2.1.4/lib/rack/etag.rb000066400000000000000000000042511367177163600154140ustar00rootroot00000000000000# frozen_string_literal: true require 'rack' require 'digest/sha2' module Rack # Automatically sets the ETag header on all String bodies. # # The ETag header is skipped if ETag or Last-Modified headers are sent or if # a sendfile body (body.responds_to :to_path) is given (since such cases # should be handled by apache/nginx). # # On initialization, you can pass two parameters: a Cache-Control directive # used when Etag is absent and a directive when it is present. The first # defaults to nil, while the second defaults to "max-age=0, private, must-revalidate" class ETag ETAG_STRING = Rack::ETAG DEFAULT_CACHE_CONTROL = "max-age=0, private, must-revalidate" def initialize(app, no_cache_control = nil, cache_control = DEFAULT_CACHE_CONTROL) @app = app @cache_control = cache_control @no_cache_control = no_cache_control end def call(env) status, headers, body = @app.call(env) if etag_status?(status) && etag_body?(body) && !skip_caching?(headers) original_body = body digest, new_body = digest_body(body) body = Rack::BodyProxy.new(new_body) do original_body.close if original_body.respond_to?(:close) end headers[ETAG_STRING] = %(W/"#{digest}") if digest end unless headers[CACHE_CONTROL] if digest headers[CACHE_CONTROL] = @cache_control if @cache_control else headers[CACHE_CONTROL] = @no_cache_control if @no_cache_control end end [status, headers, body] end private def etag_status?(status) status == 200 || status == 201 end def etag_body?(body) !body.respond_to?(:to_path) end def skip_caching?(headers) (headers[CACHE_CONTROL] && headers[CACHE_CONTROL].include?('no-cache')) || headers.key?(ETAG_STRING) || headers.key?('Last-Modified') end def digest_body(body) parts = [] digest = nil body.each do |part| parts << part (digest ||= Digest::SHA256.new) << part unless part.empty? end [digest && digest.hexdigest.byteslice(0, 32), parts] end end end rack-2.1.4/lib/rack/events.rb000066400000000000000000000114021367177163600157740ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/response' require 'rack/body_proxy' module Rack ### This middleware provides hooks to certain places in the request / # response lifecycle. This is so that middleware that don't need to filter # the response data can safely leave it alone and not have to send messages # down the traditional "rack stack". # # The events are: # # * on_start(request, response) # # This event is sent at the start of the request, before the next # middleware in the chain is called. This method is called with a request # object, and a response object. Right now, the response object is always # nil, but in the future it may actually be a real response object. # # * on_commit(request, response) # # The response has been committed. The application has returned, but the # response has not been sent to the webserver yet. This method is always # called with a request object and the response object. The response # object is constructed from the rack triple that the application returned. # Changes may still be made to the response object at this point. # # * on_send(request, response) # # The webserver has started iterating over the response body and presumably # has started sending data over the wire. This method is always called with # a request object and the response object. The response object is # constructed from the rack triple that the application returned. Changes # SHOULD NOT be made to the response object as the webserver has already # started sending data. Any mutations will likely result in an exception. # # * on_finish(request, response) # # The webserver has closed the response, and all data has been written to # the response socket. The request and response object should both be # read-only at this point. The body MAY NOT be available on the response # object as it may have been flushed to the socket. # # * on_error(request, response, error) # # An exception has occurred in the application or an `on_commit` event. # This method will get the request, the response (if available) and the # exception that was raised. # # ## Order # # `on_start` is called on the handlers in the order that they were passed to # the constructor. `on_commit`, on_send`, `on_finish`, and `on_error` are # called in the reverse order. `on_finish` handlers are called inside an # `ensure` block, so they are guaranteed to be called even if something # raises an exception. If something raises an exception in a `on_finish` # method, then nothing is guaranteed. class Events module Abstract def on_start req, res end def on_commit req, res end def on_send req, res end def on_finish req, res end def on_error req, res, e end end class EventedBodyProxy < Rack::BodyProxy # :nodoc: attr_reader :request, :response def initialize body, request, response, handlers, &block super(body, &block) @request = request @response = response @handlers = handlers end def each @handlers.reverse_each { |handler| handler.on_send request, response } super end end class BufferedResponse < Rack::Response::Raw # :nodoc: attr_reader :body def initialize status, headers, body super(status, headers) @body = body end def to_a; [status, headers, body]; end end def initialize app, handlers @app = app @handlers = handlers end def call env request = make_request env on_start request, nil begin status, headers, body = @app.call request.env response = make_response status, headers, body on_commit request, response rescue StandardError => e on_error request, response, e on_finish request, response raise end body = EventedBodyProxy.new(body, request, response, @handlers) do on_finish request, response end [response.status, response.headers, body] end private def on_error request, response, e @handlers.reverse_each { |handler| handler.on_error request, response, e } end def on_commit request, response @handlers.reverse_each { |handler| handler.on_commit request, response } end def on_start request, response @handlers.each { |handler| handler.on_start request, nil } end def on_finish request, response @handlers.reverse_each { |handler| handler.on_finish request, response } end def make_request env Rack::Request.new env end def make_response status, headers, body BufferedResponse.new status, headers, body end end end rack-2.1.4/lib/rack/file.rb000066400000000000000000000001241367177163600154060ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/files' module Rack File = Files end rack-2.1.4/lib/rack/files.rb000066400000000000000000000115531367177163600156010ustar00rootroot00000000000000# frozen_string_literal: true require 'time' require 'rack/utils' require 'rack/mime' require 'rack/request' require 'rack/head' module Rack # Rack::Files serves files below the +root+ directory given, according to the # path info of the Rack request. # e.g. when Rack::Files.new("/etc") is used, you can access 'passwd' file # as http://localhost:9292/passwd # # Handlers can detect if bodies are a Rack::Files, and use mechanisms # like sendfile on the +path+. class Files ALLOWED_VERBS = %w[GET HEAD OPTIONS] ALLOW_HEADER = ALLOWED_VERBS.join(', ') attr_reader :root def initialize(root, headers = {}, default_mime = 'text/plain') @root = (::File.expand_path(root) if root) @headers = headers @default_mime = default_mime @head = Rack::Head.new(lambda { |env| get env }) end def call(env) # HEAD requests drop the response body, including 4xx error messages. @head.call env end def get(env) request = Rack::Request.new env unless ALLOWED_VERBS.include? request.request_method return fail(405, "Method Not Allowed", { 'Allow' => ALLOW_HEADER }) end path_info = Utils.unescape_path request.path_info return fail(400, "Bad Request") unless Utils.valid_path?(path_info) clean_path_info = Utils.clean_path_info(path_info) path = ::File.join(@root, clean_path_info) available = begin ::File.file?(path) && ::File.readable?(path) rescue SystemCallError false end if available serving(request, path) else fail(404, "File not found: #{path_info}") end end def serving(request, path) if request.options? return [200, { 'Allow' => ALLOW_HEADER, CONTENT_LENGTH => '0' }, []] end last_modified = ::File.mtime(path).httpdate return [304, {}, []] if request.get_header('HTTP_IF_MODIFIED_SINCE') == last_modified headers = { "Last-Modified" => last_modified } mime_type = mime_type path, @default_mime headers[CONTENT_TYPE] = mime_type if mime_type # Set custom headers @headers.each { |field, content| headers[field] = content } if @headers response = [ 200, headers ] size = filesize path range = nil ranges = Rack::Utils.get_byte_ranges(request.get_header('HTTP_RANGE'), size) if ranges.nil? || ranges.length > 1 # No ranges, or multiple ranges (which we don't support): # TODO: Support multiple byte-ranges response[0] = 200 range = 0..size - 1 elsif ranges.empty? # Unsatisfiable. Return error, and file size: response = fail(416, "Byte range unsatisfiable") response[1]["Content-Range"] = "bytes */#{size}" return response else # Partial content: range = ranges[0] response[0] = 206 response[1]["Content-Range"] = "bytes #{range.begin}-#{range.end}/#{size}" size = range.end - range.begin + 1 end response[2] = [response_body] unless response_body.nil? response[1][CONTENT_LENGTH] = size.to_s response[2] = make_body request, path, range response end class Iterator attr_reader :path, :range alias :to_path :path def initialize path, range @path = path @range = range end def each ::File.open(path, "rb") do |file| file.seek(range.begin) remaining_len = range.end - range.begin + 1 while remaining_len > 0 part = file.read([8192, remaining_len].min) break unless part remaining_len -= part.length yield part end end end def close; end end private def make_body request, path, range if request.head? [] else Iterator.new path, range end end def fail(status, body, headers = {}) body += "\n" [ status, { CONTENT_TYPE => "text/plain", CONTENT_LENGTH => body.size.to_s, "X-Cascade" => "pass" }.merge!(headers), [body] ] end # The MIME type for the contents of the file located at @path def mime_type path, default_mime Mime.mime_type(::File.extname(path), default_mime) end def filesize path # If response_body is present, use its size. return response_body.bytesize if response_body # We check via File::size? whether this file provides size info # via stat (e.g. /proc files often don't), otherwise we have to # figure it out by reading the whole file into memory. ::File.size?(path) || ::File.read(path).bytesize end # By default, the response body for file requests is nil. # In this case, the response body will be generated later # from the file at @path def response_body nil end end end rack-2.1.4/lib/rack/handler.rb000066400000000000000000000055751367177163600161230ustar00rootroot00000000000000# frozen_string_literal: true module Rack # *Handlers* connect web servers with Rack. # # Rack includes Handlers for Thin, WEBrick, FastCGI, CGI, SCGI # and LiteSpeed. # # Handlers usually are activated by calling MyHandler.run(myapp). # A second optional hash can be passed to include server-specific # configuration. module Handler def self.get(server) return unless server server = server.to_s unless @handlers.include? server load_error = try_require('rack/handler', server) end if klass = @handlers[server] const_get(klass) else const_get(server, false) end rescue NameError => name_error raise load_error || name_error end # Select first available Rack handler given an `Array` of server names. # Raises `LoadError` if no handler was found. # # > pick ['thin', 'webrick'] # => Rack::Handler::WEBrick def self.pick(server_names) server_names = Array(server_names) server_names.each do |server_name| begin return get(server_name.to_s) rescue LoadError, NameError end end raise LoadError, "Couldn't find handler for: #{server_names.join(', ')}." end SERVER_NAMES = %w(puma thin falcon webrick).freeze private_constant :SERVER_NAMES def self.default # Guess. if ENV.include?("PHP_FCGI_CHILDREN") Rack::Handler::FastCGI elsif ENV.include?(REQUEST_METHOD) Rack::Handler::CGI elsif ENV.include?("RACK_HANDLER") self.get(ENV["RACK_HANDLER"]) else pick SERVER_NAMES end end # Transforms server-name constants to their canonical form as filenames, # then tries to require them but silences the LoadError if not found # # Naming convention: # # Foo # => 'foo' # FooBar # => 'foo_bar.rb' # FooBAR # => 'foobar.rb' # FOObar # => 'foobar.rb' # FOOBAR # => 'foobar.rb' # FooBarBaz # => 'foo_bar_baz.rb' def self.try_require(prefix, const_name) file = const_name.gsub(/^[A-Z]+/) { |pre| pre.downcase }. gsub(/[A-Z]+[^A-Z]/, '_\&').downcase require(::File.join(prefix, file)) nil rescue LoadError => error error end def self.register(server, klass) @handlers ||= {} @handlers[server.to_s] = klass.to_s end autoload :CGI, "rack/handler/cgi" autoload :FastCGI, "rack/handler/fastcgi" autoload :WEBrick, "rack/handler/webrick" autoload :LSWS, "rack/handler/lsws" autoload :SCGI, "rack/handler/scgi" autoload :Thin, "rack/handler/thin" register 'cgi', 'Rack::Handler::CGI' register 'fastcgi', 'Rack::Handler::FastCGI' register 'webrick', 'Rack::Handler::WEBrick' register 'lsws', 'Rack::Handler::LSWS' register 'scgi', 'Rack::Handler::SCGI' register 'thin', 'Rack::Handler::Thin' end end rack-2.1.4/lib/rack/handler/000077500000000000000000000000001367177163600155625ustar00rootroot00000000000000rack-2.1.4/lib/rack/handler/cgi.rb000066400000000000000000000027721367177163600166610ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/content_length' require 'rack/rewindable_input' module Rack module Handler class CGI def self.run(app, options = nil) $stdin.binmode serve app end def self.serve(app) env = ENV.to_hash env.delete "HTTP_CONTENT_LENGTH" env[SCRIPT_NAME] = "" if env[SCRIPT_NAME] == "/" env.update( RACK_VERSION => Rack::VERSION, RACK_INPUT => Rack::RewindableInput.new($stdin), RACK_ERRORS => $stderr, RACK_MULTITHREAD => false, RACK_MULTIPROCESS => true, RACK_RUNONCE => true, RACK_URL_SCHEME => ["yes", "on", "1"].include?(ENV[HTTPS]) ? "https" : "http" ) env[QUERY_STRING] ||= "" env[HTTP_VERSION] ||= env[SERVER_PROTOCOL] env[REQUEST_PATH] ||= "/" status, headers, body = app.call(env) begin send_headers status, headers send_body body ensure body.close if body.respond_to? :close end end def self.send_headers(status, headers) $stdout.print "Status: #{status}\r\n" headers.each { |k, vs| vs.split("\n").each { |v| $stdout.print "#{k}: #{v}\r\n" } } $stdout.print "\r\n" $stdout.flush end def self.send_body(body) body.each { |part| $stdout.print part $stdout.flush } end end end end rack-2.1.4/lib/rack/handler/fastcgi.rb000066400000000000000000000053071367177163600175340ustar00rootroot00000000000000# frozen_string_literal: true require 'fcgi' require 'socket' require 'rack/content_length' require 'rack/rewindable_input' if defined? FCGI::Stream class FCGI::Stream alias _rack_read_without_buffer read def read(n, buffer = nil) buf = _rack_read_without_buffer n buffer.replace(buf.to_s) if buffer buf end end end module Rack module Handler class FastCGI def self.run(app, options = {}) if options[:File] STDIN.reopen(UNIXServer.new(options[:File])) elsif options[:Port] STDIN.reopen(TCPServer.new(options[:Host], options[:Port])) end FCGI.each { |request| serve request, app } end def self.valid_options environment = ENV['RACK_ENV'] || 'development' default_host = environment == 'development' ? 'localhost' : '0.0.0.0' { "Host=HOST" => "Hostname to listen on (default: #{default_host})", "Port=PORT" => "Port to listen on (default: 8080)", "File=PATH" => "Creates a Domain socket at PATH instead of a TCP socket. Ignores Host and Port if set.", } end def self.serve(request, app) env = request.env env.delete "HTTP_CONTENT_LENGTH" env[SCRIPT_NAME] = "" if env[SCRIPT_NAME] == "/" rack_input = RewindableInput.new(request.in) env.update( RACK_VERSION => Rack::VERSION, RACK_INPUT => rack_input, RACK_ERRORS => request.err, RACK_MULTITHREAD => false, RACK_MULTIPROCESS => true, RACK_RUNONCE => false, RACK_URL_SCHEME => ["yes", "on", "1"].include?(env[HTTPS]) ? "https" : "http" ) env[QUERY_STRING] ||= "" env[HTTP_VERSION] ||= env[SERVER_PROTOCOL] env[REQUEST_PATH] ||= "/" env.delete "CONTENT_TYPE" if env["CONTENT_TYPE"] == "" env.delete "CONTENT_LENGTH" if env["CONTENT_LENGTH"] == "" begin status, headers, body = app.call(env) begin send_headers request.out, status, headers send_body request.out, body ensure body.close if body.respond_to? :close end ensure rack_input.close request.finish end end def self.send_headers(out, status, headers) out.print "Status: #{status}\r\n" headers.each { |k, vs| vs.split("\n").each { |v| out.print "#{k}: #{v}\r\n" } } out.print "\r\n" out.flush end def self.send_body(out, body) body.each { |part| out.print part out.flush } end end end end rack-2.1.4/lib/rack/handler/lsws.rb000066400000000000000000000031071367177163600171000ustar00rootroot00000000000000# frozen_string_literal: true require 'lsapi' require 'rack/content_length' require 'rack/rewindable_input' module Rack module Handler class LSWS def self.run(app, options = nil) while LSAPI.accept != nil serve app end end def self.serve(app) env = ENV.to_hash env.delete "HTTP_CONTENT_LENGTH" env[SCRIPT_NAME] = "" if env[SCRIPT_NAME] == "/" rack_input = RewindableInput.new($stdin.read.to_s) env.update( RACK_VERSION => Rack::VERSION, RACK_INPUT => rack_input, RACK_ERRORS => $stderr, RACK_MULTITHREAD => false, RACK_MULTIPROCESS => true, RACK_RUNONCE => false, RACK_URL_SCHEME => ["yes", "on", "1"].include?(ENV[HTTPS]) ? "https" : "http" ) env[QUERY_STRING] ||= "" env[HTTP_VERSION] ||= env[SERVER_PROTOCOL] env[REQUEST_PATH] ||= "/" status, headers, body = app.call(env) begin send_headers status, headers send_body body ensure body.close if body.respond_to? :close end ensure rack_input.close end def self.send_headers(status, headers) print "Status: #{status}\r\n" headers.each { |k, vs| vs.split("\n").each { |v| print "#{k}: #{v}\r\n" } } print "\r\n" STDOUT.flush end def self.send_body(body) body.each { |part| print part STDOUT.flush } end end end end rack-2.1.4/lib/rack/handler/scgi.rb000066400000000000000000000042601367177163600170360ustar00rootroot00000000000000# frozen_string_literal: true require 'scgi' require 'stringio' require 'rack/content_length' require 'rack/chunked' module Rack module Handler class SCGI < ::SCGI::Processor attr_accessor :app def self.run(app, options = nil) options[:Socket] = UNIXServer.new(options[:File]) if options[:File] new(options.merge(app: app, host: options[:Host], port: options[:Port], socket: options[:Socket])).listen end def self.valid_options environment = ENV['RACK_ENV'] || 'development' default_host = environment == 'development' ? 'localhost' : '0.0.0.0' { "Host=HOST" => "Hostname to listen on (default: #{default_host})", "Port=PORT" => "Port to listen on (default: 8080)", } end def initialize(settings = {}) @app = settings[:app] super(settings) end def process_request(request, input_body, socket) env = Hash[request] env.delete "HTTP_CONTENT_TYPE" env.delete "HTTP_CONTENT_LENGTH" env[REQUEST_PATH], env[QUERY_STRING] = env["REQUEST_URI"].split('?', 2) env[HTTP_VERSION] ||= env[SERVER_PROTOCOL] env[PATH_INFO] = env[REQUEST_PATH] env[QUERY_STRING] ||= "" env[SCRIPT_NAME] = "" rack_input = StringIO.new(input_body) rack_input.set_encoding(Encoding::BINARY) env.update( RACK_VERSION => Rack::VERSION, RACK_INPUT => rack_input, RACK_ERRORS => $stderr, RACK_MULTITHREAD => true, RACK_MULTIPROCESS => true, RACK_RUNONCE => false, RACK_URL_SCHEME => ["yes", "on", "1"].include?(env[HTTPS]) ? "https" : "http" ) status, headers, body = app.call(env) begin socket.write("Status: #{status}\r\n") headers.each do |k, vs| vs.split("\n").each { |v| socket.write("#{k}: #{v}\r\n")} end socket.write("\r\n") body.each {|s| socket.write(s)} ensure body.close if body.respond_to? :close end end end end end rack-2.1.4/lib/rack/handler/thin.rb000066400000000000000000000021731367177163600170540ustar00rootroot00000000000000# frozen_string_literal: true require "thin" require "thin/server" require "thin/logging" require "thin/backends/tcp_server" require "rack/content_length" require "rack/chunked" module Rack module Handler class Thin def self.run(app, options = {}) environment = ENV['RACK_ENV'] || 'development' default_host = environment == 'development' ? 'localhost' : '0.0.0.0' host = options.delete(:Host) || default_host port = options.delete(:Port) || 8080 args = [host, port, app, options] # Thin versions below 0.8.0 do not support additional options args.pop if ::Thin::VERSION::MAJOR < 1 && ::Thin::VERSION::MINOR < 8 server = ::Thin::Server.new(*args) yield server if block_given? server.start end def self.valid_options environment = ENV['RACK_ENV'] || 'development' default_host = environment == 'development' ? 'localhost' : '0.0.0.0' { "Host=HOST" => "Hostname to listen on (default: #{default_host})", "Port=PORT" => "Port to listen on (default: 8080)", } end end end end rack-2.1.4/lib/rack/handler/webrick.rb000066400000000000000000000070421367177163600175400ustar00rootroot00000000000000# frozen_string_literal: true require 'webrick' require 'stringio' require 'rack/content_length' # This monkey patch allows for applications to perform their own chunking # through WEBrick::HTTPResponse if rack is set to true. class WEBrick::HTTPResponse attr_accessor :rack alias _rack_setup_header setup_header def setup_header app_chunking = rack && @header['transfer-encoding'] == 'chunked' @chunked = app_chunking if app_chunking _rack_setup_header @chunked = false if app_chunking end end module Rack module Handler class WEBrick < ::WEBrick::HTTPServlet::AbstractServlet def self.run(app, options = {}) environment = ENV['RACK_ENV'] || 'development' default_host = environment == 'development' ? 'localhost' : nil options[:BindAddress] = options.delete(:Host) || default_host options[:Port] ||= 8080 @server = ::WEBrick::HTTPServer.new(options) @server.mount "/", Rack::Handler::WEBrick, app yield @server if block_given? @server.start end def self.valid_options environment = ENV['RACK_ENV'] || 'development' default_host = environment == 'development' ? 'localhost' : '0.0.0.0' { "Host=HOST" => "Hostname to listen on (default: #{default_host})", "Port=PORT" => "Port to listen on (default: 8080)", } end def self.shutdown @server.shutdown @server = nil end def initialize(server, app) super server @app = app end def service(req, res) res.rack = true env = req.meta_vars env.delete_if { |k, v| v.nil? } rack_input = StringIO.new(req.body.to_s) rack_input.set_encoding(Encoding::BINARY) env.update( RACK_VERSION => Rack::VERSION, RACK_INPUT => rack_input, RACK_ERRORS => $stderr, RACK_MULTITHREAD => true, RACK_MULTIPROCESS => false, RACK_RUNONCE => false, RACK_URL_SCHEME => ["yes", "on", "1"].include?(env[HTTPS]) ? "https" : "http", RACK_IS_HIJACK => true, RACK_HIJACK => lambda { raise NotImplementedError, "only partial hijack is supported."}, RACK_HIJACK_IO => nil ) env[HTTP_VERSION] ||= env[SERVER_PROTOCOL] env[QUERY_STRING] ||= "" unless env[PATH_INFO] == "" path, n = req.request_uri.path, env[SCRIPT_NAME].length env[PATH_INFO] = path[n, path.length - n] end env[REQUEST_PATH] ||= [env[SCRIPT_NAME], env[PATH_INFO]].join status, headers, body = @app.call(env) begin res.status = status.to_i io_lambda = nil headers.each { |k, vs| if k == RACK_HIJACK io_lambda = vs elsif k.downcase == "set-cookie" res.cookies.concat vs.split("\n") else # Since WEBrick won't accept repeated headers, # merge the values per RFC 1945 section 4.2. res[k] = vs.split("\n").join(", ") end } if io_lambda rd, wr = IO.pipe res.body = rd res.chunked = true io_lambda.call wr elsif body.respond_to?(:to_path) res.body = ::File.open(body.to_path, 'rb') else body.each { |part| res.body << part } end ensure body.close if body.respond_to? :close end end end end end rack-2.1.4/lib/rack/head.rb000066400000000000000000000010431367177163600153710ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/body_proxy' module Rack # Rack::Head returns an empty body for all HEAD requests. It leaves # all other requests unchanged. class Head def initialize(app) @app = app end def call(env) status, headers, body = @app.call(env) if env[REQUEST_METHOD] == HEAD [ status, headers, Rack::BodyProxy.new([]) do body.close if body.respond_to? :close end ] else [status, headers, body] end end end end rack-2.1.4/lib/rack/lint.rb000066400000000000000000000722131367177163600154450ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/utils' require 'forwardable' module Rack # Rack::Lint validates your application and the requests and # responses according to the Rack spec. class Lint def initialize(app) @app = app @content_length = nil end # :stopdoc: class LintError < RuntimeError; end module Assertion def assert(message) unless yield raise LintError, message end end end include Assertion ## This specification aims to formalize the Rack protocol. You ## can (and should) use Rack::Lint to enforce it. ## ## When you develop middleware, be sure to add a Lint before and ## after to catch all mistakes. ## = Rack applications ## A Rack application is a Ruby object (not a class) that ## responds to +call+. def call(env = nil) dup._call(env) end def _call(env) ## It takes exactly one argument, the *environment* assert("No env given") { env } check_env env env[RACK_INPUT] = InputWrapper.new(env[RACK_INPUT]) env[RACK_ERRORS] = ErrorWrapper.new(env[RACK_ERRORS]) ## and returns an Array of exactly three values: status, headers, @body = @app.call(env) ## The *status*, check_status status ## the *headers*, check_headers headers check_hijack_response headers, env ## and the *body*. check_content_type status, headers check_content_length status, headers @head_request = env[REQUEST_METHOD] == HEAD [status, headers, self] end ## == The Environment def check_env(env) ## The environment must be an instance of Hash that includes ## CGI-like headers. The application is free to modify the ## environment. assert("env #{env.inspect} is not a Hash, but #{env.class}") { env.kind_of? Hash } ## ## The environment is required to include these variables ## (adopted from PEP333), except when they'd be empty, but see ## below. ## REQUEST_METHOD:: The HTTP request method, such as ## "GET" or "POST". This cannot ever ## be an empty string, and so is ## always required. ## SCRIPT_NAME:: The initial portion of the request ## URL's "path" that corresponds to the ## application object, so that the ## application knows its virtual ## "location". This may be an empty ## string, if the application corresponds ## to the "root" of the server. ## PATH_INFO:: The remainder of the request URL's ## "path", designating the virtual ## "location" of the request's target ## within the application. This may be an ## empty string, if the request URL targets ## the application root and does not have a ## trailing slash. This value may be ## percent-encoded when originating from ## a URL. ## QUERY_STRING:: The portion of the request URL that ## follows the ?, if any. May be ## empty, but is always required! ## SERVER_NAME, SERVER_PORT:: ## When combined with SCRIPT_NAME and ## PATH_INFO, these variables can be ## used to complete the URL. Note, however, ## that HTTP_HOST, if present, ## should be used in preference to ## SERVER_NAME for reconstructing ## the request URL. ## SERVER_NAME and SERVER_PORT ## can never be empty strings, and so ## are always required. ## HTTP_ Variables:: Variables corresponding to the ## client-supplied HTTP request ## headers (i.e., variables whose ## names begin with HTTP_). The ## presence or absence of these ## variables should correspond with ## the presence or absence of the ## appropriate HTTP header in the ## request. See ## {RFC3875 section 4.1.18}[https://tools.ietf.org/html/rfc3875#section-4.1.18] ## for specific behavior. ## In addition to this, the Rack environment must include these ## Rack-specific variables: ## rack.version:: The Array representing this version of Rack ## See Rack::VERSION, that corresponds to ## the version of this SPEC. ## rack.url_scheme:: +http+ or +https+, depending on the ## request URL. ## rack.input:: See below, the input stream. ## rack.errors:: See below, the error stream. ## rack.multithread:: true if the application object may be ## simultaneously invoked by another thread ## in the same process, false otherwise. ## rack.multiprocess:: true if an equivalent application object ## may be simultaneously invoked by another ## process, false otherwise. ## rack.run_once:: true if the server expects ## (but does not guarantee!) that the ## application will only be invoked this one ## time during the life of its containing ## process. Normally, this will only be true ## for a server based on CGI ## (or something similar). ## rack.hijack?:: present and true if the server supports ## connection hijacking. See below, hijacking. ## rack.hijack:: an object responding to #call that must be ## called at least once before using ## rack.hijack_io. ## It is recommended #call return rack.hijack_io ## as well as setting it in env if necessary. ## rack.hijack_io:: if rack.hijack? is true, and rack.hijack ## has received #call, this will contain ## an object resembling an IO. See hijacking. ## Additional environment specifications have approved to ## standardized middleware APIs. None of these are required to ## be implemented by the server. ## rack.session:: A hash like interface for storing ## request session data. ## The store must implement: if session = env[RACK_SESSION] ## store(key, value) (aliased as []=); assert("session #{session.inspect} must respond to store and []=") { session.respond_to?(:store) && session.respond_to?(:[]=) } ## fetch(key, default = nil) (aliased as []); assert("session #{session.inspect} must respond to fetch and []") { session.respond_to?(:fetch) && session.respond_to?(:[]) } ## delete(key); assert("session #{session.inspect} must respond to delete") { session.respond_to?(:delete) } ## clear; assert("session #{session.inspect} must respond to clear") { session.respond_to?(:clear) } end ## rack.logger:: A common object interface for logging messages. ## The object must implement: if logger = env[RACK_LOGGER] ## info(message, &block) assert("logger #{logger.inspect} must respond to info") { logger.respond_to?(:info) } ## debug(message, &block) assert("logger #{logger.inspect} must respond to debug") { logger.respond_to?(:debug) } ## warn(message, &block) assert("logger #{logger.inspect} must respond to warn") { logger.respond_to?(:warn) } ## error(message, &block) assert("logger #{logger.inspect} must respond to error") { logger.respond_to?(:error) } ## fatal(message, &block) assert("logger #{logger.inspect} must respond to fatal") { logger.respond_to?(:fatal) } end ## rack.multipart.buffer_size:: An Integer hint to the multipart parser as to what chunk size to use for reads and writes. if bufsize = env[RACK_MULTIPART_BUFFER_SIZE] assert("rack.multipart.buffer_size must be an Integer > 0 if specified") { bufsize.is_a?(Integer) && bufsize > 0 } end ## rack.multipart.tempfile_factory:: An object responding to #call with two arguments, the filename and content_type given for the multipart form field, and returning an IO-like object that responds to #<< and optionally #rewind. This factory will be used to instantiate the tempfile for each multipart form file upload field, rather than the default class of Tempfile. if tempfile_factory = env[RACK_MULTIPART_TEMPFILE_FACTORY] assert("rack.multipart.tempfile_factory must respond to #call") { tempfile_factory.respond_to?(:call) } env[RACK_MULTIPART_TEMPFILE_FACTORY] = lambda do |filename, content_type| io = tempfile_factory.call(filename, content_type) assert("rack.multipart.tempfile_factory return value must respond to #<<") { io.respond_to?(:<<) } io end end ## The server or the application can store their own data in the ## environment, too. The keys must contain at least one dot, ## and should be prefixed uniquely. The prefix rack. ## is reserved for use with the Rack core distribution and other ## accepted specifications and must not be used otherwise. ## %w[REQUEST_METHOD SERVER_NAME SERVER_PORT QUERY_STRING rack.version rack.input rack.errors rack.multithread rack.multiprocess rack.run_once].each { |header| assert("env missing required key #{header}") { env.include? header } } ## The environment must not contain the keys ## HTTP_CONTENT_TYPE or HTTP_CONTENT_LENGTH ## (use the versions without HTTP_). %w[HTTP_CONTENT_TYPE HTTP_CONTENT_LENGTH].each { |header| assert("env contains #{header}, must use #{header[5, -1]}") { not env.include? header } } ## The CGI keys (named without a period) must have String values. env.each { |key, value| next if key.include? "." # Skip extensions assert("env variable #{key} has non-string value #{value.inspect}") { value.kind_of? String } } ## There are the following restrictions: ## * rack.version must be an array of Integers. assert("rack.version must be an Array, was #{env[RACK_VERSION].class}") { env[RACK_VERSION].kind_of? Array } ## * rack.url_scheme must either be +http+ or +https+. assert("rack.url_scheme unknown: #{env[RACK_URL_SCHEME].inspect}") { %w[http https].include?(env[RACK_URL_SCHEME]) } ## * There must be a valid input stream in rack.input. check_input env[RACK_INPUT] ## * There must be a valid error stream in rack.errors. check_error env[RACK_ERRORS] ## * There may be a valid hijack stream in rack.hijack_io check_hijack env ## * The REQUEST_METHOD must be a valid token. assert("REQUEST_METHOD unknown: #{env[REQUEST_METHOD]}") { env[REQUEST_METHOD] =~ /\A[0-9A-Za-z!\#$%&'*+.^_`|~-]+\z/ } ## * The SCRIPT_NAME, if non-empty, must start with / assert("SCRIPT_NAME must start with /") { !env.include?(SCRIPT_NAME) || env[SCRIPT_NAME] == "" || env[SCRIPT_NAME] =~ /\A\// } ## * The PATH_INFO, if non-empty, must start with / assert("PATH_INFO must start with /") { !env.include?(PATH_INFO) || env[PATH_INFO] == "" || env[PATH_INFO] =~ /\A\// } ## * The CONTENT_LENGTH, if given, must consist of digits only. assert("Invalid CONTENT_LENGTH: #{env["CONTENT_LENGTH"]}") { !env.include?("CONTENT_LENGTH") || env["CONTENT_LENGTH"] =~ /\A\d+\z/ } ## * One of SCRIPT_NAME or PATH_INFO must be ## set. PATH_INFO should be / if ## SCRIPT_NAME is empty. assert("One of SCRIPT_NAME or PATH_INFO must be set (make PATH_INFO '/' if SCRIPT_NAME is empty)") { env[SCRIPT_NAME] || env[PATH_INFO] } ## SCRIPT_NAME never should be /, but instead be empty. assert("SCRIPT_NAME cannot be '/', make it '' and PATH_INFO '/'") { env[SCRIPT_NAME] != "/" } end ## === The Input Stream ## ## The input stream is an IO-like object which contains the raw HTTP ## POST data. def check_input(input) ## When applicable, its external encoding must be "ASCII-8BIT" and it ## must be opened in binary mode, for Ruby 1.9 compatibility. assert("rack.input #{input} does not have ASCII-8BIT as its external encoding") { input.external_encoding.name == "ASCII-8BIT" } if input.respond_to?(:external_encoding) assert("rack.input #{input} is not opened in binary mode") { input.binmode? } if input.respond_to?(:binmode?) ## The input stream must respond to +gets+, +each+, +read+ and +rewind+. [:gets, :each, :read, :rewind].each { |method| assert("rack.input #{input} does not respond to ##{method}") { input.respond_to? method } } end class InputWrapper include Assertion def initialize(input) @input = input end ## * +gets+ must be called without arguments and return a string, ## or +nil+ on EOF. def gets(*args) assert("rack.input#gets called with arguments") { args.size == 0 } v = @input.gets assert("rack.input#gets didn't return a String") { v.nil? or v.kind_of? String } v end ## * +read+ behaves like IO#read. ## Its signature is read([length, [buffer]]). ## ## If given, +length+ must be a non-negative Integer (>= 0) or +nil+, ## and +buffer+ must be a String and may not be nil. ## ## If +length+ is given and not nil, then this method reads at most ## +length+ bytes from the input stream. ## ## If +length+ is not given or nil, then this method reads ## all data until EOF. ## ## When EOF is reached, this method returns nil if +length+ is given ## and not nil, or "" if +length+ is not given or is nil. ## ## If +buffer+ is given, then the read data will be placed ## into +buffer+ instead of a newly created String object. def read(*args) assert("rack.input#read called with too many arguments") { args.size <= 2 } if args.size >= 1 assert("rack.input#read called with non-integer and non-nil length") { args.first.kind_of?(Integer) || args.first.nil? } assert("rack.input#read called with a negative length") { args.first.nil? || args.first >= 0 } end if args.size >= 2 assert("rack.input#read called with non-String buffer") { args[1].kind_of?(String) } end v = @input.read(*args) assert("rack.input#read didn't return nil or a String") { v.nil? or v.kind_of? String } if args[0].nil? assert("rack.input#read(nil) returned nil on EOF") { !v.nil? } end v end ## * +each+ must be called without arguments and only yield Strings. def each(*args) assert("rack.input#each called with arguments") { args.size == 0 } @input.each { |line| assert("rack.input#each didn't yield a String") { line.kind_of? String } yield line } end ## * +rewind+ must be called without arguments. It rewinds the input ## stream back to the beginning. It must not raise Errno::ESPIPE: ## that is, it may not be a pipe or a socket. Therefore, handler ## developers must buffer the input data into some rewindable object ## if the underlying input stream is not rewindable. def rewind(*args) assert("rack.input#rewind called with arguments") { args.size == 0 } assert("rack.input#rewind raised Errno::ESPIPE") { begin @input.rewind true rescue Errno::ESPIPE false end } end ## * +close+ must never be called on the input stream. def close(*args) assert("rack.input#close must not be called") { false } end end ## === The Error Stream def check_error(error) ## The error stream must respond to +puts+, +write+ and +flush+. [:puts, :write, :flush].each { |method| assert("rack.error #{error} does not respond to ##{method}") { error.respond_to? method } } end class ErrorWrapper include Assertion def initialize(error) @error = error end ## * +puts+ must be called with a single argument that responds to +to_s+. def puts(str) @error.puts str end ## * +write+ must be called with a single argument that is a String. def write(str) assert("rack.errors#write not called with a String") { str.kind_of? String } @error.write str end ## * +flush+ must be called without arguments and must be called ## in order to make the error appear for sure. def flush @error.flush end ## * +close+ must never be called on the error stream. def close(*args) assert("rack.errors#close must not be called") { false } end end class HijackWrapper include Assertion extend Forwardable REQUIRED_METHODS = [ :read, :write, :read_nonblock, :write_nonblock, :flush, :close, :close_read, :close_write, :closed? ] def_delegators :@io, *REQUIRED_METHODS def initialize(io) @io = io REQUIRED_METHODS.each do |meth| assert("rack.hijack_io must respond to #{meth}") { io.respond_to? meth } end end end ## === Hijacking # # AUTHORS: n.b. The trailing whitespace between paragraphs is important and # should not be removed. The whitespace creates paragraphs in the RDoc # output. # ## ==== Request (before status) def check_hijack(env) if env[RACK_IS_HIJACK] ## If rack.hijack? is true then rack.hijack must respond to #call. original_hijack = env[RACK_HIJACK] assert("rack.hijack must respond to call") { original_hijack.respond_to?(:call) } env[RACK_HIJACK] = proc do ## rack.hijack must return the io that will also be assigned (or is ## already present, in rack.hijack_io. io = original_hijack.call HijackWrapper.new(io) ## ## rack.hijack_io must respond to: ## read, write, read_nonblock, write_nonblock, flush, close, ## close_read, close_write, closed? ## ## The semantics of these IO methods must be a best effort match to ## those of a normal ruby IO or Socket object, using standard ## arguments and raising standard exceptions. Servers are encouraged ## to simply pass on real IO objects, although it is recognized that ## this approach is not directly compatible with SPDY and HTTP 2.0. ## ## IO provided in rack.hijack_io should preference the ## IO::WaitReadable and IO::WaitWritable APIs wherever supported. ## ## There is a deliberate lack of full specification around ## rack.hijack_io, as semantics will change from server to server. ## Users are encouraged to utilize this API with a knowledge of their ## server choice, and servers may extend the functionality of ## hijack_io to provide additional features to users. The purpose of ## rack.hijack is for Rack to "get out of the way", as such, Rack only ## provides the minimum of specification and support. env[RACK_HIJACK_IO] = HijackWrapper.new(env[RACK_HIJACK_IO]) io end else ## ## If rack.hijack? is false, then rack.hijack should not be set. assert("rack.hijack? is false, but rack.hijack is present") { env[RACK_HIJACK].nil? } ## ## If rack.hijack? is false, then rack.hijack_io should not be set. assert("rack.hijack? is false, but rack.hijack_io is present") { env[RACK_HIJACK_IO].nil? } end end ## ==== Response (after headers) ## It is also possible to hijack a response after the status and headers ## have been sent. def check_hijack_response(headers, env) # this check uses headers like a hash, but the spec only requires # headers respond to #each headers = Rack::Utils::HeaderHash.new(headers) ## In order to do this, an application may set the special header ## rack.hijack to an object that responds to call ## accepting an argument that conforms to the rack.hijack_io ## protocol. ## ## After the headers have been sent, and this hijack callback has been ## called, the application is now responsible for the remaining lifecycle ## of the IO. The application is also responsible for maintaining HTTP ## semantics. Of specific note, in almost all cases in the current SPEC, ## applications will have wanted to specify the header Connection:close in ## HTTP/1.1, and not Connection:keep-alive, as there is no protocol for ## returning hijacked sockets to the web server. For that purpose, use the ## body streaming API instead (progressively yielding strings via each). ## ## Servers must ignore the body part of the response tuple when ## the rack.hijack response API is in use. if env[RACK_IS_HIJACK] && headers[RACK_HIJACK] assert('rack.hijack header must respond to #call') { headers[RACK_HIJACK].respond_to? :call } original_hijack = headers[RACK_HIJACK] headers[RACK_HIJACK] = proc do |io| original_hijack.call HijackWrapper.new(io) end else ## ## The special response header rack.hijack must only be set ## if the request env has rack.hijack? true. assert('rack.hijack header must not be present if server does not support hijacking') { headers[RACK_HIJACK].nil? } end end ## ==== Conventions ## * Middleware should not use hijack unless it is handling the whole ## response. ## * Middleware may wrap the IO object for the response pattern. ## * Middleware should not wrap the IO object for the request pattern. The ## request pattern is intended to provide the hijacker with "raw tcp". ## == The Response ## === The Status def check_status(status) ## This is an HTTP status. When parsed as integer (+to_i+), it must be ## greater than or equal to 100. assert("Status must be >=100 seen as integer") { status.to_i >= 100 } end ## === The Headers def check_headers(header) ## The header must respond to +each+, and yield values of key and value. assert("headers object should respond to #each, but doesn't (got #{header.class} as headers)") { header.respond_to? :each } header.each { |key, value| ## The header keys must be Strings. assert("header key must be a string, was #{key.class}") { key.kind_of? String } ## Special headers starting "rack." are for communicating with the ## server, and must not be sent back to the client. next if key =~ /^rack\..+$/ ## The header must not contain a +Status+ key. assert("header must not contain Status") { key.downcase != "status" } ## The header must conform to RFC7230 token specification, i.e. cannot ## contain non-printable ASCII, DQUOTE or "(),/:;<=>?@[\]{}". assert("invalid header name: #{key}") { key !~ /[\(\),\/:;<=>\?@\[\\\]{}[:cntrl:]]/ } ## The values of the header must be Strings, assert("a header value must be a String, but the value of " + "'#{key}' is a #{value.class}") { value.kind_of? String } ## consisting of lines (for multiple header values, e.g. multiple ## Set-Cookie values) separated by "\\n". value.split("\n").each { |item| ## The lines must not contain characters below 037. assert("invalid header value #{key}: #{item.inspect}") { item !~ /[\000-\037]/ } } } end ## === The Content-Type def check_content_type(status, headers) headers.each { |key, value| ## There must not be a Content-Type, when the +Status+ is 1xx, ## 204 or 304. if key.downcase == "content-type" assert("Content-Type header found in #{status} response, not allowed") { not Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.key? status.to_i } return end } end ## === The Content-Length def check_content_length(status, headers) headers.each { |key, value| if key.downcase == 'content-length' ## There must not be a Content-Length header when the ## +Status+ is 1xx, 204 or 304. assert("Content-Length header found in #{status} response, not allowed") { not Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.key? status.to_i } @content_length = value end } end def verify_content_length(bytes) if @head_request assert("Response body was given for HEAD request, but should be empty") { bytes == 0 } elsif @content_length assert("Content-Length header was #{@content_length}, but should be #{bytes}") { @content_length == bytes.to_s } end end ## === The Body def each @closed = false bytes = 0 ## The Body must respond to +each+ assert("Response body must respond to each") do @body.respond_to?(:each) end @body.each { |part| ## and must only yield String values. assert("Body yielded non-string value #{part.inspect}") { part.kind_of? String } bytes += part.bytesize yield part } verify_content_length(bytes) ## ## The Body itself should not be an instance of String, as this will ## break in Ruby 1.9. ## ## If the Body responds to +close+, it will be called after iteration. If ## the body is replaced by a middleware after action, the original body ## must be closed first, if it responds to close. # XXX howto: assert("Body has not been closed") { @closed } ## ## If the Body responds to +to_path+, it must return a String ## identifying the location of a file whose contents are identical ## to that produced by calling +each+; this may be used by the ## server as an alternative, possibly more efficient way to ## transport the response. if @body.respond_to?(:to_path) assert("The file identified by body.to_path does not exist") { ::File.exist? @body.to_path } end ## ## The Body commonly is an Array of Strings, the application ## instance itself, or a File-like object. end def close @closed = true @body.close if @body.respond_to?(:close) end # :startdoc: end end ## == Thanks ## Some parts of this specification are adopted from PEP333: Python ## Web Server Gateway Interface ## v1.0 (http://www.python.org/dev/peps/pep-0333/). I'd like to thank ## everyone involved in that effort. rack-2.1.4/lib/rack/lobster.rb000066400000000000000000000040041367177163600161420ustar00rootroot00000000000000# frozen_string_literal: true require 'zlib' require 'rack/request' require 'rack/response' module Rack # Paste has a Pony, Rack has a Lobster! class Lobster LobsterString = Zlib::Inflate.inflate("eJx9kEEOwyAMBO99xd7MAcytUhPlJyj2 P6jy9i4k9EQyGAnBarEXeCBqSkntNXsi/ZCvC48zGQoZKikGrFMZvgS5ZHd+aGWVuWwhVF0 t1drVmiR42HcWNz5w3QanT+2gIvTVCiE1lm1Y0eU4JGmIIbaKwextKn8rvW+p5PIwFl8ZWJ I8jyiTlhTcYXkekJAzTyYN6E08A+dk8voBkAVTJQ==".delete("\n ").unpack("m*")[0]) LambdaLobster = lambda { |env| if env[QUERY_STRING].include?("flip") lobster = LobsterString.split("\n"). map { |line| line.ljust(42).reverse }. join("\n") href = "?" else lobster = LobsterString href = "?flip" end content = ["Lobstericious!", "
", lobster, "
", "flip!"] length = content.inject(0) { |a, e| a + e.size }.to_s [200, { CONTENT_TYPE => "text/html", CONTENT_LENGTH => length }, content] } def call(env) req = Request.new(env) if req.GET["flip"] == "left" lobster = LobsterString.split("\n").map do |line| line.ljust(42).reverse. gsub('\\', 'TEMP'). gsub('/', '\\'). gsub('TEMP', '/'). gsub('{', '}'). gsub('(', ')') end.join("\n") href = "?flip=right" elsif req.GET["flip"] == "crash" raise "Lobster crashed" else lobster = LobsterString href = "?flip=left" end res = Response.new res.write "Lobstericious!" res.write "
"
      res.write lobster
      res.write "
" res.write "

flip!

" res.write "

crash!

" res.finish end end end if $0 == __FILE__ require 'rack' require 'rack/show_exceptions' Rack::Server.start( app: Rack::ShowExceptions.new(Rack::Lint.new(Rack::Lobster.new)), Port: 9292 ) end rack-2.1.4/lib/rack/lock.rb000066400000000000000000000013461367177163600154260ustar00rootroot00000000000000# frozen_string_literal: true require 'thread' require 'rack/body_proxy' module Rack # Rack::Lock locks every request inside a mutex, so that every request # will effectively be executed synchronously. class Lock def initialize(app, mutex = Mutex.new) @app, @mutex = app, mutex end def call(env) @mutex.lock @env = env @old_rack_multithread = env[RACK_MULTITHREAD] begin response = @app.call(env.merge!(RACK_MULTITHREAD => false)) returned = response << BodyProxy.new(response.pop) { unlock } ensure unlock unless returned end end private def unlock @mutex.unlock @env[RACK_MULTITHREAD] = @old_rack_multithread end end end rack-2.1.4/lib/rack/logger.rb000066400000000000000000000006001367177163600157450ustar00rootroot00000000000000# frozen_string_literal: true require 'logger' module Rack # Sets up rack.logger to write to rack.errors stream class Logger def initialize(app, level = ::Logger::INFO) @app, @level = app, level end def call(env) logger = ::Logger.new(env[RACK_ERRORS]) logger.level = @level env[RACK_LOGGER] = logger @app.call(env) end end end rack-2.1.4/lib/rack/media_type.rb000066400000000000000000000026301367177163600166130ustar00rootroot00000000000000# frozen_string_literal: true module Rack # Rack::MediaType parse media type and parameters out of content_type string class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} class << self # The media type (type/subtype) portion of the CONTENT_TYPE header # without any media type parameters. e.g., when CONTENT_TYPE is # "text/plain;charset=utf-8", the media-type is "text/plain". # # For more information on the use of media types in HTTP, see: # http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7 def type(content_type) return nil unless content_type content_type.split(SPLIT_PATTERN, 2).first.tap &:downcase! end # The media type parameters provided in CONTENT_TYPE as a Hash, or # an empty Hash if no CONTENT_TYPE or media-type parameters were # provided. e.g., when the CONTENT_TYPE is "text/plain;charset=utf-8", # this method responds with the following Hash: # { 'charset' => 'utf-8' } def params(content_type) return {} if content_type.nil? content_type.split(SPLIT_PATTERN)[1..-1].each_with_object({}) do |s, hsh| k, v = s.split('=', 2) hsh[k.tap(&:downcase!)] = strip_doublequotes(v) end end private def strip_doublequotes(str) (str.start_with?('"') && str.end_with?('"')) ? str[1..-2] : str end end end end rack-2.1.4/lib/rack/method_override.rb000066400000000000000000000024541367177163600176560ustar00rootroot00000000000000# frozen_string_literal: true module Rack class MethodOverride HTTP_METHODS = %w[GET HEAD PUT POST DELETE OPTIONS PATCH LINK UNLINK] METHOD_OVERRIDE_PARAM_KEY = "_method" HTTP_METHOD_OVERRIDE_HEADER = "HTTP_X_HTTP_METHOD_OVERRIDE" ALLOWED_METHODS = %w[POST] def initialize(app) @app = app end def call(env) if allowed_methods.include?(env[REQUEST_METHOD]) method = method_override(env) if HTTP_METHODS.include?(method) env[RACK_METHODOVERRIDE_ORIGINAL_METHOD] = env[REQUEST_METHOD] env[REQUEST_METHOD] = method end end @app.call(env) end def method_override(env) req = Request.new(env) method = method_override_param(req) || env[HTTP_METHOD_OVERRIDE_HEADER] begin method.to_s.upcase rescue ArgumentError env[RACK_ERRORS].puts "Invalid string for method" end end private def allowed_methods ALLOWED_METHODS end def method_override_param(req) req.POST[METHOD_OVERRIDE_PARAM_KEY] rescue Utils::InvalidParameterError, Utils::ParameterTypeError req.get_header(RACK_ERRORS).puts "Invalid or incomplete POST params" rescue EOFError req.get_header(RACK_ERRORS).puts "Bad request content body" end end end rack-2.1.4/lib/rack/mime.rb000066400000000000000000001006171367177163600154260ustar00rootroot00000000000000# frozen_string_literal: true module Rack module Mime # Returns String with mime type if found, otherwise use +fallback+. # +ext+ should be filename extension in the '.ext' format that # File.extname(file) returns. # +fallback+ may be any object # # Also see the documentation for MIME_TYPES # # Usage: # Rack::Mime.mime_type('.foo') # # This is a shortcut for: # Rack::Mime::MIME_TYPES.fetch('.foo', 'application/octet-stream') def mime_type(ext, fallback = 'application/octet-stream') MIME_TYPES.fetch(ext.to_s.downcase, fallback) end module_function :mime_type # Returns true if the given value is a mime match for the given mime match # specification, false otherwise. # # Rack::Mime.match?('text/html', 'text/*') => true # Rack::Mime.match?('text/plain', '*') => true # Rack::Mime.match?('text/html', 'application/json') => false def match?(value, matcher) v1, v2 = value.split('/', 2) m1, m2 = matcher.split('/', 2) (m1 == '*' || v1 == m1) && (m2.nil? || m2 == '*' || m2 == v2) end module_function :match? # List of most common mime-types, selected various sources # according to their usefulness in a webserving scope for Ruby # users. # # To amend this list with your local mime.types list you can use: # # require 'webrick/httputils' # list = WEBrick::HTTPUtils.load_mime_types('/etc/mime.types') # Rack::Mime::MIME_TYPES.merge!(list) # # N.B. On Ubuntu the mime.types file does not include the leading period, so # users may need to modify the data before merging into the hash. MIME_TYPES = { ".123" => "application/vnd.lotus-1-2-3", ".3dml" => "text/vnd.in3d.3dml", ".3g2" => "video/3gpp2", ".3gp" => "video/3gpp", ".a" => "application/octet-stream", ".acc" => "application/vnd.americandynamics.acc", ".ace" => "application/x-ace-compressed", ".acu" => "application/vnd.acucobol", ".aep" => "application/vnd.audiograph", ".afp" => "application/vnd.ibm.modcap", ".ai" => "application/postscript", ".aif" => "audio/x-aiff", ".aiff" => "audio/x-aiff", ".ami" => "application/vnd.amiga.ami", ".appcache" => "text/cache-manifest", ".apr" => "application/vnd.lotus-approach", ".asc" => "application/pgp-signature", ".asf" => "video/x-ms-asf", ".asm" => "text/x-asm", ".aso" => "application/vnd.accpac.simply.aso", ".asx" => "video/x-ms-asf", ".atc" => "application/vnd.acucorp", ".atom" => "application/atom+xml", ".atomcat" => "application/atomcat+xml", ".atomsvc" => "application/atomsvc+xml", ".atx" => "application/vnd.antix.game-component", ".au" => "audio/basic", ".avi" => "video/x-msvideo", ".bat" => "application/x-msdownload", ".bcpio" => "application/x-bcpio", ".bdm" => "application/vnd.syncml.dm+wbxml", ".bh2" => "application/vnd.fujitsu.oasysprs", ".bin" => "application/octet-stream", ".bmi" => "application/vnd.bmi", ".bmp" => "image/bmp", ".box" => "application/vnd.previewsystems.box", ".btif" => "image/prs.btif", ".bz" => "application/x-bzip", ".bz2" => "application/x-bzip2", ".c" => "text/x-c", ".c4g" => "application/vnd.clonk.c4group", ".cab" => "application/vnd.ms-cab-compressed", ".cc" => "text/x-c", ".ccxml" => "application/ccxml+xml", ".cdbcmsg" => "application/vnd.contact.cmsg", ".cdkey" => "application/vnd.mediastation.cdkey", ".cdx" => "chemical/x-cdx", ".cdxml" => "application/vnd.chemdraw+xml", ".cdy" => "application/vnd.cinderella", ".cer" => "application/pkix-cert", ".cgm" => "image/cgm", ".chat" => "application/x-chat", ".chm" => "application/vnd.ms-htmlhelp", ".chrt" => "application/vnd.kde.kchart", ".cif" => "chemical/x-cif", ".cii" => "application/vnd.anser-web-certificate-issue-initiation", ".cil" => "application/vnd.ms-artgalry", ".cla" => "application/vnd.claymore", ".class" => "application/octet-stream", ".clkk" => "application/vnd.crick.clicker.keyboard", ".clkp" => "application/vnd.crick.clicker.palette", ".clkt" => "application/vnd.crick.clicker.template", ".clkw" => "application/vnd.crick.clicker.wordbank", ".clkx" => "application/vnd.crick.clicker", ".clp" => "application/x-msclip", ".cmc" => "application/vnd.cosmocaller", ".cmdf" => "chemical/x-cmdf", ".cml" => "chemical/x-cml", ".cmp" => "application/vnd.yellowriver-custom-menu", ".cmx" => "image/x-cmx", ".com" => "application/x-msdownload", ".conf" => "text/plain", ".cpio" => "application/x-cpio", ".cpp" => "text/x-c", ".cpt" => "application/mac-compactpro", ".crd" => "application/x-mscardfile", ".crl" => "application/pkix-crl", ".crt" => "application/x-x509-ca-cert", ".csh" => "application/x-csh", ".csml" => "chemical/x-csml", ".csp" => "application/vnd.commonspace", ".css" => "text/css", ".csv" => "text/csv", ".curl" => "application/vnd.curl", ".cww" => "application/prs.cww", ".cxx" => "text/x-c", ".daf" => "application/vnd.mobius.daf", ".davmount" => "application/davmount+xml", ".dcr" => "application/x-director", ".dd2" => "application/vnd.oma.dd2+xml", ".ddd" => "application/vnd.fujixerox.ddd", ".deb" => "application/x-debian-package", ".der" => "application/x-x509-ca-cert", ".dfac" => "application/vnd.dreamfactory", ".diff" => "text/x-diff", ".dis" => "application/vnd.mobius.dis", ".djv" => "image/vnd.djvu", ".djvu" => "image/vnd.djvu", ".dll" => "application/x-msdownload", ".dmg" => "application/octet-stream", ".dna" => "application/vnd.dna", ".doc" => "application/msword", ".docm" => "application/vnd.ms-word.document.macroEnabled.12", ".docx" => "application/vnd.openxmlformats-officedocument.wordprocessingml.document", ".dot" => "application/msword", ".dotm" => "application/vnd.ms-word.template.macroEnabled.12", ".dotx" => "application/vnd.openxmlformats-officedocument.wordprocessingml.template", ".dp" => "application/vnd.osgi.dp", ".dpg" => "application/vnd.dpgraph", ".dsc" => "text/prs.lines.tag", ".dtd" => "application/xml-dtd", ".dts" => "audio/vnd.dts", ".dtshd" => "audio/vnd.dts.hd", ".dv" => "video/x-dv", ".dvi" => "application/x-dvi", ".dwf" => "model/vnd.dwf", ".dwg" => "image/vnd.dwg", ".dxf" => "image/vnd.dxf", ".dxp" => "application/vnd.spotfire.dxp", ".ear" => "application/java-archive", ".ecelp4800" => "audio/vnd.nuera.ecelp4800", ".ecelp7470" => "audio/vnd.nuera.ecelp7470", ".ecelp9600" => "audio/vnd.nuera.ecelp9600", ".ecma" => "application/ecmascript", ".edm" => "application/vnd.novadigm.edm", ".edx" => "application/vnd.novadigm.edx", ".efif" => "application/vnd.picsel", ".ei6" => "application/vnd.pg.osasli", ".eml" => "message/rfc822", ".eol" => "audio/vnd.digital-winds", ".eot" => "application/vnd.ms-fontobject", ".eps" => "application/postscript", ".es3" => "application/vnd.eszigno3+xml", ".esf" => "application/vnd.epson.esf", ".etx" => "text/x-setext", ".exe" => "application/x-msdownload", ".ext" => "application/vnd.novadigm.ext", ".ez" => "application/andrew-inset", ".ez2" => "application/vnd.ezpix-album", ".ez3" => "application/vnd.ezpix-package", ".f" => "text/x-fortran", ".f77" => "text/x-fortran", ".f90" => "text/x-fortran", ".fbs" => "image/vnd.fastbidsheet", ".fdf" => "application/vnd.fdf", ".fe_launch" => "application/vnd.denovo.fcselayout-link", ".fg5" => "application/vnd.fujitsu.oasysgp", ".fli" => "video/x-fli", ".flo" => "application/vnd.micrografx.flo", ".flv" => "video/x-flv", ".flw" => "application/vnd.kde.kivio", ".flx" => "text/vnd.fmi.flexstor", ".fly" => "text/vnd.fly", ".fm" => "application/vnd.framemaker", ".fnc" => "application/vnd.frogans.fnc", ".for" => "text/x-fortran", ".fpx" => "image/vnd.fpx", ".fsc" => "application/vnd.fsc.weblaunch", ".fst" => "image/vnd.fst", ".ftc" => "application/vnd.fluxtime.clip", ".fti" => "application/vnd.anser-web-funds-transfer-initiation", ".fvt" => "video/vnd.fvt", ".fzs" => "application/vnd.fuzzysheet", ".g3" => "image/g3fax", ".gac" => "application/vnd.groove-account", ".gdl" => "model/vnd.gdl", ".gem" => "application/octet-stream", ".gemspec" => "text/x-script.ruby", ".ghf" => "application/vnd.groove-help", ".gif" => "image/gif", ".gim" => "application/vnd.groove-identity-message", ".gmx" => "application/vnd.gmx", ".gph" => "application/vnd.flographit", ".gqf" => "application/vnd.grafeq", ".gram" => "application/srgs", ".grv" => "application/vnd.groove-injector", ".grxml" => "application/srgs+xml", ".gtar" => "application/x-gtar", ".gtm" => "application/vnd.groove-tool-message", ".gtw" => "model/vnd.gtw", ".gv" => "text/vnd.graphviz", ".gz" => "application/x-gzip", ".h" => "text/x-c", ".h261" => "video/h261", ".h263" => "video/h263", ".h264" => "video/h264", ".hbci" => "application/vnd.hbci", ".hdf" => "application/x-hdf", ".hh" => "text/x-c", ".hlp" => "application/winhlp", ".hpgl" => "application/vnd.hp-hpgl", ".hpid" => "application/vnd.hp-hpid", ".hps" => "application/vnd.hp-hps", ".hqx" => "application/mac-binhex40", ".htc" => "text/x-component", ".htke" => "application/vnd.kenameaapp", ".htm" => "text/html", ".html" => "text/html", ".hvd" => "application/vnd.yamaha.hv-dic", ".hvp" => "application/vnd.yamaha.hv-voice", ".hvs" => "application/vnd.yamaha.hv-script", ".icc" => "application/vnd.iccprofile", ".ice" => "x-conference/x-cooltalk", ".ico" => "image/vnd.microsoft.icon", ".ics" => "text/calendar", ".ief" => "image/ief", ".ifb" => "text/calendar", ".ifm" => "application/vnd.shana.informed.formdata", ".igl" => "application/vnd.igloader", ".igs" => "model/iges", ".igx" => "application/vnd.micrografx.igx", ".iif" => "application/vnd.shana.informed.interchange", ".imp" => "application/vnd.accpac.simply.imp", ".ims" => "application/vnd.ms-ims", ".ipk" => "application/vnd.shana.informed.package", ".irm" => "application/vnd.ibm.rights-management", ".irp" => "application/vnd.irepository.package+xml", ".iso" => "application/octet-stream", ".itp" => "application/vnd.shana.informed.formtemplate", ".ivp" => "application/vnd.immervision-ivp", ".ivu" => "application/vnd.immervision-ivu", ".jad" => "text/vnd.sun.j2me.app-descriptor", ".jam" => "application/vnd.jam", ".jar" => "application/java-archive", ".java" => "text/x-java-source", ".jisp" => "application/vnd.jisp", ".jlt" => "application/vnd.hp-jlyt", ".jnlp" => "application/x-java-jnlp-file", ".joda" => "application/vnd.joost.joda-archive", ".jp2" => "image/jp2", ".jpeg" => "image/jpeg", ".jpg" => "image/jpeg", ".jpgv" => "video/jpeg", ".jpm" => "video/jpm", ".js" => "application/javascript", ".json" => "application/json", ".karbon" => "application/vnd.kde.karbon", ".kfo" => "application/vnd.kde.kformula", ".kia" => "application/vnd.kidspiration", ".kml" => "application/vnd.google-earth.kml+xml", ".kmz" => "application/vnd.google-earth.kmz", ".kne" => "application/vnd.kinar", ".kon" => "application/vnd.kde.kontour", ".kpr" => "application/vnd.kde.kpresenter", ".ksp" => "application/vnd.kde.kspread", ".ktz" => "application/vnd.kahootz", ".kwd" => "application/vnd.kde.kword", ".latex" => "application/x-latex", ".lbd" => "application/vnd.llamagraphics.life-balance.desktop", ".lbe" => "application/vnd.llamagraphics.life-balance.exchange+xml", ".les" => "application/vnd.hhe.lesson-player", ".link66" => "application/vnd.route66.link66+xml", ".log" => "text/plain", ".lostxml" => "application/lost+xml", ".lrm" => "application/vnd.ms-lrm", ".ltf" => "application/vnd.frogans.ltf", ".lvp" => "audio/vnd.lucent.voice", ".lwp" => "application/vnd.lotus-wordpro", ".m3u" => "audio/x-mpegurl", ".m3u8" => "application/x-mpegurl", ".m4a" => "audio/mp4a-latm", ".m4v" => "video/mp4", ".ma" => "application/mathematica", ".mag" => "application/vnd.ecowin.chart", ".man" => "text/troff", ".manifest" => "text/cache-manifest", ".mathml" => "application/mathml+xml", ".mbk" => "application/vnd.mobius.mbk", ".mbox" => "application/mbox", ".mc1" => "application/vnd.medcalcdata", ".mcd" => "application/vnd.mcd", ".mdb" => "application/x-msaccess", ".mdi" => "image/vnd.ms-modi", ".mdoc" => "text/troff", ".me" => "text/troff", ".mfm" => "application/vnd.mfmp", ".mgz" => "application/vnd.proteus.magazine", ".mid" => "audio/midi", ".midi" => "audio/midi", ".mif" => "application/vnd.mif", ".mime" => "message/rfc822", ".mj2" => "video/mj2", ".mlp" => "application/vnd.dolby.mlp", ".mmd" => "application/vnd.chipnuts.karaoke-mmd", ".mmf" => "application/vnd.smaf", ".mml" => "application/mathml+xml", ".mmr" => "image/vnd.fujixerox.edmics-mmr", ".mng" => "video/x-mng", ".mny" => "application/x-msmoney", ".mov" => "video/quicktime", ".movie" => "video/x-sgi-movie", ".mp3" => "audio/mpeg", ".mp4" => "video/mp4", ".mp4a" => "audio/mp4", ".mp4s" => "application/mp4", ".mp4v" => "video/mp4", ".mpc" => "application/vnd.mophun.certificate", ".mpd" => "application/dash+xml", ".mpeg" => "video/mpeg", ".mpg" => "video/mpeg", ".mpga" => "audio/mpeg", ".mpkg" => "application/vnd.apple.installer+xml", ".mpm" => "application/vnd.blueice.multipass", ".mpn" => "application/vnd.mophun.application", ".mpp" => "application/vnd.ms-project", ".mpy" => "application/vnd.ibm.minipay", ".mqy" => "application/vnd.mobius.mqy", ".mrc" => "application/marc", ".ms" => "text/troff", ".mscml" => "application/mediaservercontrol+xml", ".mseq" => "application/vnd.mseq", ".msf" => "application/vnd.epson.msf", ".msh" => "model/mesh", ".msi" => "application/x-msdownload", ".msl" => "application/vnd.mobius.msl", ".msty" => "application/vnd.muvee.style", ".mts" => "model/vnd.mts", ".mus" => "application/vnd.musician", ".mvb" => "application/x-msmediaview", ".mwf" => "application/vnd.mfer", ".mxf" => "application/mxf", ".mxl" => "application/vnd.recordare.musicxml", ".mxml" => "application/xv+xml", ".mxs" => "application/vnd.triscape.mxs", ".mxu" => "video/vnd.mpegurl", ".n" => "application/vnd.nokia.n-gage.symbian.install", ".nc" => "application/x-netcdf", ".ngdat" => "application/vnd.nokia.n-gage.data", ".nlu" => "application/vnd.neurolanguage.nlu", ".nml" => "application/vnd.enliven", ".nnd" => "application/vnd.noblenet-directory", ".nns" => "application/vnd.noblenet-sealer", ".nnw" => "application/vnd.noblenet-web", ".npx" => "image/vnd.net-fpx", ".nsf" => "application/vnd.lotus-notes", ".oa2" => "application/vnd.fujitsu.oasys2", ".oa3" => "application/vnd.fujitsu.oasys3", ".oas" => "application/vnd.fujitsu.oasys", ".obd" => "application/x-msbinder", ".oda" => "application/oda", ".odc" => "application/vnd.oasis.opendocument.chart", ".odf" => "application/vnd.oasis.opendocument.formula", ".odg" => "application/vnd.oasis.opendocument.graphics", ".odi" => "application/vnd.oasis.opendocument.image", ".odp" => "application/vnd.oasis.opendocument.presentation", ".ods" => "application/vnd.oasis.opendocument.spreadsheet", ".odt" => "application/vnd.oasis.opendocument.text", ".oga" => "audio/ogg", ".ogg" => "application/ogg", ".ogv" => "video/ogg", ".ogx" => "application/ogg", ".org" => "application/vnd.lotus-organizer", ".otc" => "application/vnd.oasis.opendocument.chart-template", ".otf" => "application/vnd.oasis.opendocument.formula-template", ".otg" => "application/vnd.oasis.opendocument.graphics-template", ".oth" => "application/vnd.oasis.opendocument.text-web", ".oti" => "application/vnd.oasis.opendocument.image-template", ".otm" => "application/vnd.oasis.opendocument.text-master", ".ots" => "application/vnd.oasis.opendocument.spreadsheet-template", ".ott" => "application/vnd.oasis.opendocument.text-template", ".oxt" => "application/vnd.openofficeorg.extension", ".p" => "text/x-pascal", ".p10" => "application/pkcs10", ".p12" => "application/x-pkcs12", ".p7b" => "application/x-pkcs7-certificates", ".p7m" => "application/pkcs7-mime", ".p7r" => "application/x-pkcs7-certreqresp", ".p7s" => "application/pkcs7-signature", ".pas" => "text/x-pascal", ".pbd" => "application/vnd.powerbuilder6", ".pbm" => "image/x-portable-bitmap", ".pcl" => "application/vnd.hp-pcl", ".pclxl" => "application/vnd.hp-pclxl", ".pcx" => "image/x-pcx", ".pdb" => "chemical/x-pdb", ".pdf" => "application/pdf", ".pem" => "application/x-x509-ca-cert", ".pfr" => "application/font-tdpfr", ".pgm" => "image/x-portable-graymap", ".pgn" => "application/x-chess-pgn", ".pgp" => "application/pgp-encrypted", ".pic" => "image/x-pict", ".pict" => "image/pict", ".pkg" => "application/octet-stream", ".pki" => "application/pkixcmp", ".pkipath" => "application/pkix-pkipath", ".pl" => "text/x-script.perl", ".plb" => "application/vnd.3gpp.pic-bw-large", ".plc" => "application/vnd.mobius.plc", ".plf" => "application/vnd.pocketlearn", ".pls" => "application/pls+xml", ".pm" => "text/x-script.perl-module", ".pml" => "application/vnd.ctc-posml", ".png" => "image/png", ".pnm" => "image/x-portable-anymap", ".pntg" => "image/x-macpaint", ".portpkg" => "application/vnd.macports.portpkg", ".pot" => "application/vnd.ms-powerpoint", ".potm" => "application/vnd.ms-powerpoint.template.macroEnabled.12", ".potx" => "application/vnd.openxmlformats-officedocument.presentationml.template", ".ppa" => "application/vnd.ms-powerpoint", ".ppam" => "application/vnd.ms-powerpoint.addin.macroEnabled.12", ".ppd" => "application/vnd.cups-ppd", ".ppm" => "image/x-portable-pixmap", ".pps" => "application/vnd.ms-powerpoint", ".ppsm" => "application/vnd.ms-powerpoint.slideshow.macroEnabled.12", ".ppsx" => "application/vnd.openxmlformats-officedocument.presentationml.slideshow", ".ppt" => "application/vnd.ms-powerpoint", ".pptm" => "application/vnd.ms-powerpoint.presentation.macroEnabled.12", ".pptx" => "application/vnd.openxmlformats-officedocument.presentationml.presentation", ".prc" => "application/vnd.palm", ".pre" => "application/vnd.lotus-freelance", ".prf" => "application/pics-rules", ".ps" => "application/postscript", ".psb" => "application/vnd.3gpp.pic-bw-small", ".psd" => "image/vnd.adobe.photoshop", ".ptid" => "application/vnd.pvi.ptid1", ".pub" => "application/x-mspublisher", ".pvb" => "application/vnd.3gpp.pic-bw-var", ".pwn" => "application/vnd.3m.post-it-notes", ".py" => "text/x-script.python", ".pya" => "audio/vnd.ms-playready.media.pya", ".pyv" => "video/vnd.ms-playready.media.pyv", ".qam" => "application/vnd.epson.quickanime", ".qbo" => "application/vnd.intu.qbo", ".qfx" => "application/vnd.intu.qfx", ".qps" => "application/vnd.publishare-delta-tree", ".qt" => "video/quicktime", ".qtif" => "image/x-quicktime", ".qxd" => "application/vnd.quark.quarkxpress", ".ra" => "audio/x-pn-realaudio", ".rake" => "text/x-script.ruby", ".ram" => "audio/x-pn-realaudio", ".rar" => "application/x-rar-compressed", ".ras" => "image/x-cmu-raster", ".rb" => "text/x-script.ruby", ".rcprofile" => "application/vnd.ipunplugged.rcprofile", ".rdf" => "application/rdf+xml", ".rdz" => "application/vnd.data-vision.rdz", ".rep" => "application/vnd.businessobjects", ".rgb" => "image/x-rgb", ".rif" => "application/reginfo+xml", ".rl" => "application/resource-lists+xml", ".rlc" => "image/vnd.fujixerox.edmics-rlc", ".rld" => "application/resource-lists-diff+xml", ".rm" => "application/vnd.rn-realmedia", ".rmp" => "audio/x-pn-realaudio-plugin", ".rms" => "application/vnd.jcp.javame.midlet-rms", ".rnc" => "application/relax-ng-compact-syntax", ".roff" => "text/troff", ".rpm" => "application/x-redhat-package-manager", ".rpss" => "application/vnd.nokia.radio-presets", ".rpst" => "application/vnd.nokia.radio-preset", ".rq" => "application/sparql-query", ".rs" => "application/rls-services+xml", ".rsd" => "application/rsd+xml", ".rss" => "application/rss+xml", ".rtf" => "application/rtf", ".rtx" => "text/richtext", ".ru" => "text/x-script.ruby", ".s" => "text/x-asm", ".saf" => "application/vnd.yamaha.smaf-audio", ".sbml" => "application/sbml+xml", ".sc" => "application/vnd.ibm.secure-container", ".scd" => "application/x-msschedule", ".scm" => "application/vnd.lotus-screencam", ".scq" => "application/scvp-cv-request", ".scs" => "application/scvp-cv-response", ".sdkm" => "application/vnd.solent.sdkm+xml", ".sdp" => "application/sdp", ".see" => "application/vnd.seemail", ".sema" => "application/vnd.sema", ".semd" => "application/vnd.semd", ".semf" => "application/vnd.semf", ".setpay" => "application/set-payment-initiation", ".setreg" => "application/set-registration-initiation", ".sfd" => "application/vnd.hydrostatix.sof-data", ".sfs" => "application/vnd.spotfire.sfs", ".sgm" => "text/sgml", ".sgml" => "text/sgml", ".sh" => "application/x-sh", ".shar" => "application/x-shar", ".shf" => "application/shf+xml", ".sig" => "application/pgp-signature", ".sit" => "application/x-stuffit", ".sitx" => "application/x-stuffitx", ".skp" => "application/vnd.koan", ".slt" => "application/vnd.epson.salt", ".smi" => "application/smil+xml", ".snd" => "audio/basic", ".so" => "application/octet-stream", ".spf" => "application/vnd.yamaha.smaf-phrase", ".spl" => "application/x-futuresplash", ".spot" => "text/vnd.in3d.spot", ".spp" => "application/scvp-vp-response", ".spq" => "application/scvp-vp-request", ".src" => "application/x-wais-source", ".srt" => "text/srt", ".srx" => "application/sparql-results+xml", ".sse" => "application/vnd.kodak-descriptor", ".ssf" => "application/vnd.epson.ssf", ".ssml" => "application/ssml+xml", ".stf" => "application/vnd.wt.stf", ".stk" => "application/hyperstudio", ".str" => "application/vnd.pg.format", ".sus" => "application/vnd.sus-calendar", ".sv4cpio" => "application/x-sv4cpio", ".sv4crc" => "application/x-sv4crc", ".svd" => "application/vnd.svd", ".svg" => "image/svg+xml", ".svgz" => "image/svg+xml", ".swf" => "application/x-shockwave-flash", ".swi" => "application/vnd.arastra.swi", ".t" => "text/troff", ".tao" => "application/vnd.tao.intent-module-archive", ".tar" => "application/x-tar", ".tbz" => "application/x-bzip-compressed-tar", ".tcap" => "application/vnd.3gpp2.tcap", ".tcl" => "application/x-tcl", ".tex" => "application/x-tex", ".texi" => "application/x-texinfo", ".texinfo" => "application/x-texinfo", ".text" => "text/plain", ".tif" => "image/tiff", ".tiff" => "image/tiff", ".tmo" => "application/vnd.tmobile-livetv", ".torrent" => "application/x-bittorrent", ".tpl" => "application/vnd.groove-tool-template", ".tpt" => "application/vnd.trid.tpt", ".tr" => "text/troff", ".tra" => "application/vnd.trueapp", ".trm" => "application/x-msterminal", ".ts" => "video/mp2t", ".tsv" => "text/tab-separated-values", ".ttf" => "application/octet-stream", ".twd" => "application/vnd.simtech-mindmapper", ".txd" => "application/vnd.genomatix.tuxedo", ".txf" => "application/vnd.mobius.txf", ".txt" => "text/plain", ".ufd" => "application/vnd.ufdl", ".umj" => "application/vnd.umajin", ".unityweb" => "application/vnd.unity", ".uoml" => "application/vnd.uoml+xml", ".uri" => "text/uri-list", ".ustar" => "application/x-ustar", ".utz" => "application/vnd.uiq.theme", ".uu" => "text/x-uuencode", ".vcd" => "application/x-cdlink", ".vcf" => "text/x-vcard", ".vcg" => "application/vnd.groove-vcard", ".vcs" => "text/x-vcalendar", ".vcx" => "application/vnd.vcx", ".vis" => "application/vnd.visionary", ".viv" => "video/vnd.vivo", ".vrml" => "model/vrml", ".vsd" => "application/vnd.visio", ".vsf" => "application/vnd.vsf", ".vtt" => "text/vtt", ".vtu" => "model/vnd.vtu", ".vxml" => "application/voicexml+xml", ".war" => "application/java-archive", ".wasm" => "application/wasm", ".wav" => "audio/x-wav", ".wax" => "audio/x-ms-wax", ".wbmp" => "image/vnd.wap.wbmp", ".wbs" => "application/vnd.criticaltools.wbs+xml", ".wbxml" => "application/vnd.wap.wbxml", ".webm" => "video/webm", ".wm" => "video/x-ms-wm", ".wma" => "audio/x-ms-wma", ".wmd" => "application/x-ms-wmd", ".wmf" => "application/x-msmetafile", ".wml" => "text/vnd.wap.wml", ".wmlc" => "application/vnd.wap.wmlc", ".wmls" => "text/vnd.wap.wmlscript", ".wmlsc" => "application/vnd.wap.wmlscriptc", ".wmv" => "video/x-ms-wmv", ".wmx" => "video/x-ms-wmx", ".wmz" => "application/x-ms-wmz", ".woff" => "application/font-woff", ".woff2" => "application/font-woff2", ".wpd" => "application/vnd.wordperfect", ".wpl" => "application/vnd.ms-wpl", ".wps" => "application/vnd.ms-works", ".wqd" => "application/vnd.wqd", ".wri" => "application/x-mswrite", ".wrl" => "model/vrml", ".wsdl" => "application/wsdl+xml", ".wspolicy" => "application/wspolicy+xml", ".wtb" => "application/vnd.webturbo", ".wvx" => "video/x-ms-wvx", ".x3d" => "application/vnd.hzn-3d-crossword", ".xar" => "application/vnd.xara", ".xbd" => "application/vnd.fujixerox.docuworks.binder", ".xbm" => "image/x-xbitmap", ".xdm" => "application/vnd.syncml.dm+xml", ".xdp" => "application/vnd.adobe.xdp+xml", ".xdw" => "application/vnd.fujixerox.docuworks", ".xenc" => "application/xenc+xml", ".xer" => "application/patch-ops-error+xml", ".xfdf" => "application/vnd.adobe.xfdf", ".xfdl" => "application/vnd.xfdl", ".xhtml" => "application/xhtml+xml", ".xif" => "image/vnd.xiff", ".xla" => "application/vnd.ms-excel", ".xlam" => "application/vnd.ms-excel.addin.macroEnabled.12", ".xls" => "application/vnd.ms-excel", ".xlsb" => "application/vnd.ms-excel.sheet.binary.macroEnabled.12", ".xlsx" => "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", ".xlsm" => "application/vnd.ms-excel.sheet.macroEnabled.12", ".xlt" => "application/vnd.ms-excel", ".xltx" => "application/vnd.openxmlformats-officedocument.spreadsheetml.template", ".xml" => "application/xml", ".xo" => "application/vnd.olpc-sugar", ".xop" => "application/xop+xml", ".xpm" => "image/x-xpixmap", ".xpr" => "application/vnd.is-xpr", ".xps" => "application/vnd.ms-xpsdocument", ".xpw" => "application/vnd.intercon.formnet", ".xsl" => "application/xml", ".xslt" => "application/xslt+xml", ".xsm" => "application/vnd.syncml+xml", ".xspf" => "application/xspf+xml", ".xul" => "application/vnd.mozilla.xul+xml", ".xwd" => "image/x-xwindowdump", ".xyz" => "chemical/x-xyz", ".yaml" => "text/yaml", ".yml" => "text/yaml", ".zaz" => "application/vnd.zzazz.deck+xml", ".zip" => "application/zip", ".zmm" => "application/vnd.handheld-entertainment+xml", } end end rack-2.1.4/lib/rack/mock.rb000066400000000000000000000165251367177163600154340ustar00rootroot00000000000000# frozen_string_literal: true require 'uri' require 'stringio' require 'rack' require 'rack/lint' require 'rack/utils' require 'rack/response' require 'cgi/cookie' module Rack # Rack::MockRequest helps testing your Rack application without # actually using HTTP. # # After performing a request on a URL with get/post/put/patch/delete, it # returns a MockResponse with useful helper methods for effective # testing. # # You can pass a hash with additional configuration to the # get/post/put/patch/delete. # :input:: A String or IO-like to be used as rack.input. # :fatal:: Raise a FatalWarning if the app writes to rack.errors. # :lint:: If true, wrap the application in a Rack::Lint. class MockRequest class FatalWarning < RuntimeError end class FatalWarner def puts(warning) raise FatalWarning, warning end def write(warning) raise FatalWarning, warning end def flush end def string "" end end DEFAULT_ENV = { RACK_VERSION => Rack::VERSION, RACK_INPUT => StringIO.new, RACK_ERRORS => StringIO.new, RACK_MULTITHREAD => true, RACK_MULTIPROCESS => true, RACK_RUNONCE => false, }.freeze def initialize(app) @app = app end def get(uri, opts = {}) request(GET, uri, opts) end def post(uri, opts = {}) request(POST, uri, opts) end def put(uri, opts = {}) request(PUT, uri, opts) end def patch(uri, opts = {}) request(PATCH, uri, opts) end def delete(uri, opts = {}) request(DELETE, uri, opts) end def head(uri, opts = {}) request(HEAD, uri, opts) end def options(uri, opts = {}) request(OPTIONS, uri, opts) end def request(method = GET, uri = "", opts = {}) env = self.class.env_for(uri, opts.merge(method: method)) if opts[:lint] app = Rack::Lint.new(@app) else app = @app end errors = env[RACK_ERRORS] status, headers, body = app.call(env) MockResponse.new(status, headers, body, errors) ensure body.close if body.respond_to?(:close) end # For historical reasons, we're pinning to RFC 2396. # URI::Parser = URI::RFC2396_Parser def self.parse_uri_rfc2396(uri) @parser ||= URI::Parser.new @parser.parse(uri) end # Return the Rack environment used for a request to +uri+. def self.env_for(uri = "", opts = {}) uri = parse_uri_rfc2396(uri) uri.path = "/#{uri.path}" unless uri.path[0] == ?/ env = DEFAULT_ENV.dup env[REQUEST_METHOD] = (opts[:method] ? opts[:method].to_s.upcase : GET).b env[SERVER_NAME] = (uri.host || "example.org").b env[SERVER_PORT] = (uri.port ? uri.port.to_s : "80").b env[QUERY_STRING] = (uri.query.to_s).b env[PATH_INFO] = ((!uri.path || uri.path.empty?) ? "/" : uri.path).b env[RACK_URL_SCHEME] = (uri.scheme || "http").b env[HTTPS] = (env[RACK_URL_SCHEME] == "https" ? "on" : "off").b env[SCRIPT_NAME] = opts[:script_name] || "" if opts[:fatal] env[RACK_ERRORS] = FatalWarner.new else env[RACK_ERRORS] = StringIO.new end if params = opts[:params] if env[REQUEST_METHOD] == GET params = Utils.parse_nested_query(params) if params.is_a?(String) params.update(Utils.parse_nested_query(env[QUERY_STRING])) env[QUERY_STRING] = Utils.build_nested_query(params) elsif !opts.has_key?(:input) opts["CONTENT_TYPE"] = "application/x-www-form-urlencoded" if params.is_a?(Hash) if data = Rack::Multipart.build_multipart(params) opts[:input] = data opts["CONTENT_LENGTH"] ||= data.length.to_s opts["CONTENT_TYPE"] = "multipart/form-data; boundary=#{Rack::Multipart::MULTIPART_BOUNDARY}" else opts[:input] = Utils.build_nested_query(params) end else opts[:input] = params end end end empty_str = String.new opts[:input] ||= empty_str if String === opts[:input] rack_input = StringIO.new(opts[:input]) else rack_input = opts[:input] end rack_input.set_encoding(Encoding::BINARY) env[RACK_INPUT] = rack_input env["CONTENT_LENGTH"] ||= env[RACK_INPUT].size.to_s if env[RACK_INPUT].respond_to?(:size) opts.each { |field, value| env[field] = value if String === field } env end end # Rack::MockResponse provides useful helpers for testing your apps. # Usually, you don't create the MockResponse on your own, but use # MockRequest. class MockResponse < Rack::Response # Headers attr_reader :original_headers, :cookies # Errors attr_accessor :errors def initialize(status, headers, body, errors = StringIO.new("")) @original_headers = headers @errors = errors.string if errors.respond_to?(:string) @cookies = parse_cookies_from_header super(body, status, headers) buffered_body! end def =~(other) body =~ other end def match(other) body.match other end def body # FIXME: apparently users of MockResponse expect the return value of # MockResponse#body to be a string. However, the real response object # returns the body as a list. # # See spec_showstatus.rb: # # should "not replace existing messages" do # ... # res.body.should == "foo!" # end buffer = String.new super.each do |chunk| buffer << chunk end return buffer end def empty? [201, 204, 304].include? status end def cookie(name) cookies.fetch(name, nil) end private def parse_cookies_from_header cookies = Hash.new if original_headers.has_key? 'Set-Cookie' set_cookie_header = original_headers.fetch('Set-Cookie') set_cookie_header.split("\n").each do |cookie| cookie_name, cookie_filling = cookie.split('=', 2) cookie_attributes = identify_cookie_attributes cookie_filling parsed_cookie = CGI::Cookie.new( 'name' => cookie_name.strip, 'value' => cookie_attributes.fetch('value'), 'path' => cookie_attributes.fetch('path', nil), 'domain' => cookie_attributes.fetch('domain', nil), 'expires' => cookie_attributes.fetch('expires', nil), 'secure' => cookie_attributes.fetch('secure', false) ) cookies.store(cookie_name, parsed_cookie) end end cookies end def identify_cookie_attributes(cookie_filling) cookie_bits = cookie_filling.split(';') cookie_attributes = Hash.new cookie_attributes.store('value', cookie_bits[0].strip) cookie_bits.each do |bit| if bit.include? '=' cookie_attribute, attribute_value = bit.split('=') cookie_attributes.store(cookie_attribute.strip, attribute_value.strip) if cookie_attribute.include? 'max-age' cookie_attributes.store('expires', Time.now + attribute_value.strip.to_i) end end if bit.include? 'secure' cookie_attributes.store('secure', true) end end cookie_attributes end end end rack-2.1.4/lib/rack/multipart.rb000066400000000000000000000052311367177163600165140ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/multipart/parser' module Rack # A multipart form data parser, adapted from IOWA. # # Usually, Rack::Request#POST takes care of calling this. module Multipart autoload :UploadedFile, 'rack/multipart/uploaded_file' autoload :Generator, 'rack/multipart/generator' EOL = "\r\n" MULTIPART_BOUNDARY = "AaB03x" MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|ni TOKEN = /[^\s()<>,;:\\"\/\[\]?=]+/ CONDISP = /Content-Disposition:\s*#{TOKEN}\s*/i VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/ BROKEN_QUOTED = /^#{CONDISP}.*;\s*filename="(.*?)"(?:\s*$|\s*;\s*#{TOKEN}=)/i BROKEN_UNQUOTED = /^#{CONDISP}.*;\s*filename=(#{TOKEN})/i MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*;\s*name=(#{VALUE})/ni MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni # Updated definitions from RFC 2231 ATTRIBUTE_CHAR = %r{[^ \t\v\n\r)(><@,;:\\"/\[\]?='*%]} ATTRIBUTE = /#{ATTRIBUTE_CHAR}+/ SECTION = /\*[0-9]+/ REGULAR_PARAMETER_NAME = /#{ATTRIBUTE}#{SECTION}?/ REGULAR_PARAMETER = /(#{REGULAR_PARAMETER_NAME})=(#{VALUE})/ EXTENDED_OTHER_NAME = /#{ATTRIBUTE}\*[1-9][0-9]*\*/ EXTENDED_OTHER_VALUE = /%[0-9a-fA-F]{2}|#{ATTRIBUTE_CHAR}/ EXTENDED_OTHER_PARAMETER = /(#{EXTENDED_OTHER_NAME})=(#{EXTENDED_OTHER_VALUE}*)/ EXTENDED_INITIAL_NAME = /#{ATTRIBUTE}(?:\*0)?\*/ EXTENDED_INITIAL_VALUE = /[a-zA-Z0-9\-]*'[a-zA-Z0-9\-]*'#{EXTENDED_OTHER_VALUE}*/ EXTENDED_INITIAL_PARAMETER = /(#{EXTENDED_INITIAL_NAME})=(#{EXTENDED_INITIAL_VALUE})/ EXTENDED_PARAMETER = /#{EXTENDED_INITIAL_PARAMETER}|#{EXTENDED_OTHER_PARAMETER}/ DISPPARM = /;\s*(?:#{REGULAR_PARAMETER}|#{EXTENDED_PARAMETER})\s*/ RFC2183 = /^#{CONDISP}(#{DISPPARM})+$/i class << self def parse_multipart(env, params = Rack::Utils.default_query_parser) extract_multipart Rack::Request.new(env), params end def extract_multipart(req, params = Rack::Utils.default_query_parser) io = req.get_header(RACK_INPUT) io.rewind content_length = req.content_length content_length = content_length.to_i if content_length tempfile = req.get_header(RACK_MULTIPART_TEMPFILE_FACTORY) || Parser::TEMPFILE_FACTORY bufsize = req.get_header(RACK_MULTIPART_BUFFER_SIZE) || Parser::BUFSIZE info = Parser.parse io, content_length, req.get_header('CONTENT_TYPE'), tempfile, bufsize, params req.set_header(RACK_TEMPFILES, info.tmp_files) info.params end def build_multipart(params, first = true) Generator.new(params, first).dump end end end end rack-2.1.4/lib/rack/multipart/000077500000000000000000000000001367177163600161665ustar00rootroot00000000000000rack-2.1.4/lib/rack/multipart/generator.rb000066400000000000000000000043201367177163600205000ustar00rootroot00000000000000# frozen_string_literal: true module Rack module Multipart class Generator def initialize(params, first = true) @params, @first = params, first if @first && !@params.is_a?(Hash) raise ArgumentError, "value must be a Hash" end end def dump return nil if @first && !multipart? return flattened_params unless @first flattened_params.map do |name, file| if file.respond_to?(:original_filename) ::File.open(file.path, 'rb') do |f| f.set_encoding(Encoding::BINARY) content_for_tempfile(f, file, name) end else content_for_other(file, name) end end.join << "--#{MULTIPART_BOUNDARY}--\r" end private def multipart? query = lambda { |value| case value when Array value.any?(&query) when Hash value.values.any?(&query) when Rack::Multipart::UploadedFile true end } @params.values.any?(&query) end def flattened_params @flattened_params ||= begin h = Hash.new @params.each do |key, value| k = @first ? key.to_s : "[#{key}]" case value when Array value.map { |v| Multipart.build_multipart(v, false).each { |subkey, subvalue| h["#{k}[]#{subkey}"] = subvalue } } when Hash Multipart.build_multipart(value, false).each { |subkey, subvalue| h[k + subkey] = subvalue } else h[k] = value end end h end end def content_for_tempfile(io, file, name) <<-EOF --#{MULTIPART_BOUNDARY}\r Content-Disposition: form-data; name="#{name}"; filename="#{Utils.escape(file.original_filename)}"\r Content-Type: #{file.content_type}\r Content-Length: #{::File.stat(file.path).size}\r \r #{io.read}\r EOF end def content_for_other(file, name) <<-EOF --#{MULTIPART_BOUNDARY}\r Content-Disposition: form-data; name="#{name}"\r \r #{file}\r EOF end end end end rack-2.1.4/lib/rack/multipart/parser.rb000066400000000000000000000244141367177163600200140ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/utils' require 'strscan' require 'rack/core_ext/regexp' module Rack module Multipart class MultipartPartLimitError < Errno::EMFILE; end class Parser using ::Rack::RegexpExtensions BUFSIZE = 1_048_576 TEXT_PLAIN = "text/plain" TEMPFILE_FACTORY = lambda { |filename, content_type| Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0", '%00'))]) } BOUNDARY_REGEX = /\A([^\n]*(?:\n|\Z))/ class BoundedIO # :nodoc: def initialize(io, content_length) @io = io @content_length = content_length @cursor = 0 end def read(size, outbuf = nil) return if @cursor >= @content_length left = @content_length - @cursor str = if left < size @io.read left, outbuf else @io.read size, outbuf end if str @cursor += str.bytesize else # Raise an error for mismatching Content-Length and actual contents raise EOFError, "bad content body" end str end def rewind @io.rewind end end MultipartInfo = Struct.new :params, :tmp_files EMPTY = MultipartInfo.new(nil, []) def self.parse_boundary(content_type) return unless content_type data = content_type.match(MULTIPART) return unless data data[1] end def self.parse(io, content_length, content_type, tmpfile, bufsize, qp) return EMPTY if 0 == content_length boundary = parse_boundary content_type return EMPTY unless boundary io = BoundedIO.new(io, content_length) if content_length outbuf = String.new parser = new(boundary, tmpfile, bufsize, qp) parser.on_read io.read(bufsize, outbuf) loop do break if parser.state == :DONE parser.on_read io.read(bufsize, outbuf) end io.rewind parser.result end class Collector class MimePart < Struct.new(:body, :head, :filename, :content_type, :name) def get_data data = body if filename == "" # filename is blank which means no file has been selected return elsif filename body.rewind if body.respond_to?(:rewind) # Take the basename of the upload's original filename. # This handles the full Windows paths given by Internet Explorer # (and perhaps other broken user agents) without affecting # those which give the lone filename. fn = filename.split(/[\/\\]/).last data = { filename: fn, type: content_type, name: name, tempfile: body, head: head } elsif !filename && content_type && body.is_a?(IO) body.rewind # Generic multipart cases, not coming from a form data = { type: content_type, name: name, tempfile: body, head: head } end yield data end end class BufferPart < MimePart def file?; false; end def close; end end class TempfilePart < MimePart def file?; true; end def close; body.close; end end include Enumerable def initialize tempfile @tempfile = tempfile @mime_parts = [] @open_files = 0 end def each @mime_parts.each { |part| yield part } end def on_mime_head mime_index, head, filename, content_type, name if filename body = @tempfile.call(filename, content_type) body.binmode if body.respond_to?(:binmode) klass = TempfilePart @open_files += 1 else body = String.new klass = BufferPart end @mime_parts[mime_index] = klass.new(body, head, filename, content_type, name) check_open_files end def on_mime_body mime_index, content @mime_parts[mime_index].body << content end def on_mime_finish mime_index end private def check_open_files if Utils.multipart_part_limit > 0 if @open_files >= Utils.multipart_part_limit @mime_parts.each(&:close) raise MultipartPartLimitError, 'Maximum file multiparts in content reached' end end end end attr_reader :state def initialize(boundary, tempfile, bufsize, query_parser) @query_parser = query_parser @params = query_parser.make_params @boundary = "--#{boundary}" @bufsize = bufsize @full_boundary = @boundary @end_boundary = @boundary + '--' @state = :FAST_FORWARD @mime_index = 0 @collector = Collector.new tempfile @sbuf = StringScanner.new("".dup) @body_regex = /(?:#{EOL})?#{Regexp.quote(@boundary)}(?:#{EOL}|--)/m @rx_max_size = EOL.size + @boundary.bytesize + [EOL.size, '--'.size].max @head_regex = /(.*?#{EOL})#{EOL}/m end def on_read content handle_empty_content!(content) @sbuf.concat content run_parser end def result @collector.each do |part| part.get_data do |data| tag_multipart_encoding(part.filename, part.content_type, part.name, data) @query_parser.normalize_params(@params, part.name, data, @query_parser.param_depth_limit) end end MultipartInfo.new @params.to_params_hash, @collector.find_all(&:file?).map(&:body) end private def run_parser loop do case @state when :FAST_FORWARD break if handle_fast_forward == :want_read when :CONSUME_TOKEN break if handle_consume_token == :want_read when :MIME_HEAD break if handle_mime_head == :want_read when :MIME_BODY break if handle_mime_body == :want_read when :DONE break end end end def handle_fast_forward if consume_boundary @state = :MIME_HEAD else raise EOFError, "bad content body" if @sbuf.rest_size >= @bufsize :want_read end end def handle_consume_token tok = consume_boundary # break if we're at the end of a buffer, but not if it is the end of a field @state = if tok == :END_BOUNDARY || (@sbuf.eos? && tok != :BOUNDARY) :DONE else :MIME_HEAD end end def handle_mime_head if @sbuf.scan_until(@head_regex) head = @sbuf[1] content_type = head[MULTIPART_CONTENT_TYPE, 1] if name = head[MULTIPART_CONTENT_DISPOSITION, 1] name = Rack::Auth::Digest::Params::dequote(name) else name = head[MULTIPART_CONTENT_ID, 1] end filename = get_filename(head) if name.nil? || name.empty? name = filename || "#{content_type || TEXT_PLAIN}[]".dup end @collector.on_mime_head @mime_index, head, filename, content_type, name @state = :MIME_BODY else :want_read end end def handle_mime_body if (body_with_boundary = @sbuf.check_until(@body_regex)) # check but do not advance the pointer yet body = body_with_boundary.sub(/#{@body_regex}\z/m, '') # remove the boundary from the string @collector.on_mime_body @mime_index, body @sbuf.pos += body.length + 2 # skip \r\n after the content @state = :CONSUME_TOKEN @mime_index += 1 else # Save what we have so far if @rx_max_size < @sbuf.rest_size delta = @sbuf.rest_size - @rx_max_size @collector.on_mime_body @mime_index, @sbuf.peek(delta) @sbuf.pos += delta @sbuf.string = @sbuf.rest end :want_read end end def full_boundary; @full_boundary; end def consume_boundary while read_buffer = @sbuf.scan_until(BOUNDARY_REGEX) case read_buffer.strip when full_boundary then return :BOUNDARY when @end_boundary then return :END_BOUNDARY end return if @sbuf.eos? end end def get_filename(head) filename = nil case head when RFC2183 params = Hash[*head.scan(DISPPARM).flat_map(&:compact)] if filename = params['filename'] filename = $1 if filename =~ /^"(.*)"$/ elsif filename = params['filename*'] encoding, _, filename = filename.split("'", 3) end when BROKEN_QUOTED, BROKEN_UNQUOTED filename = $1 end return unless filename if filename.scan(/%.?.?/).all? { |s| /%[0-9a-fA-F]{2}/.match?(s) } filename = Utils.unescape_path(filename) end filename.scrub! if filename !~ /\\[^\\"]/ filename = filename.gsub(/\\(.)/, '\1') end if encoding filename.force_encoding ::Encoding.find(encoding) end filename end CHARSET = "charset" def tag_multipart_encoding(filename, content_type, name, body) name = name.to_s encoding = Encoding::UTF_8 name.force_encoding(encoding) return if filename if content_type list = content_type.split(';') type_subtype = list.first type_subtype.strip! if TEXT_PLAIN == type_subtype rest = list.drop 1 rest.each do |param| k, v = param.split('=', 2) k.strip! v.strip! v = v[1..-2] if v.start_with?('"') && v.end_with?('"') encoding = Encoding.find v if k == CHARSET end end end name.force_encoding(encoding) body.force_encoding(encoding) end def handle_empty_content!(content) if content.nil? || content.empty? raise EOFError end end end end end rack-2.1.4/lib/rack/multipart/uploaded_file.rb000066400000000000000000000020041367177163600213030ustar00rootroot00000000000000# frozen_string_literal: true module Rack module Multipart class UploadedFile # The filename, *not* including the path, of the "uploaded" file attr_reader :original_filename # The content type of the "uploaded" file attr_accessor :content_type def initialize(path, content_type = "text/plain", binary = false) raise "#{path} file does not exist" unless ::File.exist?(path) @content_type = content_type @original_filename = ::File.basename(path) @tempfile = Tempfile.new([@original_filename, ::File.extname(path)], encoding: Encoding::BINARY) @tempfile.binmode if binary FileUtils.copy_file(path, @tempfile.path) end def path @tempfile.path end alias_method :local_path, :path def respond_to?(*args) super or @tempfile.respond_to?(*args) end def method_missing(method_name, *args, &block) #:nodoc: @tempfile.__send__(method_name, *args, &block) end end end end rack-2.1.4/lib/rack/null_logger.rb000066400000000000000000000017241367177163600170070ustar00rootroot00000000000000# frozen_string_literal: true module Rack class NullLogger def initialize(app) @app = app end def call(env) env[RACK_LOGGER] = self @app.call(env) end def info(progname = nil, &block); end def debug(progname = nil, &block); end def warn(progname = nil, &block); end def error(progname = nil, &block); end def fatal(progname = nil, &block); end def unknown(progname = nil, &block); end def info? ; end def debug? ; end def warn? ; end def error? ; end def fatal? ; end def level ; end def progname ; end def datetime_format ; end def formatter ; end def sev_threshold ; end def level=(level); end def progname=(progname); end def datetime_format=(datetime_format); end def formatter=(formatter); end def sev_threshold=(sev_threshold); end def close ; end def add(severity, message = nil, progname = nil, &block); end def <<(msg); end end end rack-2.1.4/lib/rack/query_parser.rb000066400000000000000000000151601367177163600172160ustar00rootroot00000000000000# frozen_string_literal: true require_relative 'core_ext/regexp' module Rack class QueryParser using ::Rack::RegexpExtensions DEFAULT_SEP = /[&;] */n COMMON_SEP = { ";" => /[;] */n, ";," => /[;,] */n, "&" => /[&] */n } # ParameterTypeError is the error that is raised when incoming structural # parameters (parsed by parse_nested_query) contain conflicting types. class ParameterTypeError < TypeError; end # InvalidParameterError is the error that is raised when incoming structural # parameters (parsed by parse_nested_query) contain invalid format or byte # sequence. class InvalidParameterError < ArgumentError; end def self.make_default(key_space_limit, param_depth_limit) new Params, key_space_limit, param_depth_limit end attr_reader :key_space_limit, :param_depth_limit def initialize(params_class, key_space_limit, param_depth_limit) @params_class = params_class @key_space_limit = key_space_limit @param_depth_limit = param_depth_limit end # Stolen from Mongrel, with some small modifications: # Parses a query string by breaking it up at the '&' # and ';' characters. You can also use this to parse # cookies by changing the characters used in the second # parameter (which defaults to '&;'). def parse_query(qs, d = nil, &unescaper) unescaper ||= method(:unescape) params = make_params (qs || '').split(d ? (COMMON_SEP[d] || /[#{d}] */n) : DEFAULT_SEP).each do |p| next if p.empty? k, v = p.split('=', 2).map!(&unescaper) if cur = params[k] if cur.class == Array params[k] << v else params[k] = [cur, v] end else params[k] = v end end return params.to_h end # parse_nested_query expands a query string into structural types. Supported # types are Arrays, Hashes and basic value types. It is possible to supply # query strings with parameters of conflicting types, in this case a # ParameterTypeError is raised. Users are encouraged to return a 400 in this # case. def parse_nested_query(qs, d = nil) return {} if qs.nil? || qs.empty? params = make_params qs.split(d ? (COMMON_SEP[d] || /[#{d}] */n) : DEFAULT_SEP).each do |p| k, v = p.split('=', 2).map! { |s| unescape(s) } normalize_params(params, k, v, param_depth_limit) end return params.to_h rescue ArgumentError => e raise InvalidParameterError, e.message end # normalize_params recursively expands parameters into structural types. If # the structural types represented by two different parameter names are in # conflict, a ParameterTypeError is raised. def normalize_params(params, name, v, depth) raise RangeError if depth <= 0 name =~ %r(\A[\[\]]*([^\[\]]+)\]*) k = $1 || '' after = $' || '' if k.empty? if !v.nil? && name == "[]" return Array(v) else return end end if after == '' params[k] = v elsif after == "[" params[name] = v elsif after == "[]" params[k] ||= [] raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array) params[k] << v elsif after =~ %r(^\[\]\[([^\[\]]+)\]$) || after =~ %r(^\[\](.+)$) child_key = $1 params[k] ||= [] raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array) if params_hash_type?(params[k].last) && !params_hash_has_key?(params[k].last, child_key) normalize_params(params[k].last, child_key, v, depth - 1) else params[k] << normalize_params(make_params, child_key, v, depth - 1) end else params[k] ||= make_params raise ParameterTypeError, "expected Hash (got #{params[k].class.name}) for param `#{k}'" unless params_hash_type?(params[k]) params[k] = normalize_params(params[k], after, v, depth - 1) end params end def make_params @params_class.new @key_space_limit end def new_space_limit(key_space_limit) self.class.new @params_class, key_space_limit, param_depth_limit end def new_depth_limit(param_depth_limit) self.class.new @params_class, key_space_limit, param_depth_limit end private def params_hash_type?(obj) obj.kind_of?(@params_class) end def params_hash_has_key?(hash, key) return false if /\[\]/.match?(key) key.split(/[\[\]]+/).inject(hash) do |h, part| next h if part == '' return false unless params_hash_type?(h) && h.key?(part) h[part] end true end def unescape(s) Utils.unescape(s) end class Params def initialize(limit) @limit = limit @size = 0 @params = {} end def [](key) @params[key] end def []=(key, value) @size += key.size if key && !@params.key?(key) raise RangeError, 'exceeded available parameter key space' if @size > @limit @params[key] = value end def key?(key) @params.key?(key) end # Recursively unwraps nested `Params` objects and constructs an object # of the same shape, but using the objects' internal representations # (Ruby hashes) in place of the objects. The result is a hash consisting # purely of Ruby primitives. # # Mutation warning! # # 1. This method mutates the internal representation of the `Params` # objects in order to save object allocations. # # 2. The value you get back is a reference to the internal hash # representation, not a copy. # # 3. Because the `Params` object's internal representation is mutable # through the `#[]=` method, it is not thread safe. The result of # getting the hash representation while another thread is adding a # key to it is non-deterministic. # def to_h @params.each do |key, value| case value when self # Handle circular references gracefully. @params[key] = @params when Params @params[key] = value.to_h when Array value.map! { |v| v.kind_of?(Params) ? v.to_h : v } else # Ignore anything that is not a `Params` object or # a collection that can contain one. end end @params end alias_method :to_params_hash, :to_h end end end rack-2.1.4/lib/rack/recursive.rb000066400000000000000000000034001367177163600164760ustar00rootroot00000000000000# frozen_string_literal: true require 'uri' module Rack # Rack::ForwardRequest gets caught by Rack::Recursive and redirects # the current request to the app at +url+. # # raise ForwardRequest.new("/not-found") # class ForwardRequest < Exception attr_reader :url, :env def initialize(url, env = {}) @url = URI(url) @env = env @env[PATH_INFO] = @url.path @env[QUERY_STRING] = @url.query if @url.query @env[HTTP_HOST] = @url.host if @url.host @env["HTTP_PORT"] = @url.port if @url.port @env[RACK_URL_SCHEME] = @url.scheme if @url.scheme super "forwarding to #{url}" end end # Rack::Recursive allows applications called down the chain to # include data from other applications (by using # rack['rack.recursive.include'][...] or raise a # ForwardRequest to redirect internally. class Recursive def initialize(app) @app = app end def call(env) dup._call(env) end def _call(env) @script_name = env[SCRIPT_NAME] @app.call(env.merge(RACK_RECURSIVE_INCLUDE => method(:include))) rescue ForwardRequest => req call(env.merge(req.env)) end def include(env, path) unless path.index(@script_name) == 0 && (path[@script_name.size] == ?/ || path[@script_name.size].nil?) raise ArgumentError, "can only include below #{@script_name}, not #{path}" end env = env.merge(PATH_INFO => path, SCRIPT_NAME => @script_name, REQUEST_METHOD => GET, "CONTENT_LENGTH" => "0", "CONTENT_TYPE" => "", RACK_INPUT => StringIO.new("")) @app.call(env) end end end rack-2.1.4/lib/rack/reloader.rb000066400000000000000000000061371367177163600162760ustar00rootroot00000000000000# frozen_string_literal: true # Copyright (C) 2009-2018 Michael Fellinger # Rack::Reloader is subject to the terms of an MIT-style license. # See MIT-LICENSE or https://opensource.org/licenses/MIT. require 'pathname' require_relative 'core_ext/regexp' module Rack # High performant source reloader # # This class acts as Rack middleware. # # What makes it especially suited for use in a production environment is that # any file will only be checked once and there will only be made one system # call stat(2). # # Please note that this will not reload files in the background, it does so # only when actively called. # # It is performing a check/reload cycle at the start of every request, but # also respects a cool down time, during which nothing will be done. class Reloader using ::Rack::RegexpExtensions def initialize(app, cooldown = 10, backend = Stat) @app = app @cooldown = cooldown @last = (Time.now - cooldown) @cache = {} @mtimes = {} @reload_mutex = Mutex.new extend backend end def call(env) if @cooldown and Time.now > @last + @cooldown if Thread.list.size > 1 @reload_mutex.synchronize{ reload! } else reload! end @last = Time.now end @app.call(env) end def reload!(stderr = $stderr) rotation do |file, mtime| previous_mtime = @mtimes[file] ||= mtime safe_load(file, mtime, stderr) if mtime > previous_mtime end end # A safe Kernel::load, issuing the hooks depending on the results def safe_load(file, mtime, stderr = $stderr) load(file) stderr.puts "#{self.class}: reloaded `#{file}'" file rescue LoadError, SyntaxError => ex stderr.puts ex ensure @mtimes[file] = mtime end module Stat def rotation files = [$0, *$LOADED_FEATURES].uniq paths = ['./', *$LOAD_PATH].uniq files.map{|file| next if /\.(so|bundle)$/.match?(file) # cannot reload compiled files found, stat = figure_path(file, paths) next unless found && stat && mtime = stat.mtime @cache[file] = found yield(found, mtime) }.compact end # Takes a relative or absolute +file+ name, a couple possible +paths+ that # the +file+ might reside in. Returns the full path and File::Stat for the # path. def figure_path(file, paths) found = @cache[file] found = file if !found and Pathname.new(file).absolute? found, stat = safe_stat(found) return found, stat if found paths.find do |possible_path| path = ::File.join(possible_path, file) found, stat = safe_stat(path) return ::File.expand_path(found), stat if found end return false, false end def safe_stat(file) return unless file stat = ::File.stat(file) return file, stat if stat.file? rescue Errno::ENOENT, Errno::ENOTDIR, Errno::ESRCH @cache.delete(file) and false end end end end rack-2.1.4/lib/rack/request.rb000066400000000000000000000417121367177163600161670ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/utils' require 'rack/media_type' require_relative 'core_ext/regexp' module Rack # Rack::Request provides a convenient interface to a Rack # environment. It is stateless, the environment +env+ passed to the # constructor will be directly modified. # # req = Rack::Request.new(env) # req.post? # req.params["data"] class Request using ::Rack::RegexpExtensions class << self attr_accessor :ip_filter end self.ip_filter = lambda { |ip| /\A127\.0\.0\.1\Z|\A(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\.|\A::1\Z|\Afd[0-9a-f]{2}:.+|\Alocalhost\Z|\Aunix\Z|\Aunix:/i.match?(ip) } ALLOWED_SCHEMES = %w(https http).freeze SCHEME_WHITELIST = ALLOWED_SCHEMES if Object.respond_to?(:deprecate_constant) deprecate_constant :SCHEME_WHITELIST end def initialize(env) @params = nil super(env) end def params @params ||= super end def update_param(k, v) super @params = nil end def delete_param(k) v = super @params = nil v end module Env # The environment of the request. attr_reader :env def initialize(env) @env = env super() end # Predicate method to test to see if `name` has been set as request # specific data def has_header?(name) @env.key? name end # Get a request specific value for `name`. def get_header(name) @env[name] end # If a block is given, it yields to the block if the value hasn't been set # on the request. def fetch_header(name, &block) @env.fetch(name, &block) end # Loops through each key / value pair in the request specific data. def each_header(&block) @env.each(&block) end # Set a request specific value for `name` to `v` def set_header(name, v) @env[name] = v end # Add a header that may have multiple values. # # Example: # request.add_header 'Accept', 'image/png' # request.add_header 'Accept', '*/*' # # assert_equal 'image/png,*/*', request.get_header('Accept') # # http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 def add_header key, v if v.nil? get_header key elsif has_header? key set_header key, "#{get_header key},#{v}" else set_header key, v end end # Delete a request specific value for `name`. def delete_header(name) @env.delete name end def initialize_copy(other) @env = other.env.dup end end module Helpers # The set of form-data media-types. Requests that do not indicate # one of the media types present in this list will not be eligible # for form-data / param parsing. FORM_DATA_MEDIA_TYPES = [ 'application/x-www-form-urlencoded', 'multipart/form-data' ] # The set of media-types. Requests that do not indicate # one of the media types present in this list will not be eligible # for param parsing like soap attachments or generic multiparts PARSEABLE_DATA_MEDIA_TYPES = [ 'multipart/related', 'multipart/mixed' ] # Default ports depending on scheme. Used to decide whether or not # to include the port in a generated URI. DEFAULT_PORTS = { 'http' => 80, 'https' => 443, 'coffee' => 80 } HTTP_X_FORWARDED_SCHEME = 'HTTP_X_FORWARDED_SCHEME' HTTP_X_FORWARDED_PROTO = 'HTTP_X_FORWARDED_PROTO' HTTP_X_FORWARDED_HOST = 'HTTP_X_FORWARDED_HOST' HTTP_X_FORWARDED_PORT = 'HTTP_X_FORWARDED_PORT' HTTP_X_FORWARDED_SSL = 'HTTP_X_FORWARDED_SSL' def body; get_header(RACK_INPUT) end def script_name; get_header(SCRIPT_NAME).to_s end def script_name=(s); set_header(SCRIPT_NAME, s.to_s) end def path_info; get_header(PATH_INFO).to_s end def path_info=(s); set_header(PATH_INFO, s.to_s) end def request_method; get_header(REQUEST_METHOD) end def query_string; get_header(QUERY_STRING).to_s end def content_length; get_header('CONTENT_LENGTH') end def logger; get_header(RACK_LOGGER) end def user_agent; get_header('HTTP_USER_AGENT') end def multithread?; get_header(RACK_MULTITHREAD) end # the referer of the client def referer; get_header('HTTP_REFERER') end alias referrer referer def session fetch_header(RACK_SESSION) do |k| set_header RACK_SESSION, default_session end end def session_options fetch_header(RACK_SESSION_OPTIONS) do |k| set_header RACK_SESSION_OPTIONS, {} end end # Checks the HTTP request method (or verb) to see if it was of type DELETE def delete?; request_method == DELETE end # Checks the HTTP request method (or verb) to see if it was of type GET def get?; request_method == GET end # Checks the HTTP request method (or verb) to see if it was of type HEAD def head?; request_method == HEAD end # Checks the HTTP request method (or verb) to see if it was of type OPTIONS def options?; request_method == OPTIONS end # Checks the HTTP request method (or verb) to see if it was of type LINK def link?; request_method == LINK end # Checks the HTTP request method (or verb) to see if it was of type PATCH def patch?; request_method == PATCH end # Checks the HTTP request method (or verb) to see if it was of type POST def post?; request_method == POST end # Checks the HTTP request method (or verb) to see if it was of type PUT def put?; request_method == PUT end # Checks the HTTP request method (or verb) to see if it was of type TRACE def trace?; request_method == TRACE end # Checks the HTTP request method (or verb) to see if it was of type UNLINK def unlink?; request_method == UNLINK end def scheme if get_header(HTTPS) == 'on' 'https' elsif get_header(HTTP_X_FORWARDED_SSL) == 'on' 'https' elsif forwarded_scheme forwarded_scheme else get_header(RACK_URL_SCHEME) end end def authority get_header(SERVER_NAME) + ':' + get_header(SERVER_PORT) end def cookies hash = fetch_header(RACK_REQUEST_COOKIE_HASH) do |k| set_header(k, {}) end string = get_header HTTP_COOKIE return hash if string == get_header(RACK_REQUEST_COOKIE_STRING) hash.replace Utils.parse_cookies_header string set_header(RACK_REQUEST_COOKIE_STRING, string) hash end def content_type content_type = get_header('CONTENT_TYPE') content_type.nil? || content_type.empty? ? nil : content_type end def xhr? get_header("HTTP_X_REQUESTED_WITH") == "XMLHttpRequest" end def host_with_port if forwarded = get_header(HTTP_X_FORWARDED_HOST) forwarded.split(/,\s?/).last else get_header(HTTP_HOST) || "#{get_header(SERVER_NAME) || get_header(SERVER_ADDR)}:#{get_header(SERVER_PORT)}" end end def host # Remove port number. h = host_with_port if colon_index = h.index(":") h[0, colon_index] else h end end def port if port = extract_port(host_with_port) port.to_i elsif port = get_header(HTTP_X_FORWARDED_PORT) port.to_i elsif has_header?(HTTP_X_FORWARDED_HOST) DEFAULT_PORTS[scheme] elsif has_header?(HTTP_X_FORWARDED_PROTO) DEFAULT_PORTS[extract_proto_header(get_header(HTTP_X_FORWARDED_PROTO))] else get_header(SERVER_PORT).to_i end end def ssl? scheme == 'https' end def ip remote_addrs = split_ip_addresses(get_header('REMOTE_ADDR')) remote_addrs = reject_trusted_ip_addresses(remote_addrs) return remote_addrs.first if remote_addrs.any? forwarded_ips = split_ip_addresses(get_header('HTTP_X_FORWARDED_FOR')) .map { |ip| strip_port(ip) } return reject_trusted_ip_addresses(forwarded_ips).last || forwarded_ips.first || get_header("REMOTE_ADDR") end # The media type (type/subtype) portion of the CONTENT_TYPE header # without any media type parameters. e.g., when CONTENT_TYPE is # "text/plain;charset=utf-8", the media-type is "text/plain". # # For more information on the use of media types in HTTP, see: # http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7 def media_type MediaType.type(content_type) end # The media type parameters provided in CONTENT_TYPE as a Hash, or # an empty Hash if no CONTENT_TYPE or media-type parameters were # provided. e.g., when the CONTENT_TYPE is "text/plain;charset=utf-8", # this method responds with the following Hash: # { 'charset' => 'utf-8' } def media_type_params MediaType.params(content_type) end # The character set of the request body if a "charset" media type # parameter was given, or nil if no "charset" was specified. Note # that, per RFC2616, text/* media types that specify no explicit # charset are to be considered ISO-8859-1. def content_charset media_type_params['charset'] end # Determine whether the request body contains form-data by checking # the request Content-Type for one of the media-types: # "application/x-www-form-urlencoded" or "multipart/form-data". The # list of form-data media types can be modified through the # +FORM_DATA_MEDIA_TYPES+ array. # # A request body is also assumed to contain form-data when no # Content-Type header is provided and the request_method is POST. def form_data? type = media_type meth = get_header(RACK_METHODOVERRIDE_ORIGINAL_METHOD) || get_header(REQUEST_METHOD) (meth == POST && type.nil?) || FORM_DATA_MEDIA_TYPES.include?(type) end # Determine whether the request body contains data by checking # the request media_type against registered parse-data media-types def parseable_data? PARSEABLE_DATA_MEDIA_TYPES.include?(media_type) end # Returns the data received in the query string. def GET if get_header(RACK_REQUEST_QUERY_STRING) == query_string get_header(RACK_REQUEST_QUERY_HASH) else query_hash = parse_query(query_string, '&;') set_header(RACK_REQUEST_QUERY_STRING, query_string) set_header(RACK_REQUEST_QUERY_HASH, query_hash) end end # Returns the data received in the request body. # # This method support both application/x-www-form-urlencoded and # multipart/form-data. def POST if get_header(RACK_INPUT).nil? raise "Missing rack.input" elsif get_header(RACK_REQUEST_FORM_INPUT) == get_header(RACK_INPUT) get_header(RACK_REQUEST_FORM_HASH) elsif form_data? || parseable_data? unless set_header(RACK_REQUEST_FORM_HASH, parse_multipart) form_vars = get_header(RACK_INPUT).read # Fix for Safari Ajax postings that always append \0 # form_vars.sub!(/\0\z/, '') # performance replacement: form_vars.slice!(-1) if form_vars.end_with?("\0") set_header RACK_REQUEST_FORM_VARS, form_vars set_header RACK_REQUEST_FORM_HASH, parse_query(form_vars, '&') get_header(RACK_INPUT).rewind end set_header RACK_REQUEST_FORM_INPUT, get_header(RACK_INPUT) get_header RACK_REQUEST_FORM_HASH else {} end end # The union of GET and POST data. # # Note that modifications will not be persisted in the env. Use update_param or delete_param if you want to destructively modify params. def params self.GET.merge(self.POST) rescue EOFError self.GET.dup end # Destructively update a parameter, whether it's in GET and/or POST. Returns nil. # # The parameter is updated wherever it was previous defined, so GET, POST, or both. If it wasn't previously defined, it's inserted into GET. # # env['rack.input'] is not touched. def update_param(k, v) found = false if self.GET.has_key?(k) found = true self.GET[k] = v end if self.POST.has_key?(k) found = true self.POST[k] = v end unless found self.GET[k] = v end end # Destructively delete a parameter, whether it's in GET or POST. Returns the value of the deleted parameter. # # If the parameter is in both GET and POST, the POST value takes precedence since that's how #params works. # # env['rack.input'] is not touched. def delete_param(k) post_value, get_value = self.POST.delete(k), self.GET.delete(k) post_value || get_value end def base_url url = "#{scheme}://#{host}" url = "#{url}:#{port}" if port != DEFAULT_PORTS[scheme] url end # Tries to return a remake of the original request URL as a string. def url base_url + fullpath end def path script_name + path_info end def fullpath query_string.empty? ? path : "#{path}?#{query_string}" end def accept_encoding parse_http_accept_header(get_header("HTTP_ACCEPT_ENCODING")) end def accept_language parse_http_accept_header(get_header("HTTP_ACCEPT_LANGUAGE")) end def trusted_proxy?(ip) Rack::Request.ip_filter.call(ip) end # shortcut for request.params[key] def [](key) if $VERBOSE warn("Request#[] is deprecated and will be removed in a future version of Rack. Please use request.params[] instead") end params[key.to_s] end # shortcut for request.params[key] = value # # Note that modifications will not be persisted in the env. Use update_param or delete_param if you want to destructively modify params. def []=(key, value) if $VERBOSE warn("Request#[]= is deprecated and will be removed in a future version of Rack. Please use request.params[]= instead") end params[key.to_s] = value end # like Hash#values_at def values_at(*keys) keys.map { |key| params[key] } end private def default_session; {}; end def parse_http_accept_header(header) header.to_s.split(/\s*,\s*/).map do |part| attribute, parameters = part.split(/\s*;\s*/, 2) quality = 1.0 if parameters and /\Aq=([\d.]+)/ =~ parameters quality = $1.to_f end [attribute, quality] end end def query_parser Utils.default_query_parser end def parse_query(qs, d = '&') query_parser.parse_nested_query(qs, d) end def parse_multipart Rack::Multipart.extract_multipart(self, query_parser) end def split_ip_addresses(ip_addresses) ip_addresses ? ip_addresses.strip.split(/[,\s]+/) : [] end def strip_port(ip_address) # IPv6 format with optional port: "[2001:db8:cafe::17]:47011" # returns: "2001:db8:cafe::17" sep_start = ip_address.index('[') sep_end = ip_address.index(']') if (sep_start && sep_end) return ip_address[sep_start + 1, sep_end - 1] end # IPv4 format with optional port: "192.0.2.43:47011" # returns: "192.0.2.43" sep = ip_address.index(':') if (sep && ip_address.count(':') == 1) return ip_address[0, sep] end ip_address end def reject_trusted_ip_addresses(ip_addresses) ip_addresses.reject { |ip| trusted_proxy?(ip) } end def forwarded_scheme allowed_scheme(get_header(HTTP_X_FORWARDED_SCHEME)) || allowed_scheme(extract_proto_header(get_header(HTTP_X_FORWARDED_PROTO))) end def allowed_scheme(header) header if ALLOWED_SCHEMES.include?(header) end def extract_proto_header(header) if header if (comma_index = header.index(',')) header[0, comma_index] else header end end end def extract_port(uri) if (colon_index = uri.index(':')) uri[colon_index + 1, uri.length] end end end include Env include Helpers end end rack-2.1.4/lib/rack/response.rb000066400000000000000000000157501367177163600163400ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/request' require 'rack/utils' require 'rack/body_proxy' require 'rack/media_type' require 'time' module Rack # Rack::Response provides a convenient interface to create a Rack # response. # # It allows setting of headers and cookies, and provides useful # defaults (an OK response with empty headers and body). # # You can use Response#write to iteratively generate your response, # but note that this is buffered by Rack::Response until you call # +finish+. +finish+ however can take a block inside which calls to # +write+ are synchronous with the Rack response. # # Your application's +call+ should end returning Response#finish. class Response attr_accessor :length, :status, :body attr_reader :header alias headers header CHUNKED = 'chunked' STATUS_WITH_NO_ENTITY_BODY = Utils::STATUS_WITH_NO_ENTITY_BODY def initialize(body = nil, status = 200, header = {}) @status = status.to_i @header = Utils::HeaderHash.new(header) @writer = self.method(:append) @block = nil @length = 0 # Keep track of whether we have expanded the user supplied body. if body.nil? @body = [] @buffered = true elsif body.respond_to?(:to_str) @body = [body] @buffered = true else @body = body @buffered = false end yield self if block_given? end def redirect(target, status = 302) self.status = status self.location = target end def chunked? CHUNKED == get_header(TRANSFER_ENCODING) end def finish(&block) if STATUS_WITH_NO_ENTITY_BODY[status.to_i] delete_header CONTENT_TYPE delete_header CONTENT_LENGTH close [status.to_i, header, []] else if block_given? @block = block [status.to_i, header, self] else [status.to_i, header, @body] end end end alias to_a finish # For *response def each(&callback) @body.each(&callback) @buffered = true if @block @writer = callback @block.call(self) end end # Append to body and update Content-Length. # # NOTE: Do not mix #write and direct #body access! # def write(chunk) buffered_body! @writer.call(chunk.to_s) end def close @body.close if @body.respond_to?(:close) end def empty? @block == nil && @body.empty? end def has_header?(key); headers.key? key; end def get_header(key); headers[key]; end def set_header(key, v); headers[key] = v; end def delete_header(key); headers.delete key; end alias :[] :get_header alias :[]= :set_header module Helpers def invalid?; status < 100 || status >= 600; end def informational?; status >= 100 && status < 200; end def successful?; status >= 200 && status < 300; end def redirection?; status >= 300 && status < 400; end def client_error?; status >= 400 && status < 500; end def server_error?; status >= 500 && status < 600; end def ok?; status == 200; end def created?; status == 201; end def accepted?; status == 202; end def no_content?; status == 204; end def moved_permanently?; status == 301; end def bad_request?; status == 400; end def unauthorized?; status == 401; end def forbidden?; status == 403; end def not_found?; status == 404; end def method_not_allowed?; status == 405; end def precondition_failed?; status == 412; end def unprocessable?; status == 422; end def redirect?; [301, 302, 303, 307, 308].include? status; end def include?(header) has_header? header end # Add a header that may have multiple values. # # Example: # response.add_header 'Vary', 'Accept-Encoding' # response.add_header 'Vary', 'Cookie' # # assert_equal 'Accept-Encoding,Cookie', response.get_header('Vary') # # http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 def add_header key, v if v.nil? get_header key elsif has_header? key set_header key, "#{get_header key},#{v}" else set_header key, v end end def content_type get_header CONTENT_TYPE end def media_type MediaType.type(content_type) end def media_type_params MediaType.params(content_type) end def content_length cl = get_header CONTENT_LENGTH cl ? cl.to_i : cl end def location get_header "Location" end def location=(location) set_header "Location", location end def set_cookie(key, value) cookie_header = get_header SET_COOKIE set_header SET_COOKIE, ::Rack::Utils.add_cookie_to_header(cookie_header, key, value) end def delete_cookie(key, value = {}) set_header SET_COOKIE, ::Rack::Utils.add_remove_cookie_to_header(get_header(SET_COOKIE), key, value) end def set_cookie_header get_header SET_COOKIE end def set_cookie_header= v set_header SET_COOKIE, v end def cache_control get_header CACHE_CONTROL end def cache_control= v set_header CACHE_CONTROL, v end def etag get_header ETAG end def etag= v set_header ETAG, v end protected def buffered_body! return if @buffered if @body.is_a?(Array) # The user supplied body was an array: @body = @body.compact else # Turn the user supplied body into a buffered array: body = @body @body = Array.new body.each do |part| @writer.call(part.to_s) end end @buffered = true end def append(chunk) @body << chunk unless chunked? @length += chunk.bytesize set_header(CONTENT_LENGTH, @length.to_s) end return chunk end end include Helpers class Raw include Helpers attr_reader :headers attr_accessor :status def initialize status, headers @status = status @headers = headers end def has_header?(key); headers.key? key; end def get_header(key); headers[key]; end def set_header(key, v); headers[key] = v; end def delete_header(key); headers.delete key; end end end end rack-2.1.4/lib/rack/rewindable_input.rb000066400000000000000000000055721367177163600200360ustar00rootroot00000000000000# -*- encoding: binary -*- # frozen_string_literal: true require 'tempfile' require 'rack/utils' module Rack # Class which can make any IO object rewindable, including non-rewindable ones. It does # this by buffering the data into a tempfile, which is rewindable. # # rack.input is required to be rewindable, so if your input stream IO is non-rewindable # by nature (e.g. a pipe or a socket) then you can wrap it in an object of this class # to easily make it rewindable. # # Don't forget to call #close when you're done. This frees up temporary resources that # RewindableInput uses, though it does *not* close the original IO object. class RewindableInput def initialize(io) @io = io @rewindable_io = nil @unlinked = false end def gets make_rewindable unless @rewindable_io @rewindable_io.gets end def read(*args) make_rewindable unless @rewindable_io @rewindable_io.read(*args) end def each(&block) make_rewindable unless @rewindable_io @rewindable_io.each(&block) end def rewind make_rewindable unless @rewindable_io @rewindable_io.rewind end # Closes this RewindableInput object without closing the originally # wrapped IO object. Cleans up any temporary resources that this RewindableInput # has created. # # This method may be called multiple times. It does nothing on subsequent calls. def close if @rewindable_io if @unlinked @rewindable_io.close else @rewindable_io.close! end @rewindable_io = nil end end private def make_rewindable # Buffer all data into a tempfile. Since this tempfile is private to this # RewindableInput object, we chmod it so that nobody else can read or write # it. On POSIX filesystems we also unlink the file so that it doesn't # even have a file entry on the filesystem anymore, though we can still # access it because we have the file handle open. @rewindable_io = Tempfile.new('RackRewindableInput') @rewindable_io.chmod(0000) @rewindable_io.set_encoding(Encoding::BINARY) if @rewindable_io.respond_to?(:set_encoding) @rewindable_io.binmode if filesystem_has_posix_semantics? raise 'Unlink failed. IO closed.' if @rewindable_io.closed? @unlinked = true end buffer = "".dup while @io.read(1024 * 4, buffer) entire_buffer_written_out = false while !entire_buffer_written_out written = @rewindable_io.write(buffer) entire_buffer_written_out = written == buffer.bytesize if !entire_buffer_written_out buffer.slice!(0 .. written - 1) end end end @rewindable_io.rewind end def filesystem_has_posix_semantics? RUBY_PLATFORM !~ /(mswin|mingw|cygwin|java)/ end end end rack-2.1.4/lib/rack/runtime.rb000066400000000000000000000015431367177163600161600ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/utils' module Rack # Sets an "X-Runtime" response header, indicating the response # time of the request, in seconds # # You can put it right before the application to see the processing # time, or before all the other middlewares to include time for them, # too. class Runtime FORMAT_STRING = "%0.6f" # :nodoc: HEADER_NAME = "X-Runtime" # :nodoc: def initialize(app, name = nil) @app = app @header_name = HEADER_NAME @header_name += "-#{name}" if name end def call(env) start_time = Utils.clock_time status, headers, body = @app.call(env) request_time = Utils.clock_time - start_time unless headers.has_key?(@header_name) headers[@header_name] = FORMAT_STRING % request_time end [status, headers, body] end end end rack-2.1.4/lib/rack/sendfile.rb000066400000000000000000000127741367177163600162760ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/files' require 'rack/body_proxy' module Rack # = Sendfile # # The Sendfile middleware intercepts responses whose body is being # served from a file and replaces it with a server specific X-Sendfile # header. The web server is then responsible for writing the file contents # to the client. This can dramatically reduce the amount of work required # by the Ruby backend and takes advantage of the web server's optimized file # delivery code. # # In order to take advantage of this middleware, the response body must # respond to +to_path+ and the request must include an X-Sendfile-Type # header. Rack::Files and other components implement +to_path+ so there's # rarely anything you need to do in your application. The X-Sendfile-Type # header is typically set in your web servers configuration. The following # sections attempt to document # # === Nginx # # Nginx supports the X-Accel-Redirect header. This is similar to X-Sendfile # but requires parts of the filesystem to be mapped into a private URL # hierarchy. # # The following example shows the Nginx configuration required to create # a private "/files/" area, enable X-Accel-Redirect, and pass the special # X-Sendfile-Type and X-Accel-Mapping headers to the backend: # # location ~ /files/(.*) { # internal; # alias /var/www/$1; # } # # location / { # proxy_redirect off; # # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # # proxy_set_header X-Sendfile-Type X-Accel-Redirect; # proxy_set_header X-Accel-Mapping /var/www/=/files/; # # proxy_pass http://127.0.0.1:8080/; # } # # Note that the X-Sendfile-Type header must be set exactly as shown above. # The X-Accel-Mapping header should specify the location on the file system, # followed by an equals sign (=), followed name of the private URL pattern # that it maps to. The middleware performs a simple substitution on the # resulting path. # # See Also: https://www.nginx.com/resources/wiki/start/topics/examples/xsendfile # # === lighttpd # # Lighttpd has supported some variation of the X-Sendfile header for some # time, although only recent version support X-Sendfile in a reverse proxy # configuration. # # $HTTP["host"] == "example.com" { # proxy-core.protocol = "http" # proxy-core.balancer = "round-robin" # proxy-core.backends = ( # "127.0.0.1:8000", # "127.0.0.1:8001", # ... # ) # # proxy-core.allow-x-sendfile = "enable" # proxy-core.rewrite-request = ( # "X-Sendfile-Type" => (".*" => "X-Sendfile") # ) # } # # See Also: http://redmine.lighttpd.net/wiki/lighttpd/Docs:ModProxyCore # # === Apache # # X-Sendfile is supported under Apache 2.x using a separate module: # # https://tn123.org/mod_xsendfile/ # # Once the module is compiled and installed, you can enable it using # XSendFile config directive: # # RequestHeader Set X-Sendfile-Type X-Sendfile # ProxyPassReverse / http://localhost:8001/ # XSendFile on # # === Mapping parameter # # The third parameter allows for an overriding extension of the # X-Accel-Mapping header. Mappings should be provided in tuples of internal to # external. The internal values may contain regular expression syntax, they # will be matched with case indifference. class Sendfile def initialize(app, variation = nil, mappings = []) @app = app @variation = variation @mappings = mappings.map do |internal, external| [/^#{internal}/i, external] end end def call(env) status, headers, body = @app.call(env) if body.respond_to?(:to_path) case type = variation(env) when 'X-Accel-Redirect' path = ::File.expand_path(body.to_path) if url = map_accel_path(env, path) headers[CONTENT_LENGTH] = '0' # '?' must be percent-encoded because it is not query string but a part of path headers[type] = ::Rack::Utils.escape_path(url).gsub('?', '%3F') obody = body body = Rack::BodyProxy.new([]) do obody.close if obody.respond_to?(:close) end else env[RACK_ERRORS].puts "X-Accel-Mapping header missing" end when 'X-Sendfile', 'X-Lighttpd-Send-File' path = ::File.expand_path(body.to_path) headers[CONTENT_LENGTH] = '0' headers[type] = path obody = body body = Rack::BodyProxy.new([]) do obody.close if obody.respond_to?(:close) end when '', nil else env[RACK_ERRORS].puts "Unknown x-sendfile variation: '#{type}'.\n" end end [status, headers, body] end private def variation(env) @variation || env['sendfile.type'] || env['HTTP_X_SENDFILE_TYPE'] end def map_accel_path(env, path) if mapping = @mappings.find { |internal, _| internal =~ path } path.sub(*mapping) elsif mapping = env['HTTP_X_ACCEL_MAPPING'] mapping.split(',').map(&:strip).each do |m| internal, external = m.split('=', 2).map(&:strip) new_path = path.sub(/^#{internal}/i, external) return new_path unless path == new_path end path end end end end rack-2.1.4/lib/rack/server.rb000066400000000000000000000322371367177163600160070ustar00rootroot00000000000000# frozen_string_literal: true require 'optparse' require 'fileutils' require_relative 'core_ext/regexp' module Rack class Server using ::Rack::RegexpExtensions class Options def parse!(args) options = {} opt_parser = OptionParser.new("", 24, ' ') do |opts| opts.banner = "Usage: rackup [ruby options] [rack options] [rackup config]" opts.separator "" opts.separator "Ruby options:" lineno = 1 opts.on("-e", "--eval LINE", "evaluate a LINE of code") { |line| eval line, TOPLEVEL_BINDING, "-e", lineno lineno += 1 } opts.on("-d", "--debug", "set debugging flags (set $DEBUG to true)") { options[:debug] = true } opts.on("-w", "--warn", "turn warnings on for your script") { options[:warn] = true } opts.on("-q", "--quiet", "turn off logging") { options[:quiet] = true } opts.on("-I", "--include PATH", "specify $LOAD_PATH (may be used more than once)") { |path| (options[:include] ||= []).concat(path.split(":")) } opts.on("-r", "--require LIBRARY", "require the library, before executing your script") { |library| options[:require] = library } opts.separator "" opts.separator "Rack options:" opts.on("-b", "--builder BUILDER_LINE", "evaluate a BUILDER_LINE of code as a builder script") { |line| options[:builder] = line } opts.on("-s", "--server SERVER", "serve using SERVER (thin/puma/webrick)") { |s| options[:server] = s } opts.on("-o", "--host HOST", "listen on HOST (default: localhost)") { |host| options[:Host] = host } opts.on("-p", "--port PORT", "use PORT (default: 9292)") { |port| options[:Port] = port } opts.on("-O", "--option NAME[=VALUE]", "pass VALUE to the server as option NAME. If no VALUE, sets it to true. Run '#{$0} -s SERVER -h' to get a list of options for SERVER") { |name| name, value = name.split('=', 2) value = true if value.nil? options[name.to_sym] = value } opts.on("-E", "--env ENVIRONMENT", "use ENVIRONMENT for defaults (default: development)") { |e| options[:environment] = e } opts.on("-D", "--daemonize", "run daemonized in the background") { |d| options[:daemonize] = d ? true : false } opts.on("-P", "--pid FILE", "file to store PID") { |f| options[:pid] = ::File.expand_path(f) } opts.separator "" opts.separator "Profiling options:" opts.on("--heap HEAPFILE", "Build the application, then dump the heap to HEAPFILE") do |e| options[:heapfile] = e end opts.on("--profile PROFILE", "Dump CPU or Memory profile to PROFILE (defaults to a tempfile)") do |e| options[:profile_file] = e end opts.on("--profile-mode MODE", "Profile mode (cpu|wall|object)") do |e| { cpu: true, wall: true, object: true }.fetch(e.to_sym) do raise OptionParser::InvalidOption, "unknown profile mode: #{e}" end options[:profile_mode] = e.to_sym end opts.separator "" opts.separator "Common options:" opts.on_tail("-h", "-?", "--help", "Show this message") do puts opts puts handler_opts(options) exit end opts.on_tail("--version", "Show version") do puts "Rack #{Rack.version} (Release: #{Rack.release})" exit end end begin opt_parser.parse! args rescue OptionParser::InvalidOption => e warn e.message abort opt_parser.to_s end options[:config] = args.last if args.last && !args.last.empty? options end def handler_opts(options) begin info = [] server = Rack::Handler.get(options[:server]) || Rack::Handler.default if server && server.respond_to?(:valid_options) info << "" info << "Server-specific options for #{server.name}:" has_options = false server.valid_options.each do |name, description| next if /^(Host|Port)[^a-zA-Z]/.match?(name.to_s) # ignore handler's host and port options, we do our own. info << " -O %-21s %s" % [name, description] has_options = true end return "" if !has_options end info.join("\n") rescue NameError return "Warning: Could not find handler specified (#{options[:server] || 'default'}) to determine handler-specific options" end end end # Start a new rack server (like running rackup). This will parse ARGV and # provide standard ARGV rackup options, defaulting to load 'config.ru'. # # Providing an options hash will prevent ARGV parsing and will not include # any default options. # # This method can be used to very easily launch a CGI application, for # example: # # Rack::Server.start( # :app => lambda do |e| # [200, {'Content-Type' => 'text/html'}, ['hello world']] # end, # :server => 'cgi' # ) # # Further options available here are documented on Rack::Server#initialize def self.start(options = nil) new(options).start end attr_writer :options # Options may include: # * :app # a rack application to run (overrides :config and :builder) # * :builder # a string to evaluate a Rack::Builder from # * :config # a rackup configuration file path to load (.ru) # * :environment # this selects the middleware that will be wrapped around # your application. Default options available are: # - development: CommonLogger, ShowExceptions, and Lint # - deployment: CommonLogger # - none: no extra middleware # note: when the server is a cgi server, CommonLogger is not included. # * :server # choose a specific Rack::Handler, e.g. cgi, fcgi, webrick # * :daemonize # if true, the server will daemonize itself (fork, detach, etc) # * :pid # path to write a pid file after daemonize # * :Host # the host address to bind to (used by supporting Rack::Handler) # * :Port # the port to bind to (used by supporting Rack::Handler) # * :AccessLog # webrick access log options (or supporting Rack::Handler) # * :debug # turn on debug output ($DEBUG = true) # * :warn # turn on warnings ($-w = true) # * :include # add given paths to $LOAD_PATH # * :require # require the given libraries # # Additional options for profiling app initialization include: # * :heapfile # location for ObjectSpace.dump_all to write the output to # * :profile_file # location for CPU/Memory (StackProf) profile output (defaults to a tempfile) # * :profile_mode # StackProf profile mode (cpu|wall|object) def initialize(options = nil) @ignore_options = [] if options @use_default_options = false @options = options @app = options[:app] if options[:app] else argv = defined?(SPEC_ARGV) ? SPEC_ARGV : ARGV @use_default_options = true @options = parse_options(argv) end end def options merged_options = @use_default_options ? default_options.merge(@options) : @options merged_options.reject { |k, v| @ignore_options.include?(k) } end def default_options environment = ENV['RACK_ENV'] || 'development' default_host = environment == 'development' ? 'localhost' : '0.0.0.0' { environment: environment, pid: nil, Port: 9292, Host: default_host, AccessLog: [], config: "config.ru" } end def app @app ||= options[:builder] ? build_app_from_string : build_app_and_options_from_config end class << self def logging_middleware lambda { |server| /CGI/.match?(server.server.name) || server.options[:quiet] ? nil : [Rack::CommonLogger, $stderr] } end def default_middleware_by_environment m = Hash.new {|h, k| h[k] = []} m["deployment"] = [ [Rack::ContentLength], logging_middleware, [Rack::TempfileReaper] ] m["development"] = [ [Rack::ContentLength], logging_middleware, [Rack::ShowExceptions], [Rack::Lint], [Rack::TempfileReaper] ] m end def middleware default_middleware_by_environment end end def middleware self.class.middleware end def start &blk if options[:warn] $-w = true end if includes = options[:include] $LOAD_PATH.unshift(*includes) end if library = options[:require] require library end if options[:debug] $DEBUG = true require 'pp' p options[:server] pp wrapped_app pp app end check_pid! if options[:pid] # Touch the wrapped app, so that the config.ru is loaded before # daemonization (i.e. before chdir, etc). handle_profiling(options[:heapfile], options[:profile_mode], options[:profile_file]) do wrapped_app end daemonize_app if options[:daemonize] write_pid if options[:pid] trap(:INT) do if server.respond_to?(:shutdown) server.shutdown else exit end end server.run wrapped_app, options, &blk end def server @_server ||= Rack::Handler.get(options[:server]) unless @_server @_server = Rack::Handler.default # We already speak FastCGI @ignore_options = [:File, :Port] if @_server.to_s == 'Rack::Handler::FastCGI' end @_server end private def build_app_and_options_from_config if !::File.exist? options[:config] abort "configuration #{options[:config]} not found" end app, options = Rack::Builder.parse_file(self.options[:config], opt_parser) @options.merge!(options) { |key, old, new| old } app end def handle_profiling(heapfile, profile_mode, filename) if heapfile require "objspace" ObjectSpace.trace_object_allocations_start yield GC.start ::File.open(heapfile, "w") { |f| ObjectSpace.dump_all(output: f) } exit end if profile_mode require "stackprof" require "tempfile" make_profile_name(filename) do |filename| ::File.open(filename, "w") do |f| StackProf.run(mode: profile_mode, out: f) do yield end puts "Profile written to: #{filename}" end end exit end yield end def make_profile_name(filename) if filename yield filename else ::Dir::Tmpname.create("profile.dump") do |tmpname, _, _| yield tmpname end end end def build_app_from_string Rack::Builder.new_from_string(self.options[:builder]) end def parse_options(args) # Don't evaluate CGI ISINDEX parameters. # http://www.meb.uni-bonn.de/docs/cgi/cl.html args.clear if ENV.include?(REQUEST_METHOD) @options = opt_parser.parse!(args) @options[:config] = ::File.expand_path(options[:config]) ENV["RACK_ENV"] = options[:environment] @options end def opt_parser Options.new end def build_app(app) middleware[options[:environment]].reverse_each do |middleware| middleware = middleware.call(self) if middleware.respond_to?(:call) next unless middleware klass, *args = middleware app = klass.new(app, *args) end app end def wrapped_app @wrapped_app ||= build_app app end def daemonize_app Process.daemon end def write_pid ::File.open(options[:pid], ::File::CREAT | ::File::EXCL | ::File::WRONLY ){ |f| f.write("#{Process.pid}") } at_exit { ::FileUtils.rm_f(options[:pid]) } rescue Errno::EEXIST check_pid! retry end def check_pid! case pidfile_process_status when :running, :not_owned $stderr.puts "A server is already running. Check #{options[:pid]}." exit(1) when :dead ::File.delete(options[:pid]) end end def pidfile_process_status return :exited unless ::File.exist?(options[:pid]) pid = ::File.read(options[:pid]).to_i return :dead if pid == 0 Process.kill(0, pid) :running rescue Errno::ESRCH :dead rescue Errno::EPERM :not_owned end end end rack-2.1.4/lib/rack/session/000077500000000000000000000000001367177163600156305ustar00rootroot00000000000000rack-2.1.4/lib/rack/session/abstract/000077500000000000000000000000001367177163600174335ustar00rootroot00000000000000rack-2.1.4/lib/rack/session/abstract/id.rb000066400000000000000000000353261367177163600203650ustar00rootroot00000000000000# frozen_string_literal: true # AUTHOR: blink ; blink#ruby-lang@irc.freenode.net # bugrep: Andreas Zehnder require 'rack' require 'time' require 'rack/request' require 'rack/response' require 'securerandom' require 'digest/sha2' module Rack module Session class SessionId ID_VERSION = 2 attr_reader :public_id def initialize(public_id) @public_id = public_id end def private_id "#{ID_VERSION}::#{hash_sid(public_id)}" end alias :cookie_value :public_id alias :to_s :public_id def empty?; false; end def inspect; public_id.inspect; end private def hash_sid(sid) Digest::SHA256.hexdigest(sid) end end module Abstract # SessionHash is responsible to lazily load the session from store. class SessionHash using Module.new { refine Hash do def transform_keys(&block) hash = {} each do |key, value| hash[block.call(key)] = value end hash end end } unless {}.respond_to?(:transform_keys) include Enumerable attr_writer :id Unspecified = Object.new def self.find(req) req.get_header RACK_SESSION end def self.set(req, session) req.set_header RACK_SESSION, session end def self.set_options(req, options) req.set_header RACK_SESSION_OPTIONS, options.dup end def initialize(store, req) @store = store @req = req @loaded = false end def id return @id if @loaded or instance_variable_defined?(:@id) @id = @store.send(:extract_session_id, @req) end def options @req.session_options end def each(&block) load_for_read! @data.each(&block) end def [](key) load_for_read! @data[key.to_s] end def fetch(key, default = Unspecified, &block) load_for_read! if default == Unspecified @data.fetch(key.to_s, &block) else @data.fetch(key.to_s, default, &block) end end def has_key?(key) load_for_read! @data.has_key?(key.to_s) end alias :key? :has_key? alias :include? :has_key? def []=(key, value) load_for_write! @data[key.to_s] = value end alias :store :[]= def clear load_for_write! @data.clear end def destroy clear @id = @store.send(:delete_session, @req, id, options) end def to_hash load_for_read! @data.dup end def update(hash) load_for_write! @data.update(stringify_keys(hash)) end alias :merge! :update def replace(hash) load_for_write! @data.replace(stringify_keys(hash)) end def delete(key) load_for_write! @data.delete(key.to_s) end def inspect if loaded? @data.inspect else "#<#{self.class}:0x#{self.object_id.to_s(16)} not yet loaded>" end end def exists? return @exists if instance_variable_defined?(:@exists) @data = {} @exists = @store.send(:session_exists?, @req) end def loaded? @loaded end def empty? load_for_read! @data.empty? end def keys load_for_read! @data.keys end def values load_for_read! @data.values end private def load_for_read! load! if !loaded? && exists? end def load_for_write! load! unless loaded? end def load! @id, session = @store.send(:load_session, @req) @data = stringify_keys(session) @loaded = true end def stringify_keys(other) other.to_hash.transform_keys(&:to_s) end end # ID sets up a basic framework for implementing an id based sessioning # service. Cookies sent to the client for maintaining sessions will only # contain an id reference. Only #find_session and #write_session are # required to be overwritten. # # All parameters are optional. # * :key determines the name of the cookie, by default it is # 'rack.session' # * :path, :domain, :expire_after, :secure, and :httponly set the related # cookie options as by Rack::Response#set_cookie # * :skip will not a set a cookie in the response nor update the session state # * :defer will not set a cookie in the response but still update the session # state if it is used with a backend # * :renew (implementation dependent) will prompt the generation of a new # session id, and migration of data to be referenced at the new id. If # :defer is set, it will be overridden and the cookie will be set. # * :sidbits sets the number of bits in length that a generated session # id will be. # # These options can be set on a per request basis, at the location of # env['rack.session.options']. Additionally the id of the # session can be found within the options hash at the key :id. It is # highly not recommended to change its value. # # Is Rack::Utils::Context compatible. # # Not included by default; you must require 'rack/session/abstract/id' # to use. class Persisted DEFAULT_OPTIONS = { key: RACK_SESSION, path: '/', domain: nil, expire_after: nil, secure: false, httponly: true, defer: false, renew: false, sidbits: 128, cookie_only: true, secure_random: ::SecureRandom }.freeze attr_reader :key, :default_options, :sid_secure def initialize(app, options = {}) @app = app @default_options = self.class::DEFAULT_OPTIONS.merge(options) @key = @default_options.delete(:key) @cookie_only = @default_options.delete(:cookie_only) initialize_sid end def call(env) context(env) end def context(env, app = @app) req = make_request env prepare_session(req) status, headers, body = app.call(req.env) res = Rack::Response::Raw.new status, headers commit_session(req, res) [status, headers, body] end private def make_request(env) Rack::Request.new env end def initialize_sid @sidbits = @default_options[:sidbits] @sid_secure = @default_options[:secure_random] @sid_length = @sidbits / 4 end # Generate a new session id using Ruby #rand. The size of the # session id is controlled by the :sidbits option. # Monkey patch this to use custom methods for session id generation. def generate_sid(secure = @sid_secure) if secure secure.hex(@sid_length) else "%0#{@sid_length}x" % Kernel.rand(2**@sidbits - 1) end rescue NotImplementedError generate_sid(false) end # Sets the lazy session at 'rack.session' and places options and session # metadata into 'rack.session.options'. def prepare_session(req) session_was = req.get_header RACK_SESSION session = session_class.new(self, req) req.set_header RACK_SESSION, session req.set_header RACK_SESSION_OPTIONS, @default_options.dup session.merge! session_was if session_was end # Extracts the session id from provided cookies and passes it and the # environment to #find_session. def load_session(req) sid = current_session_id(req) sid, session = find_session(req, sid) [sid, session || {}] end # Extract session id from request object. def extract_session_id(request) sid = request.cookies[@key] sid ||= request.params[@key] unless @cookie_only sid end # Returns the current session id from the SessionHash. def current_session_id(req) req.get_header(RACK_SESSION).id end # Check if the session exists or not. def session_exists?(req) value = current_session_id(req) value && !value.empty? end # Session should be committed if it was loaded, any of specific options like :renew, :drop # or :expire_after was given and the security permissions match. Skips if skip is given. def commit_session?(req, session, options) if options[:skip] false else has_session = loaded_session?(session) || forced_session_update?(session, options) has_session && security_matches?(req, options) end end def loaded_session?(session) !session.is_a?(session_class) || session.loaded? end def forced_session_update?(session, options) force_options?(options) && session && !session.empty? end def force_options?(options) options.values_at(:max_age, :renew, :drop, :defer, :expire_after).any? end def security_matches?(request, options) return true unless options[:secure] request.ssl? end # Acquires the session from the environment and the session id from # the session options and passes them to #write_session. If successful # and the :defer option is not true, a cookie will be added to the # response with the session's id. def commit_session(req, res) session = req.get_header RACK_SESSION options = session.options if options[:drop] || options[:renew] session_id = delete_session(req, session.id || generate_sid, options) return unless session_id end return unless commit_session?(req, session, options) session.send(:load!) unless loaded_session?(session) session_id ||= session.id session_data = session.to_hash.delete_if { |k, v| v.nil? } if not data = write_session(req, session_id, session_data, options) req.get_header(RACK_ERRORS).puts("Warning! #{self.class.name} failed to save session. Content dropped.") elsif options[:defer] and not options[:renew] req.get_header(RACK_ERRORS).puts("Deferring cookie for #{session_id}") if $VERBOSE else cookie = Hash.new cookie[:value] = cookie_value(data) cookie[:expires] = Time.now + options[:expire_after] if options[:expire_after] cookie[:expires] = Time.now + options[:max_age] if options[:max_age] set_cookie(req, res, cookie.merge!(options)) end end public :commit_session def cookie_value(data) data end # Sets the cookie back to the client with session id. We skip the cookie # setting if the value didn't change (sid is the same) or expires was given. def set_cookie(request, res, cookie) if request.cookies[@key] != cookie[:value] || cookie[:expires] res.set_cookie_header = Utils.add_cookie_to_header(res.set_cookie_header, @key, cookie) end end # Allow subclasses to prepare_session for different Session classes def session_class SessionHash end # All thread safety and session retrieval procedures should occur here. # Should return [session_id, session]. # If nil is provided as the session id, generation of a new valid id # should occur within. def find_session(env, sid) raise '#find_session not implemented.' end # All thread safety and session storage procedures should occur here. # Must return the session id if the session was saved successfully, or # false if the session could not be saved. def write_session(req, sid, session, options) raise '#write_session not implemented.' end # All thread safety and session destroy procedures should occur here. # Should return a new session id or nil if options[:drop] def delete_session(req, sid, options) raise '#delete_session not implemented' end end class PersistedSecure < Persisted class SecureSessionHash < SessionHash def [](key) if key == "session_id" load_for_read! id.public_id if id else super end end end def generate_sid(*) public_id = super SessionId.new(public_id) end def extract_session_id(*) public_id = super public_id && SessionId.new(public_id) end private def session_class SecureSessionHash end def cookie_value(data) data.cookie_value end end class ID < Persisted def self.inherited(klass) k = klass.ancestors.find { |kl| kl.respond_to?(:superclass) && kl.superclass == ID } unless k.instance_variable_defined?(:"@_rack_warned") warn "#{klass} is inheriting from #{ID}. Inheriting from #{ID} is deprecated, please inherit from #{Persisted} instead" if $VERBOSE k.instance_variable_set(:"@_rack_warned", true) end super end # All thread safety and session retrieval procedures should occur here. # Should return [session_id, session]. # If nil is provided as the session id, generation of a new valid id # should occur within. def find_session(req, sid) get_session req.env, sid end # All thread safety and session storage procedures should occur here. # Must return the session id if the session was saved successfully, or # false if the session could not be saved. def write_session(req, sid, session, options) set_session req.env, sid, session, options end # All thread safety and session destroy procedures should occur here. # Should return a new session id or nil if options[:drop] def delete_session(req, sid, options) destroy_session req.env, sid, options end end end end end rack-2.1.4/lib/rack/session/cookie.rb000066400000000000000000000136621367177163600174360ustar00rootroot00000000000000# frozen_string_literal: true require 'openssl' require 'zlib' require 'rack/request' require 'rack/response' require 'rack/session/abstract/id' require 'json' require 'base64' module Rack module Session # Rack::Session::Cookie provides simple cookie based session management. # By default, the session is a Ruby Hash stored as base64 encoded marshalled # data set to :key (default: rack.session). The object that encodes the # session data is configurable and must respond to +encode+ and +decode+. # Both methods must take a string and return a string. # # When the secret key is set, cookie data is checked for data integrity. # The old secret key is also accepted and allows graceful secret rotation. # # Example: # # use Rack::Session::Cookie, :key => 'rack.session', # :domain => 'foo.com', # :path => '/', # :expire_after => 2592000, # :secret => 'change_me', # :old_secret => 'also_change_me' # # All parameters are optional. # # Example of a cookie with no encoding: # # Rack::Session::Cookie.new(application, { # :coder => Rack::Session::Cookie::Identity.new # }) # # Example of a cookie with custom encoding: # # Rack::Session::Cookie.new(application, { # :coder => Class.new { # def encode(str); str.reverse; end # def decode(str); str.reverse; end # }.new # }) # class Cookie < Abstract::PersistedSecure # Encode session cookies as Base64 class Base64 def encode(str) ::Base64.strict_encode64(str) end def decode(str) ::Base64.decode64(str) end # Encode session cookies as Marshaled Base64 data class Marshal < Base64 def encode(str) super(::Marshal.dump(str)) end def decode(str) return unless str ::Marshal.load(super(str)) rescue nil end end # N.B. Unlike other encoding methods, the contained objects must be a # valid JSON composite type, either a Hash or an Array. class JSON < Base64 def encode(obj) super(::JSON.dump(obj)) end def decode(str) return unless str ::JSON.parse(super(str)) rescue nil end end class ZipJSON < Base64 def encode(obj) super(Zlib::Deflate.deflate(::JSON.dump(obj))) end def decode(str) return unless str ::JSON.parse(Zlib::Inflate.inflate(super(str))) rescue nil end end end # Use no encoding for session cookies class Identity def encode(str); str; end def decode(str); str; end end attr_reader :coder def initialize(app, options = {}) @secrets = options.values_at(:secret, :old_secret).compact @hmac = options.fetch(:hmac, OpenSSL::Digest::SHA1) warn <<-MSG unless secure?(options) SECURITY WARNING: No secret option provided to Rack::Session::Cookie. This poses a security threat. It is strongly recommended that you provide a secret to prevent exploits that may be possible from crafted cookies. This will not be supported in future versions of Rack, and future versions will even invalidate your existing user cookies. Called from: #{caller[0]}. MSG @coder = options[:coder] ||= Base64::Marshal.new super(app, options.merge!(cookie_only: true)) end private def find_session(req, sid) data = unpacked_cookie_data(req) data = persistent_session_id!(data) [data["session_id"], data] end def extract_session_id(request) unpacked_cookie_data(request)["session_id"] end def unpacked_cookie_data(request) request.fetch_header(RACK_SESSION_UNPACKED_COOKIE_DATA) do |k| session_data = request.cookies[@key] if @secrets.size > 0 && session_data session_data, _, digest = session_data.rpartition('--') session_data = nil unless digest_match?(session_data, digest) end request.set_header(k, coder.decode(session_data) || {}) end end def persistent_session_id!(data, sid = nil) data ||= {} data["session_id"] ||= sid || generate_sid data end class SessionId < DelegateClass(Session::SessionId) attr_reader :cookie_value def initialize(session_id, cookie_value) super(session_id) @cookie_value = cookie_value end end def write_session(req, session_id, session, options) session = session.merge("session_id" => session_id) session_data = coder.encode(session) if @secrets.first session_data << "--#{generate_hmac(session_data, @secrets.first)}" end if session_data.size > (4096 - @key.size) req.get_header(RACK_ERRORS).puts("Warning! Rack::Session::Cookie data size exceeds 4K.") nil else SessionId.new(session_id, session_data) end end def delete_session(req, session_id, options) # Nothing to do here, data is in the client generate_sid unless options[:drop] end def digest_match?(data, digest) return unless data && digest @secrets.any? do |secret| Rack::Utils.secure_compare(digest, generate_hmac(data, secret)) end end def generate_hmac(data, secret) OpenSSL::HMAC.hexdigest(@hmac.new, secret, data) end def secure?(options) @secrets.size >= 1 || (options[:coder] && options[:let_coder_handle_secure_encoding]) end end end end rack-2.1.4/lib/rack/session/memcache.rb000066400000000000000000000003451367177163600177210ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/session/dalli' module Rack module Session warn "Rack::Session::Memcache is deprecated, please use Rack::Session::Dalli from 'dalli' gem instead." Memcache = Dalli end end rack-2.1.4/lib/rack/session/pool.rb000066400000000000000000000044061367177163600171320ustar00rootroot00000000000000# frozen_string_literal: true # AUTHOR: blink ; blink#ruby-lang@irc.freenode.net # THANKS: # apeiros, for session id generation, expiry setup, and threadiness # sergio, threadiness and bugreps require 'rack/session/abstract/id' require 'thread' module Rack module Session # Rack::Session::Pool provides simple cookie based session management. # Session data is stored in a hash held by @pool. # In the context of a multithreaded environment, sessions being # committed to the pool is done in a merging manner. # # The :drop option is available in rack.session.options if you wish to # explicitly remove the session from the session cache. # # Example: # myapp = MyRackApp.new # sessioned = Rack::Session::Pool.new(myapp, # :domain => 'foo.com', # :expire_after => 2592000 # ) # Rack::Handler::WEBrick.run sessioned class Pool < Abstract::PersistedSecure attr_reader :mutex, :pool DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.merge drop: false def initialize(app, options = {}) super @pool = Hash.new @mutex = Mutex.new end def generate_sid loop do sid = super break sid unless @pool.key? sid.private_id end end def find_session(req, sid) with_lock(req) do unless sid and session = get_session_with_fallback(sid) sid, session = generate_sid, {} @pool.store sid.private_id, session end [sid, session] end end def write_session(req, session_id, new_session, options) with_lock(req) do @pool.store session_id.private_id, new_session session_id end end def delete_session(req, session_id, options) with_lock(req) do @pool.delete(session_id.public_id) @pool.delete(session_id.private_id) generate_sid unless options[:drop] end end def with_lock(req) @mutex.lock if req.multithread? yield ensure @mutex.unlock if @mutex.locked? end private def get_session_with_fallback(sid) @pool[sid.private_id] || @pool[sid.public_id] end end end end rack-2.1.4/lib/rack/show_exceptions.rb000066400000000000000000000324541367177163600177230ustar00rootroot00000000000000# frozen_string_literal: true require 'ostruct' require 'erb' require 'rack/request' require 'rack/utils' module Rack # Rack::ShowExceptions catches all exceptions raised from the app it # wraps. It shows a useful backtrace with the sourcefile and # clickable context, the whole Rack environment and the request # data. # # Be careful when you use this on public-facing sites as it could # reveal information helpful to attackers. class ShowExceptions CONTEXT = 7 def initialize(app) @app = app end def call(env) @app.call(env) rescue StandardError, LoadError, SyntaxError => e exception_string = dump_exception(e) env[RACK_ERRORS].puts(exception_string) env[RACK_ERRORS].flush if accepts_html?(env) content_type = "text/html" body = pretty(env, e) else content_type = "text/plain" body = exception_string end [ 500, { CONTENT_TYPE => content_type, CONTENT_LENGTH => body.bytesize.to_s, }, [body], ] end def prefers_plaintext?(env) !accepts_html?(env) end def accepts_html?(env) Rack::Utils.best_q_match(env["HTTP_ACCEPT"], %w[text/html]) end private :accepts_html? def dump_exception(exception) string = "#{exception.class}: #{exception.message}\n".dup string << exception.backtrace.map { |l| "\t#{l}" }.join("\n") string end def pretty(env, exception) req = Rack::Request.new(env) # This double assignment is to prevent an "unused variable" warning on # Ruby 1.9.3. Yes, it is dumb, but I don't like Ruby yelling at me. path = path = (req.script_name + req.path_info).squeeze("/") # This double assignment is to prevent an "unused variable" warning on # Ruby 1.9.3. Yes, it is dumb, but I don't like Ruby yelling at me. frames = frames = exception.backtrace.map { |line| frame = OpenStruct.new if line =~ /(.*?):(\d+)(:in `(.*)')?/ frame.filename = $1 frame.lineno = $2.to_i frame.function = $4 begin lineno = frame.lineno - 1 lines = ::File.readlines(frame.filename) frame.pre_context_lineno = [lineno - CONTEXT, 0].max frame.pre_context = lines[frame.pre_context_lineno...lineno] frame.context_line = lines[lineno].chomp frame.post_context_lineno = [lineno + CONTEXT, lines.size].min frame.post_context = lines[lineno + 1..frame.post_context_lineno] rescue end frame else nil end }.compact template.result(binding) end def template TEMPLATE end def h(obj) # :nodoc: case obj when String Utils.escape_html(obj) else Utils.escape_html(obj.inspect) end end # :stopdoc: # adapted from Django # Copyright (c) Django Software Foundation and individual contributors. # Used under the modified BSD license: # http://www.xfree86.org/3.3.6/COPYRIGHT2.html#5 TEMPLATE = ERB.new(<<-'HTML'.gsub(/^ /, '')) <%=h exception.class %> at <%=h path %>

<%=h exception.class %> at <%=h path %>

<%=h exception.message %>

Ruby <% if first = frames.first %> <%=h first.filename %>: in <%=h first.function %>, line <%=h frames.first.lineno %> <% else %> unknown location <% end %>
Web <%=h req.request_method %> <%=h(req.host + path)%>

Jump to:

Traceback (innermost first)

    <% frames.each { |frame| %>
  • <%=h frame.filename %>: in <%=h frame.function %> <% if frame.context_line %>
    <% if frame.pre_context %>
      <% frame.pre_context.each { |line| %>
    1. <%=h line %>
      2. <% } %>
    <% end %>
    1. <%=h frame.context_line %>...
    <% if frame.post_context %>
      <% frame.post_context.each { |line| %>
    1. <%=h line %>
      2. <% } %>
    <% end %>
    <% end %>
    • <% } %>

Request information

GET

<% if req.GET and not req.GET.empty? %> <% req.GET.sort_by { |k, v| k.to_s }.each { |key, val| %> <% } %>
Variable Value
<%=h key %>
<%=h val.inspect %>
<% else %>

No GET data.

<% end %>

POST

<% if req.POST and not req.POST.empty? %> <% req.POST.sort_by { |k, v| k.to_s }.each { |key, val| %> <% } %>
Variable Value
<%=h key %>
<%=h val.inspect %>
<% else %>

No POST data.

<% end %> <% unless req.cookies.empty? %> <% req.cookies.each { |key, val| %> <% } %>
Variable Value
<%=h key %>
<%=h val.inspect %>
<% else %>

No cookie data.

<% end %>

Rack ENV

<% env.sort_by { |k, v| k.to_s }.each { |key, val| %> <% } %>
Variable Value
<%=h key %>
<%=h val.inspect %>

You're seeing this error because you use Rack::ShowExceptions.

HTML # :startdoc: end end rack-2.1.4/lib/rack/show_status.rb000066400000000000000000000067751367177163600170740ustar00rootroot00000000000000# frozen_string_literal: true require 'erb' require 'rack/request' require 'rack/utils' module Rack # Rack::ShowStatus catches all empty responses and replaces them # with a site explaining the error. # # Additional details can be put into rack.showstatus.detail # and will be shown as HTML. If such details exist, the error page # is always rendered, even if the reply was not empty. class ShowStatus def initialize(app) @app = app @template = ERB.new(TEMPLATE) end def call(env) status, headers, body = @app.call(env) headers = Utils::HeaderHash.new(headers) empty = headers[CONTENT_LENGTH].to_i <= 0 # client or server error, or explicit message if (status.to_i >= 400 && empty) || env[RACK_SHOWSTATUS_DETAIL] # This double assignment is to prevent an "unused variable" warning on # Ruby 1.9.3. Yes, it is dumb, but I don't like Ruby yelling at me. req = req = Rack::Request.new(env) message = Rack::Utils::HTTP_STATUS_CODES[status.to_i] || status.to_s # This double assignment is to prevent an "unused variable" warning on # Ruby 1.9.3. Yes, it is dumb, but I don't like Ruby yelling at me. detail = detail = env[RACK_SHOWSTATUS_DETAIL] || message body = @template.result(binding) size = body.bytesize [status, headers.merge(CONTENT_TYPE => "text/html", CONTENT_LENGTH => size.to_s), [body]] else [status, headers, body] end end def h(obj) # :nodoc: case obj when String Utils.escape_html(obj) else Utils.escape_html(obj.inspect) end end # :stopdoc: # adapted from Django # Copyright (c) Django Software Foundation and individual contributors. # Used under the modified BSD license: # http://www.xfree86.org/3.3.6/COPYRIGHT2.html#5 TEMPLATE = <<'HTML' <%=h message %> at <%=h req.script_name + req.path_info %>

<%=h message %> (<%= status.to_i %>)

Request Method: <%=h req.request_method %>
Request URL: <%=h req.url %>

<%=h detail %>

You're seeing this error because you use Rack::ShowStatus.

HTML # :startdoc: end end rack-2.1.4/lib/rack/static.rb000066400000000000000000000133261367177163600157660ustar00rootroot00000000000000# frozen_string_literal: true require "rack/files" require "rack/utils" require_relative 'core_ext/regexp' module Rack # The Rack::Static middleware intercepts requests for static files # (javascript files, images, stylesheets, etc) based on the url prefixes or # route mappings passed in the options, and serves them using a Rack::Files # object. This allows a Rack stack to serve both static and dynamic content. # # Examples: # # Serve all requests beginning with /media from the "media" folder located # in the current directory (ie media/*): # # use Rack::Static, :urls => ["/media"] # # Serve all requests beginning with /css or /images from the folder "public" # in the current directory (ie public/css/* and public/images/*): # # use Rack::Static, :urls => ["/css", "/images"], :root => "public" # # Serve all requests to / with "index.html" from the folder "public" in the # current directory (ie public/index.html): # # use Rack::Static, :urls => {"/" => 'index.html'}, :root => 'public' # # Serve all requests normally from the folder "public" in the current # directory but uses index.html as default route for "/" # # use Rack::Static, :urls => [""], :root => 'public', :index => # 'index.html' # # Set custom HTTP Headers for based on rules: # # use Rack::Static, :root => 'public', # :header_rules => [ # [rule, {header_field => content, header_field => content}], # [rule, {header_field => content}] # ] # # Rules for selecting files: # # 1) All files # Provide the :all symbol # :all => Matches every file # # 2) Folders # Provide the folder path as a string # '/folder' or '/folder/subfolder' => Matches files in a certain folder # # 3) File Extensions # Provide the file extensions as an array # ['css', 'js'] or %w(css js) => Matches files ending in .css or .js # # 4) Regular Expressions / Regexp # Provide a regular expression # %r{\.(?:css|js)\z} => Matches files ending in .css or .js # /\.(?:eot|ttf|otf|woff2|woff|svg)\z/ => Matches files ending in # the most common web font formats (.eot, .ttf, .otf, .woff2, .woff, .svg) # Note: This Regexp is available as a shortcut, using the :fonts rule # # 5) Font Shortcut # Provide the :fonts symbol # :fonts => Uses the Regexp rule stated right above to match all common web font endings # # Rule Ordering: # Rules are applied in the order that they are provided. # List rather general rules above special ones. # # Complete example use case including HTTP header rules: # # use Rack::Static, :root => 'public', # :header_rules => [ # # Cache all static files in public caches (e.g. Rack::Cache) # # as well as in the browser # [:all, {'Cache-Control' => 'public, max-age=31536000'}], # # # Provide web fonts with cross-origin access-control-headers # # Firefox requires this when serving assets using a Content Delivery Network # [:fonts, {'Access-Control-Allow-Origin' => '*'}] # ] # class Static using ::Rack::RegexpExtensions def initialize(app, options = {}) @app = app @urls = options[:urls] || ["/favicon.ico"] @index = options[:index] @gzip = options[:gzip] root = options[:root] || Dir.pwd # HTTP Headers @header_rules = options[:header_rules] || [] # Allow for legacy :cache_control option while prioritizing global header_rules setting @header_rules.unshift([:all, { CACHE_CONTROL => options[:cache_control] }]) if options[:cache_control] @file_server = Rack::Files.new(root) end def add_index_root?(path) @index && route_file(path) && path.end_with?('/') end def overwrite_file_path(path) @urls.kind_of?(Hash) && @urls.key?(path) || add_index_root?(path) end def route_file(path) @urls.kind_of?(Array) && @urls.any? { |url| path.index(url) == 0 } end def can_serve(path) route_file(path) || overwrite_file_path(path) end def call(env) path = env[PATH_INFO] if can_serve(path) if overwrite_file_path(path) env[PATH_INFO] = (add_index_root?(path) ? path + @index : @urls[path]) elsif @gzip && env['HTTP_ACCEPT_ENCODING'] && /\bgzip\b/.match?(env['HTTP_ACCEPT_ENCODING']) path = env[PATH_INFO] env[PATH_INFO] += '.gz' response = @file_server.call(env) env[PATH_INFO] = path if response[0] == 404 response = nil else if mime_type = Mime.mime_type(::File.extname(path), 'text/plain') response[1][CONTENT_TYPE] = mime_type end response[1]['Content-Encoding'] = 'gzip' end end path = env[PATH_INFO] response ||= @file_server.call(env) headers = response[1] applicable_rules(path).each do |rule, new_headers| new_headers.each { |field, content| headers[field] = content } end response else @app.call(env) end end # Convert HTTP header rules to HTTP headers def applicable_rules(path) @header_rules.find_all do |rule, new_headers| case rule when :all true when :fonts /\.(?:ttf|otf|eot|woff2|woff|svg)\z/.match?(path) when String path = ::Rack::Utils.unescape(path) path.start_with?(rule) || path.start_with?('/' + rule) when Array /\.(#{rule.join('|')})\z/.match?(path) when Regexp rule.match?(path) else false end end end end end rack-2.1.4/lib/rack/tempfile_reaper.rb000066400000000000000000000012601367177163600176340ustar00rootroot00000000000000# frozen_string_literal: true require 'rack/body_proxy' module Rack # Middleware tracks and cleans Tempfiles created throughout a request (i.e. Rack::Multipart) # Ideas/strategy based on posts by Eric Wong and Charles Oliver Nutter # https://groups.google.com/forum/#!searchin/rack-devel/temp/rack-devel/brK8eh-MByw/sw61oJJCGRMJ class TempfileReaper def initialize(app) @app = app end def call(env) env[RACK_TEMPFILES] ||= [] status, headers, body = @app.call(env) body_proxy = BodyProxy.new(body) do env[RACK_TEMPFILES].each(&:close!) unless env[RACK_TEMPFILES].nil? end [status, headers, body_proxy] end end end rack-2.1.4/lib/rack/urlmap.rb000066400000000000000000000055131367177163600157760ustar00rootroot00000000000000# frozen_string_literal: true require 'set' module Rack # Rack::URLMap takes a hash mapping urls or paths to apps, and # dispatches accordingly. Support for HTTP/1.1 host names exists if # the URLs start with http:// or https://. # # URLMap modifies the SCRIPT_NAME and PATH_INFO such that the part # relevant for dispatch is in the SCRIPT_NAME, and the rest in the # PATH_INFO. This should be taken care of when you need to # reconstruct the URL in order to create links. # # URLMap dispatches in such a way that the longest paths are tried # first, since they are most specific. class URLMap NEGATIVE_INFINITY = -1.0 / 0.0 INFINITY = 1.0 / 0.0 def initialize(map = {}) remap(map) end def remap(map) @known_hosts = Set[] @mapping = map.map { |location, app| if location =~ %r{\Ahttps?://(.*?)(/.*)} host, location = $1, $2 @known_hosts << host else host = nil end unless location[0] == ?/ raise ArgumentError, "paths need to start with /" end location = location.chomp('/') match = Regexp.new("^#{Regexp.quote(location).gsub('/', '/+')}(.*)", nil, 'n') [host, location, match, app] }.sort_by do |(host, location, _, _)| [host ? -host.size : INFINITY, -location.size] end end def call(env) path = env[PATH_INFO] script_name = env[SCRIPT_NAME] http_host = env[HTTP_HOST] server_name = env[SERVER_NAME] server_port = env[SERVER_PORT] is_same_server = casecmp?(http_host, server_name) || casecmp?(http_host, "#{server_name}:#{server_port}") is_host_known = @known_hosts.include? http_host @mapping.each do |host, location, match, app| unless casecmp?(http_host, host) \ || casecmp?(server_name, host) \ || (!host && is_same_server) \ || (!host && !is_host_known) # If we don't have a matching host, default to the first without a specified host next end next unless m = match.match(path.to_s) rest = m[1] next unless !rest || rest.empty? || rest[0] == ?/ env[SCRIPT_NAME] = (script_name + location) env[PATH_INFO] = rest return app.call(env) end [404, { CONTENT_TYPE => "text/plain", "X-Cascade" => "pass" }, ["Not Found: #{path}"]] ensure env[PATH_INFO] = path env[SCRIPT_NAME] = script_name end private def casecmp?(v1, v2) # if both nil, or they're the same string return true if v1 == v2 # if either are nil... (but they're not the same) return false if v1.nil? return false if v2.nil? # otherwise check they're not case-insensitive the same v1.casecmp(v2).zero? end end end rack-2.1.4/lib/rack/utils.rb000066400000000000000000000436041367177163600156410ustar00rootroot00000000000000# -*- encoding: binary -*- # frozen_string_literal: true require 'uri' require 'fileutils' require 'set' require 'tempfile' require 'rack/query_parser' require 'time' require_relative 'core_ext/regexp' module Rack # Rack::Utils contains a grab-bag of useful methods for writing web # applications adopted from all kinds of Ruby libraries. module Utils using ::Rack::RegexpExtensions ParameterTypeError = QueryParser::ParameterTypeError InvalidParameterError = QueryParser::InvalidParameterError DEFAULT_SEP = QueryParser::DEFAULT_SEP COMMON_SEP = QueryParser::COMMON_SEP KeySpaceConstrainedParams = QueryParser::Params class << self attr_accessor :default_query_parser end # The default number of bytes to allow parameter keys to take up. # This helps prevent a rogue client from flooding a Request. self.default_query_parser = QueryParser.make_default(65536, 100) # URI escapes. (CGI style space to +) def escape(s) URI.encode_www_form_component(s) end module_function :escape # Like URI escaping, but with %20 instead of +. Strictly speaking this is # true URI escaping. def escape_path(s) ::URI::DEFAULT_PARSER.escape s end module_function :escape_path # Unescapes the **path** component of a URI. See Rack::Utils.unescape for # unescaping query parameters or form components. def unescape_path(s) ::URI::DEFAULT_PARSER.unescape s end module_function :unescape_path # Unescapes a URI escaped string with +encoding+. +encoding+ will be the # target encoding of the string returned, and it defaults to UTF-8 def unescape(s, encoding = Encoding::UTF_8) URI.decode_www_form_component(s, encoding) end module_function :unescape class << self attr_accessor :multipart_part_limit end # The maximum number of parts a request can contain. Accepting too many part # can lead to the server running out of file handles. # Set to `0` for no limit. self.multipart_part_limit = (ENV['RACK_MULTIPART_PART_LIMIT'] || 128).to_i def self.param_depth_limit default_query_parser.param_depth_limit end def self.param_depth_limit=(v) self.default_query_parser = self.default_query_parser.new_depth_limit(v) end def self.key_space_limit default_query_parser.key_space_limit end def self.key_space_limit=(v) self.default_query_parser = self.default_query_parser.new_space_limit(v) end if defined?(Process::CLOCK_MONOTONIC) def clock_time Process.clock_gettime(Process::CLOCK_MONOTONIC) end else def clock_time Time.now.to_f end end module_function :clock_time def parse_query(qs, d = nil, &unescaper) Rack::Utils.default_query_parser.parse_query(qs, d, &unescaper) end module_function :parse_query def parse_nested_query(qs, d = nil) Rack::Utils.default_query_parser.parse_nested_query(qs, d) end module_function :parse_nested_query def build_query(params) params.map { |k, v| if v.class == Array build_query(v.map { |x| [k, x] }) else v.nil? ? escape(k) : "#{escape(k)}=#{escape(v)}" end }.join("&") end module_function :build_query def build_nested_query(value, prefix = nil) case value when Array value.map { |v| build_nested_query(v, "#{prefix}[]") }.join("&") when Hash value.map { |k, v| build_nested_query(v, prefix ? "#{prefix}[#{escape(k)}]" : escape(k)) }.delete_if(&:empty?).join('&') when nil prefix else raise ArgumentError, "value must be a Hash" if prefix.nil? "#{prefix}=#{escape(value)}" end end module_function :build_nested_query def q_values(q_value_header) q_value_header.to_s.split(/\s*,\s*/).map do |part| value, parameters = part.split(/\s*;\s*/, 2) quality = 1.0 if parameters && (md = /\Aq=([\d.]+)/.match(parameters)) quality = md[1].to_f end [value, quality] end end module_function :q_values def best_q_match(q_value_header, available_mimes) values = q_values(q_value_header) matches = values.map do |req_mime, quality| match = available_mimes.find { |am| Rack::Mime.match?(am, req_mime) } next unless match [match, quality] end.compact.sort_by do |match, quality| (match.split('/', 2).count('*') * -10) + quality end.last matches && matches.first end module_function :best_q_match ESCAPE_HTML = { "&" => "&", "<" => "<", ">" => ">", "'" => "'", '"' => """, "/" => "/" } ESCAPE_HTML_PATTERN = Regexp.union(*ESCAPE_HTML.keys) # Escape ampersands, brackets and quotes to their HTML/XML entities. def escape_html(string) string.to_s.gsub(ESCAPE_HTML_PATTERN){|c| ESCAPE_HTML[c] } end module_function :escape_html def select_best_encoding(available_encodings, accept_encoding) # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html expanded_accept_encoding = accept_encoding.each_with_object([]) do |(m, q), list| if m == "*" (available_encodings - accept_encoding.map(&:first)) .each { |m2| list << [m2, q] } else list << [m, q] end end encoding_candidates = expanded_accept_encoding.sort_by { |_, q| -q }.map!(&:first) unless encoding_candidates.include?("identity") encoding_candidates.push("identity") end expanded_accept_encoding.each do |m, q| encoding_candidates.delete(m) if q == 0.0 end (encoding_candidates & available_encodings)[0] end module_function :select_best_encoding def parse_cookies(env) parse_cookies_header env[HTTP_COOKIE] end module_function :parse_cookies def parse_cookies_header(header) # According to RFC 2109: # If multiple cookies satisfy the criteria above, they are ordered in # the Cookie header such that those with more specific Path attributes # precede those with less specific. Ordering with respect to other # attributes (e.g., Domain) is unspecified. return {} unless header header.split(/[;,] */n).each_with_object({}) do |cookie, cookies| next if cookie.empty? key, value = cookie.split('=', 2) cookies[key] = (unescape(value) rescue value) unless cookies.key?(key) end end module_function :parse_cookies_header def add_cookie_to_header(header, key, value) case value when Hash domain = "; domain=#{value[:domain]}" if value[:domain] path = "; path=#{value[:path]}" if value[:path] max_age = "; max-age=#{value[:max_age]}" if value[:max_age] expires = "; expires=#{value[:expires].httpdate}" if value[:expires] secure = "; secure" if value[:secure] httponly = "; HttpOnly" if (value.key?(:httponly) ? value[:httponly] : value[:http_only]) same_site = case value[:same_site] when false, nil nil when :none, 'None', :None '; SameSite=None' when :lax, 'Lax', :Lax '; SameSite=Lax' when true, :strict, 'Strict', :Strict '; SameSite=Strict' else raise ArgumentError, "Invalid SameSite value: #{value[:same_site].inspect}" end value = value[:value] end value = [value] unless Array === value cookie = "#{escape(key)}=#{value.map { |v| escape v }.join('&')}#{domain}" \ "#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}" case header when nil, '' cookie when String [header, cookie].join("\n") when Array (header + [cookie]).join("\n") else raise ArgumentError, "Unrecognized cookie header value. Expected String, Array, or nil, got #{header.inspect}" end end module_function :add_cookie_to_header def set_cookie_header!(header, key, value) header[SET_COOKIE] = add_cookie_to_header(header[SET_COOKIE], key, value) nil end module_function :set_cookie_header! def make_delete_cookie_header(header, key, value) case header when nil, '' cookies = [] when String cookies = header.split("\n") when Array cookies = header end regexp = if value[:domain] /\A#{escape(key)}=.*domain=#{value[:domain]}/ elsif value[:path] /\A#{escape(key)}=.*path=#{value[:path]}/ else /\A#{escape(key)}=/ end cookies.reject! { |cookie| regexp.match? cookie } cookies.join("\n") end module_function :make_delete_cookie_header def delete_cookie_header!(header, key, value = {}) header[SET_COOKIE] = add_remove_cookie_to_header(header[SET_COOKIE], key, value) nil end module_function :delete_cookie_header! # Adds a cookie that will *remove* a cookie from the client. Hence the # strange method name. def add_remove_cookie_to_header(header, key, value = {}) new_header = make_delete_cookie_header(header, key, value) add_cookie_to_header(new_header, key, { value: '', path: nil, domain: nil, max_age: '0', expires: Time.at(0) }.merge(value)) end module_function :add_remove_cookie_to_header def rfc2822(time) time.rfc2822 end module_function :rfc2822 # Modified version of stdlib time.rb Time#rfc2822 to use '%d-%b-%Y' instead # of '% %b %Y'. # It assumes that the time is in GMT to comply to the RFC 2109. # # NOTE: I'm not sure the RFC says it requires GMT, but is ambiguous enough # that I'm certain someone implemented only that option. # Do not use %a and %b from Time.strptime, it would use localized names for # weekday and month. # def rfc2109(time) wday = Time::RFC2822_DAY_NAME[time.wday] mon = Time::RFC2822_MONTH_NAME[time.mon - 1] time.strftime("#{wday}, %d-#{mon}-%Y %H:%M:%S GMT") end module_function :rfc2109 # Parses the "Range:" header, if present, into an array of Range objects. # Returns nil if the header is missing or syntactically invalid. # Returns an empty array if none of the ranges are satisfiable. def byte_ranges(env, size) warn "`byte_ranges` is deprecated, please use `get_byte_ranges`" if $VERBOSE get_byte_ranges env['HTTP_RANGE'], size end module_function :byte_ranges def get_byte_ranges(http_range, size) # See return nil unless http_range && http_range =~ /bytes=([^;]+)/ ranges = [] $1.split(/,\s*/).each do |range_spec| return nil unless range_spec =~ /(\d*)-(\d*)/ r0, r1 = $1, $2 if r0.empty? return nil if r1.empty? # suffix-byte-range-spec, represents trailing suffix of file r0 = size - r1.to_i r0 = 0 if r0 < 0 r1 = size - 1 else r0 = r0.to_i if r1.empty? r1 = size - 1 else r1 = r1.to_i return nil if r1 < r0 # backwards range is syntactically invalid r1 = size - 1 if r1 >= size end end ranges << (r0..r1) if r0 <= r1 end ranges end module_function :get_byte_ranges # Constant time string comparison. # # NOTE: the values compared should be of fixed length, such as strings # that have already been processed by HMAC. This should not be used # on variable length plaintext strings because it could leak length info # via timing attacks. def secure_compare(a, b) return false unless a.bytesize == b.bytesize l = a.unpack("C*") r, i = 0, -1 b.each_byte { |v| r |= v ^ l[i += 1] } r == 0 end module_function :secure_compare # Context allows the use of a compatible middleware at different points # in a request handling stack. A compatible middleware must define # #context which should take the arguments env and app. The first of which # would be the request environment. The second of which would be the rack # application that the request would be forwarded to. class Context attr_reader :for, :app def initialize(app_f, app_r) raise 'running context does not respond to #context' unless app_f.respond_to? :context @for, @app = app_f, app_r end def call(env) @for.context(env, @app) end def recontext(app) self.class.new(@for, app) end def context(env, app = @app) recontext(app).call(env) end end # A case-insensitive Hash that preserves the original case of a # header when set. # # @api private class HeaderHash < Hash # :nodoc: def initialize(hash = {}) super() @names = {} hash.each { |k, v| self[k] = v } end # on dup/clone, we need to duplicate @names hash def initialize_copy(other) super @names = other.names.dup end def each super do |k, v| yield(k, v.respond_to?(:to_ary) ? v.to_ary.join("\n") : v) end end def to_hash hash = {} each { |k, v| hash[k] = v } hash end def [](k) super(k) || super(@names[k.downcase]) end def []=(k, v) canonical = k.downcase.freeze delete k if @names[canonical] && @names[canonical] != k # .delete is expensive, don't invoke it unless necessary @names[canonical] = k super k, v end def delete(k) canonical = k.downcase result = super @names.delete(canonical) result end def include?(k) super || @names.include?(k.downcase) end alias_method :has_key?, :include? alias_method :member?, :include? alias_method :key?, :include? def merge!(other) other.each { |k, v| self[k] = v } self end def merge(other) hash = dup hash.merge! other end def replace(other) clear other.each { |k, v| self[k] = v } self end protected def names @names end end # Every standard HTTP code mapped to the appropriate message. # Generated with: # curl -s https://www.iana.org/assignments/http-status-codes/http-status-codes-1.csv | \ # ruby -ne 'm = /^(\d{3}),(?!Unassigned|\(Unused\))([^,]+)/.match($_) and \ # puts "#{m[1]} => \x27#{m[2].strip}\x27,"' HTTP_STATUS_CODES = { 100 => 'Continue', 101 => 'Switching Protocols', 102 => 'Processing', 103 => 'Early Hints', 200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content', 207 => 'Multi-Status', 208 => 'Already Reported', 226 => 'IM Used', 300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 306 => '(Unused)', 307 => 'Temporary Redirect', 308 => 'Permanent Redirect', 400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Timeout', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Payload Too Large', 414 => 'URI Too Long', 415 => 'Unsupported Media Type', 416 => 'Range Not Satisfiable', 417 => 'Expectation Failed', 421 => 'Misdirected Request', 422 => 'Unprocessable Entity', 423 => 'Locked', 424 => 'Failed Dependency', 425 => 'Too Early', 426 => 'Upgrade Required', 428 => 'Precondition Required', 429 => 'Too Many Requests', 431 => 'Request Header Fields Too Large', 451 => 'Unavailable for Legal Reasons', 500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Timeout', 505 => 'HTTP Version Not Supported', 506 => 'Variant Also Negotiates', 507 => 'Insufficient Storage', 508 => 'Loop Detected', 509 => 'Bandwidth Limit Exceeded', 510 => 'Not Extended', 511 => 'Network Authentication Required' } # Responses with HTTP status codes that should not have an entity body STATUS_WITH_NO_ENTITY_BODY = Hash[((100..199).to_a << 204 << 304).product([true])] SYMBOL_TO_STATUS_CODE = Hash[*HTTP_STATUS_CODES.map { |code, message| [message.downcase.gsub(/\s|-|'/, '_').to_sym, code] }.flatten] def status_code(status) if status.is_a?(Symbol) SYMBOL_TO_STATUS_CODE.fetch(status) { raise ArgumentError, "Unrecognized status code #{status.inspect}" } else status.to_i end end module_function :status_code PATH_SEPS = Regexp.union(*[::File::SEPARATOR, ::File::ALT_SEPARATOR].compact) def clean_path_info(path_info) parts = path_info.split PATH_SEPS clean = [] parts.each do |part| next if part.empty? || part == '.' part == '..' ? clean.pop : clean << part end clean.unshift '/' if parts.empty? || parts.first.empty? ::File.join clean end module_function :clean_path_info NULL_BYTE = "\0" def valid_path?(path) path.valid_encoding? && !path.include?(NULL_BYTE) end module_function :valid_path? end end rack-2.1.4/rack.gemspec000066400000000000000000000033461367177163600147520ustar00rootroot00000000000000# frozen_string_literal: true Gem::Specification.new do |s| s.name = "rack" s.version = File.read('lib/rack.rb')[/RELEASE += +([\"\'])([\d][\w\.]+)\1/, 2] s.platform = Gem::Platform::RUBY s.summary = "a modular Ruby webserver interface" s.license = "MIT" s.description = <<-EOF Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call. Also see https://rack.github.io/. EOF s.files = Dir['{bin/*,contrib/*,example/*,lib/**/*}'] + %w(MIT-LICENSE rack.gemspec Rakefile README.rdoc SPEC) s.bindir = 'bin' s.executables << 'rackup' s.require_path = 'lib' s.extra_rdoc_files = ['README.rdoc', 'CHANGELOG.md'] s.author = 'Leah Neukirchen' s.email = 'leah@vuxu.org' s.homepage = 'https://rack.github.io/' s.required_ruby_version = '>= 2.2.2' s.metadata = { "bug_tracker_uri" => "https://github.com/rack/rack/issues", "changelog_uri" => "https://github.com/rack/rack/blob/master/CHANGELOG.md", "documentation_uri" => "https://rubydoc.info/github/rack/rack", "homepage_uri" => "https://rack.github.io", "mailing_list_uri" => "https://groups.google.com/forum/#!forum/rack-devel", "source_code_uri" => "https://github.com/rack/rack" } s.add_development_dependency 'minitest', "~> 5.0" s.add_development_dependency 'minitest-sprint' s.add_development_dependency 'minitest-global_expectations' s.add_development_dependency 'rake' end rack-2.1.4/test/000077500000000000000000000000001367177163600134365ustar00rootroot00000000000000rack-2.1.4/test/.bacon000066400000000000000000000000001367177163600145070ustar00rootroot00000000000000rack-2.1.4/test/builder/000077500000000000000000000000001367177163600150645ustar00rootroot00000000000000rack-2.1.4/test/builder/an_underscore_app.rb000066400000000000000000000002121367177163600210730ustar00rootroot00000000000000# frozen_string_literal: true class AnUnderscoreApp def self.call(env) [200, { 'Content-Type' => 'text/plain' }, ['OK']] end end rack-2.1.4/test/builder/bom.ru000066400000000000000000000001061367177163600162060ustar00rootroot00000000000000run -> (env) { [200, { 'Content-Type' => 'text/plain' }, ['OK']] } rack-2.1.4/test/builder/comment.ru000066400000000000000000000001631367177163600170760ustar00rootroot00000000000000# frozen_string_literal: true =begin =end run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ['OK']] } rack-2.1.4/test/builder/end.ru000066400000000000000000000002321367177163600161770ustar00rootroot00000000000000# frozen_string_literal: true run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ['OK']] } __END__ Should not be evaluated Neither should This rack-2.1.4/test/builder/line.ru000066400000000000000000000001561367177163600163650ustar00rootroot00000000000000# frozen_string_literal: true run lambda{ |env| [200, { 'Content-Type' => 'text/plain' }, [__LINE__.to_s]] } rack-2.1.4/test/builder/options.ru000066400000000000000000000001771367177163600171340ustar00rootroot00000000000000# frozen_string_literal: true #\ -d -p 2929 --env test run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ['OK']] } rack-2.1.4/test/cgi/000077500000000000000000000000001367177163600142005ustar00rootroot00000000000000rack-2.1.4/test/cgi/assets/000077500000000000000000000000001367177163600155025ustar00rootroot00000000000000rack-2.1.4/test/cgi/assets/folder/000077500000000000000000000000001367177163600167555ustar00rootroot00000000000000rack-2.1.4/test/cgi/assets/folder/test.js000066400000000000000000000000211367177163600202630ustar00rootroot00000000000000### TestFile ### rack-2.1.4/test/cgi/assets/fonts/000077500000000000000000000000001367177163600166335ustar00rootroot00000000000000rack-2.1.4/test/cgi/assets/fonts/font.eot000066400000000000000000000000211367177163600203030ustar00rootroot00000000000000### TestFile ### rack-2.1.4/test/cgi/assets/images/000077500000000000000000000000001367177163600167475ustar00rootroot00000000000000rack-2.1.4/test/cgi/assets/images/image.png000066400000000000000000000000211367177163600205300ustar00rootroot00000000000000### TestFile ### rack-2.1.4/test/cgi/assets/index.html000066400000000000000000000000211367177163600174700ustar00rootroot00000000000000### TestFile ### rack-2.1.4/test/cgi/assets/javascripts/000077500000000000000000000000001367177163600200335ustar00rootroot00000000000000rack-2.1.4/test/cgi/assets/javascripts/app.js000066400000000000000000000000211367177163600211420ustar00rootroot00000000000000### TestFile ### rack-2.1.4/test/cgi/assets/stylesheets/000077500000000000000000000000001367177163600200565ustar00rootroot00000000000000rack-2.1.4/test/cgi/assets/stylesheets/app.css000066400000000000000000000000211367177163600213410ustar00rootroot00000000000000### TestFile ### rack-2.1.4/test/cgi/rackup_stub.rb000077500000000000000000000001541367177163600170520ustar00rootroot00000000000000#!/usr/bin/env ruby # frozen_string_literal: true $:.unshift '../../lib' require 'rack' Rack::Server.start rack-2.1.4/test/cgi/sample_rackup.ru000077500000000000000000000001351367177163600174000ustar00rootroot00000000000000# frozen_string_literal: true require '../testrequest' run Rack::Lint.new(TestRequest.new) rack-2.1.4/test/cgi/test000077500000000000000000000003201367177163600151000ustar00rootroot00000000000000#!/usr/bin/env ruby # frozen_string_literal: true $: << File.join(File.dirname(__FILE__), "..", "..", "lib") require 'rack' require '../testrequest' Rack::Handler::CGI.run(Rack::Lint.new(TestRequest.new)) rack-2.1.4/test/cgi/test+directory/000077500000000000000000000000001367177163600171575ustar00rootroot00000000000000rack-2.1.4/test/cgi/test+directory/test+file000066400000000000000000000000271367177163600207730ustar00rootroot00000000000000this file has plusses! rack-2.1.4/test/cgi/test.gz000066400000000000000000000002731367177163600155230ustar00rootroot00000000000000dZX~=@l9q5EA 0 ut84E V_ou${tQKS NN֡4,eyDʿ׀LrkXV2:M}`dwKG .r\mhpƬ@,7H^<}4sJ7tHrack-2.1.4/test/cgi/test.ru000077500000000000000000000001571367177163600155350ustar00rootroot00000000000000#!../../bin/rackup # frozen_string_literal: true require '../testrequest' run Rack::Lint.new(TestRequest.new) rack-2.1.4/test/gemloader.rb000066400000000000000000000005111367177163600157170ustar00rootroot00000000000000# frozen_string_literal: true require 'rubygems' project = 'rack' gemspec = File.expand_path("#{project}.gemspec", Dir.pwd) Gem::Specification.load(gemspec).dependencies.each do |dep| begin gem dep.name, *dep.requirement.as_list rescue Gem::LoadError warn "Cannot load #{dep.name} #{dep.requirement.to_s}" end end rack-2.1.4/test/helper.rb000066400000000000000000000002071367177163600152410ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' module Rack class TestCase < Minitest::Test end end rack-2.1.4/test/multipart/000077500000000000000000000000001367177163600154575ustar00rootroot00000000000000rack-2.1.4/test/multipart/bad_robots000066400000000000000000000425221367177163600175250ustar00rootroot00000000000000--1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon Content-Disposition: form-data; name="bbbbbbbbbbbbbbb" aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaa --1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon Content-Disposition: form-data; name="ccccccc" ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd --1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon Content-Disposition: form-data; name="file.name" INPUTMSG.gz --1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon Content-Disposition: form-data; name="file.content_type" application/octet-stream --1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon Content-Disposition: form-data; name="file.path" /var/tmp/uploads/4/0001728414 --1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon Content-Disposition: form-data; name="file.md5" aa73198feb4b4c1c3186f5e7466cbbcc --1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon Content-Disposition: form-data; name="file.size" 13212 --1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon Content-Disposition: form-data; name="size" 80892 --1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon Content-Disposition: form-data; name="mail_server_id" <1111111111.22222222.3333333333333.JavaMail.app@ffff-aaaa.dddd> --1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon Content-Disposition: form-data; name="addresses" {"campsy_programmer@pinkedum.com":{"domain":"pinkedum.com","name":"Campsy Programmer","type":["env_sender"],"mailbox":"campsy_programmer"},"tex@rapidcity.com":{"domain":"rapidcity.com","name":"Big Tex","type":["env_recipients","to"],"mailbox":"tex"},"group-digests@linkedin.com":{"domain":"linkedin.com","name":"Group Members","type":["from"],"mailbox":"group-digests"}} --1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon Content-Disposition: form-data; name="received_on" 2009-11-15T14:21:11Z --1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon Content-Disposition: form-data; name="id" dbfd9804d26d11deab24e3037639bf77 --1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon Content-Disposition: form-data; name="ip_address" 127.0.0.1 --1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon-- rack-2.1.4/test/multipart/binary000066400000000000000000000640531367177163600166760ustar00rootroot00000000000000--AaB03x Content-Disposition: form-data; name="submit-name" Larry --AaB03x Content-Disposition: form-data; name="files"; filename="rack-logo.png" Content-Type: image/png PNG  IHDRbKGD pHYsHHFk>fIDATxy|uߓ)fr$mR" iJz @QAA@Et9@T䐴E@( BiZp=6M L&mi&# !陒|G d^>?q@ Dgz A D@@ .@ ] @ @t $ H@% K A D@@ .@ ] @ @t $ H@% KDz NR)H$P @ $ ~p: (..FM~~8iɧBI$k %I q3=xFh[PPplNiz$qry@ 8|*99P(+ a"[T.s$IB3ɗ]. pO H111nlillj&,;~- X,$Hq$ɓ'''_ jz)>1 tQ4d2YN;222( {KK nD!pRZZ:t͋|Qq[T$Q9ȋ D@(z oK#(~FR rSEE0 #6 r/QrFY֡^lbʋ"99&HTDOkK4nh/*xQQ:>`e%Յ1G+м‹IPx*99]Z@zP4L:0XE%KT<]S[pI$>JUrr2%P:1,a' >iK4zE%eZ*eم9W-*XQh!H$HTD[ 1.VPF{2a`4Mi:d&m@ \.7>"IҌ~!_B& H4:EQ@tTiitm0F1 34M+USx B 7T@|DCB ].ac`͋-4M_W/F}" v+,,ThQTzEE%4RAt ;W}E_DߣGr޽{]0HpWowU4|nZh^T ,--΋haF2ܢ=}l}4ɱcp}ՈDDQ)((XY__?#Z0k֬ӦM+W*Ajz5^B*--MTihQ!UWުT*^uzT@-[|/`Pqzꩊ 333/8ތ*/**++QVVQh2\죡?:=- ._ߝqF.[p $ *H&$,]O'}]T233_۲e;"(E ]˗ \OKtF.KA$I{ bh!lƍ'~AjRjG]!.wbe%narZqX)"e V[j,:R CQR___V]]u7D/'$x]dddB+EIJb(7999.hw{ReJV[j+NgVfl6G 3РcYV)ZD@rn\'"Jr%KV[,~`H`f8˲I^==4>}M os5/,ZKXZ慥5!,((H0xш Wk4.:::SF  $ajyx…l$0"0aaxaIdY6j*Y zOT-!MrGq^rY*煥BVR%, K4F㽼hcYV ] 84K,˦A #gDD@Kvvvq:.\, a $ $R5i-`BCD4W{(J/x KP,2$,hIFQϋeYt]48/h4??o֦{@t4 '/, 鄅 z*&Ih2M&S"m60-,e iZFt"L &JKVrC!*((#ruMiiizT*%HgD/&TYX]yZ$Y Efq0LR4ᥥ.+j玁{H4 naRi,[!.$Itw@^4T^44,tsMb\RHOO߫K'A@QzB"D"q$II[0\uXJ[xxEO@^qͭkY*jYΓ$y٫>!)((ŋĆhtgnWbqJ:^Nd2C@QO|;||e_@=[rUXXX,Noa1{IVzI^Dne4'1eA=`qdGSRR̟?(%%R&]ek@ }^@NJ4egg[gDž+WÇ>HpD }Re%8-,ڈJ9jeف=p,Ntz*X͍(&E !@WL&.J%K^U $`P= aYVbXTq͜f֬Y{g͚}\\-^u ms0)==*>>++x7X"_hZz.UbqJ*LOOߣt2F -F@ձ+p%;;2s:|ad/,p/anZ^i愄SNݣt:L&shk@$Pxoy #=p_*s8&i8|@p f|qL&;©SV$$$xE(@Q6mZ +]'_LxH i_p82XT*Wk@ Ht,$I$j8 K^XKKK:wL \nٵkѣGšZ~  iY ;Be$+Ng_0(//OVSS3⣏>z qܩRG[k@ Hʱ{Wyȑ}@ ɭfa~qV pzp83 #}Z0 n!}$!sau@7poo@ 1aY- $O@‘x!У.,76o|ׇ wp@z@  zXkxYR_VVvV\ܭ-b,%%p%%%#].h:eY)[˲"^T *yQH8 @t>% ^VFlQQXʸhk,6\~V"8jh4fXg \1tdii(5j놨X*xTZp"\Dž@ :HvaXI^ -y{VF oeh4MMM=qZ"\.{BQTRZZ:tDCDE wy?RGT)?dž@ A@x+#dLQ.Hfdd|C_Qɧ(*a1/*#xQEQ+|r5EQ 1,@!ᭌ񼕑[BhqN&tG322N2 /*NVT D%T_ N 箃eYaίч K PeX,.WTG322kȨQT2Q9%*v,6EK]] f7@LF儅V2{eLii['t:FsDќtd2YЭ`%*ٍ^GT_Eq\ݻ޽w]SaQAiD%$., \._ʸZͲvX,>[GbccK222Cee?r'PȲ{C˲bQx+*Ӽ%ɕn%ra!}X Fqĉ'9v>nWM[Um p8D6msMwwDT;JgE G ;x ~bgYI$ JUme0^͛W74}p?/0:+k'* GIYC^\ ^lҤI愄V 7i\^H*~W1 Ì`f`0(4 ]*? Z*^ic(@BDoQKK#G8rH}5Msss-~JV[+Mm +""`- ~ĉo6>PvpHD^N(\X3p4'ڔmykiii?֊eY1@ #@ʲb P\^^^ bEDk#I"oҭ,,^4"F] 4MZAmBBwSNݫtjL#ч {V0jA$I$Yt:㭕 A0L'hOQhz˲Q@t MӣrrrXpS~OA$kS̋8h4L2i|A8_d%:n^/:u깄fo10je@Qz Zi8t:_ƪIb ?bH$P᭕@ueY1 p[+$9?NDvx)>>lRmmqo`OOOO?RAB~ ѧ\X ""bcc9&ڵk_t ;w3 3;ث E^A/ԁ|A$ ү`4/D^^ޭF~>~X1qqqg͚o֬Y5vQ4z5@ :M v-Uv@}.+DV,{+i,6-eYAt ,өS/^gP]c:A&uǽV(aUN0 f7;(} D&ZVe ")j:l6xx'>WbqJ:ċw:"ɜA C@Qz ^QBC?;7\997:gƔ 2J :GA.ֈ\gtnDzweS 2UTM!*V(h ɂHǛd2Y)vMzz*b DY );:Q91~|5vzfXuh$ !HgWY]]}z֭' 87TK!m"6M{ +AMcC ݤ'wtF,KwNV[- (JgX-0#XMZ*z~jn]rrr(T-`4Miz _,ǯ H$-:V;EQ'DD8\acz8WXX3􍛧x۶mEDD۸q:$Zb+{} #n_|qݻAP(YSL{NOz1βhKӴd^2bqF9z$##D"i.?O-Be$+0EQ`"p'L&d2y 0@0e١VUgDAqHXX,8 &pRyl|WȰl?pM)G]XXx$@oxw_ܳg"p_} ///)//M !,XG-^gVF+cD 2NK$Xb+mD 6$m$IaBa gf(0 0a,;jƱ,+⻉7siV4=,**[o5!**$F |*j˟Rilláw`5hqa?)iiigOwgP^^.\x"aA83cƌw,XPy a/ ^VF+#:nei4 +#(w=;;~t:pBe  @>V iZ nai+^c418N暽a$I^䅥#\ry_q$:Hd8΁a.3 2aTEiiN*JJJ|6rHؼlCN]]k3˟_OVXR yHYX>V&??.줕q],C,7t]F{DDD@\\nwTSvvvfq\h2$&I`2z P[X~Ͳlb :iǞ8K_RgxX@nmEďiiio222~+ɯ p\?V-q'M}+O,ǭ`[-W I$I^#༰L&S,iӦ;,cй,ˊ-K,pM!/Ix׳hZ+ ~ߓOח]DmΓhUU)))jܶm[.H8hankFRRRBJsllo5kVP(lqu` `&*??hL-..~0܀\AAuֽ#pr>QmB@8 \._UVVeeZ, 2|c!2 /,,$I$IqF< 'H~&gY֓vܖ;"iz$մp M*Vy׳,[).$ygD/#FX;~xL&cТT*+Vl>~g8$`mXc'MI&5V8p9g)5ꫯu:]M0`\p%Xv3]T5cƌ-X=5L(\XhԞ8qbci:VXF ͝;?Oر#nxGïimY4yT뉳L:eEu):\h$ ,Z-KT18 <#ƕ+W>]tv;xv> Dr>|nRRRSG>?ѯ |[֭[7Onm+VlQ*={],/ YYYSC=vV˔H~ܖp2']Zvq-B’H$Xll, rv@+ۙ quSO+|F,5҅Vh`lxoŕ*0==}ĉAFFbp@ӧ$%%uzݒU8t¯=BE[w()++i\Aeر566vUݻ]n]eˎz^JZ*eJ3< ^vp΂~gJ+,@O@v;VXX8h4jyѸS &$$|7uԯz!NW-ɜP]]-q<\[A &ЕvذaCz}}'{@А E"Qq oL\\\[ol6wЗF>!m0÷$hᄈΝvǎC@[nQJJm[8L;zO@a:΂  //||~gZ|sqf4'>0ow\d2I}L:wx̙?kJEGGsg'k: tV\\0eYOk{m,[gwdڎs ޜFDqqqhw׮]+**v\q:h*@zz^_ґ_i.ux+m`JIIVpLjTL ֭[m3f\MtBKKK[-xq oCyyaы/~1%%nYI3PN8@%v1MpIԩSc-G@ZZ \(*;zV $NƚXu]t [hq|ZVX\RNF;hqv(++~ Ç3 38X$c 78η233+rx%e8[+͛]揤ٳg]|D]x7nE_ b1T*}塇^LP߳e'ϴgϞ1۷oz2Mӣ~28%%LIIdWn HWillʺ]ORRRRWWo>>5xyp1a„uap~O=3M8yh4u._ DF/4tҿ@ ٳK6oiyy+}KXr^^ޱ3gV"WPea+6sq5&& h;; _GǸqʋd2o\qL&^yT*|td^D޽{~VVVٚ5k)JomڴIaÆ{iiiִmyyy:NaۍFcT*=qܙd0 b|=_7ܠsȾ=3Smw0v RRRjw_sa @h4Oemg\oOKߵw_⾙5kYf܃Yc}N@pwqeq8?8EQ;wt\#bG"ΝaaHѰ0<1///+(//͛,[l_ 퐀"@ {U㷬%oWbyJU5t:Lv#vkm@ 'y޽ݻw7ï/=IKK|?Ѕ h~QXX8aA8bݺu)))'C=P\Xa + QSߑUpdƔ=/JIId7]Ku+@tyrOH$~{OIIɿBÞ>s-tc_k׮V]yӂ\XңTSu+\4iV^^T3qsaL> 6,//^O\bb+VX__?·dPYA8dݻw_n]ѲeˊC=PMz"$O~||<3r쟖-[VbŊ^1LOΝ;Up b1bDIIJJj={z0pL3.YfB!oIIIٳ?a֭{ 佌BIO Hsa1 #`Y!"~\~llDBC5 mfGf̘ xWq~׿XƎa<#? z补ٳg'&&n ]{6lxn] 9 CbjƲ$I{^[Cʤ[(Jv͚5f̘Tw'脄3fh! #Rl%K裏f.\ms m}=A6X xOzO}AL 0moKgϞjS^ ºkܾ  $3..;Z1 9ŕ85R*׿6tc&eHeLv"%%e߼y 'Nvɔ .A^LNN 333RTo?,s8$%%9^~[zvlqxjjrVKW?: 4?D :g_~=Pk왙3guEE1o޼g- 5}΅ŋFbhL4V d2YN;jdj2!,Z =9ڪm6a\T2 uv>y։8F*6I$p:pň(%(b9(v\+\[.`$~?blq g%9G.]:ܭ9?Z}JlP]]=`0XpS#GX,_X,>R>x6''֓'O m65ǾpႠ8u|ʕ,Y˗!33sY\\b/Pάl֟ .8^kR;n,Ze˖=xb]555ѵ^ziǺtԞ:R ?c^t{ժU111+w䌘cƌF_KLL\P()}111_̚5kEQkjj3F3l6>cJjڹfYHBrCILL\P(v* 駟j<㭪k|g_z'lR({ Ŷ?޽;e6UQQQC=\EPQ(.3.>>scbby,Kx=wqDz>h)S)/]n|/^B_UU%gL&{oժU 4 [l\P|P(|F][[ItIJe>| EB#˷8'111O?[,?z'OܻwovRR#й:vϙ3gX,7mA>==(Jʟϡ ~zX,= b7nܸF$v?Ͽ{겲64yǗ/_d-[l&!`J9sD)LEر֑#G7nvh-..~/xwї^zogϞ}… >*--H$2lv;,\p֭[:thٳ#HZ=:a֭,;r͚5P*EIV]v W*zj._|QFٗ-[VdX"|7i9gΜ'*)RL&Gv A d$ȑA]4N<)gB*pTo?9r… ۵kPүG f:ulʕ×,Y_|7VhpW*wj פ,_ŋ߹k׮555"f3},Z>glUK.uqx˖-`(`GN먮.Zr8eҥxIT*7GEEK., dff.0`@і-[s,bm59bɓ':W555޲'KsXv˖-}k׮{&113gΈ|ބgΜ@.]z'\ti2q#϶n*|;N&O>-歞z,*BP,^-ku8]v >^,`Kv4)nߩS ޤbB?禰@xKCZPP0h4ꋋSư,c8bJ:^M:N&uG-<>;є0h4h4~M?6swO9@^] w @PJwsRyeĉ}?~|qjJKKQ(G׿*Jp}cǎ}m۶L6Nh/X(`׮]0 [o=77w8aHaŋ/]߿ߒHl)))yeفp+9s ] ҶmۦM0$33H$Bp$IZredogfssssM&Sn?7ŋSSSsv#G<l!I ݑoo|G}ǿ(jAN~f͚uJϟ-[͛oqrRI' q<"))q8y9_hYY$s-اOyRR|nycΝ]@%%%V-K.裏6x=""{9JBQTUUE EE`Vp8T|SFﴬL;gΜnRt͟?ˢ9[l!">>ޤwfI||q͛uĉվV)NWT\\|lokwTA$Iҟ~iq|p;>wm'N:o޼'NX aNgOt:Qedd(H.rWFGjR $I^&I<Z  0CM6=hXC%+`4|mK-WHte Z~jaS?ApgoMq\QZT*U 劊^_XPPX^^ވiӦ|ѻ~III &,...d2E^A~ iii{Z˗/~8p;(ׯ_K<״~}X.<@[{l >x<8~}ݺu=%"!sa\.Zd>ݶ#5Nd2qNWT*U x`ή999ptRTt:YVW t eف%R=Ǎm_J͛7wK@Dz2Qcc~f@PW_/\|,OV,+0 $V\iol8^-+W|Pʻ ###A(^'xb%K6.9hl"H'N\W /۷GFu$ʕ+ E.^8D̳n~{/EQŋzH;vlcdd'[d6;P _}wdYV)Hp[sΝ{tʔ)oqVZ5kb0|AW_ɳeFAum]8. ӧWA|(9t r??fff֋D"lݺu&q3\.࿳TVV&2 #dYvHDDD5kv]Oĉ?+xWرo>T$;zp8ݻ9sNhx8~VR}U4: Ans/9(6 v`ǯpbن4=?O4MyX-Njl6po:K0j8ڹs<))jÇr GOю,**J9sfUWW'8vX4jݿ=TZhQǏnTVV y$ IҚsn+V:mD"cݺu eUYY)*>NjN53I?\-_|s=(++#FCMtiiig0 s655^|ŗiii<^v\~&55@cPRRvnٲM6ܙk&++k?ȑ#[6o|'|bBBžӧ{{n2+++V@gTTTdΜ9j#ӧO~[YYYwTRRB==""܎;ƧOMMXRR"]fj/^".qXJ 8:PxpΜ9_O6;FS- [{2t%:kV$)>kXc-RP4+?j(u IIIxǏOb;nbb 55̫x޼y NSt̙3sV^ErssZ,&L0SnnŒ8a„D"^z ÇOV)q8Qo[ppuEW)))k^jU 4M/ohk!H977be„ E>=b̈́ {`ӧOK _,;N z뭿qw)99yfS͛7SPxiH$2Y)SSO=uرcޱcG֝wP---رc+Ϗ~{ Lcc#;& RRR>ݷo¢_tI1cƌWk ޞ/jKa5kr>z޽v\/^W|ӹf͚|A޽{hѢN5Ryeƍ̜9s?XE~饗^;vlcBBBmV3~S'On}_+SRRvDE7Vmزe˞F )=|֯_ՙ3g.XHtzΜ9Jlĉ9uW:9m7)ّ뢙o8t1 =X 2^iQ}Y-Ojĝj罬V^hzd?21>0mv18nd?y>4iҹ!55uǯUwĉb$s`ĴѵvWPb`j9UyV˲e|p}eҥ-[vAb4/..~a,B3Bρ[O5k־Yf]H$yc" yJ$i|ʼF̞hmW0Z~ b-ZvM|e"r׮] Fqbqq񤆆q,*TbBR:^&2cW6_vݽ6 _c- XpEkqvmT vTQQqRAn*[^4t571-a V_Tb ۮr+R!MCOx aЉ *pd))){ϟ0%%R&]A@<_{/ZD ⭖Quk0 s577þ}dFQA5A%LV鿠2 ~e&NZ"(rjYl˗u'N\(JI|:AA?}R($%=bfXD")?p@h|ܽrDе _T*>q<--H$/q 7Y-t :N9" Hs3 oNWFT  "jpgPYe2YN۫N:2!!ųY@t$ 7[-.~xO~A@ ӃV'' QH@˜V"w]OX,ʠ*CT'@ ` 0LrjZyA@ z$ 72@ }$ H@% K A D@@ .@ ] @ ws\tEXtSoftwarewww.inkscape.org<IENDB` --AaB03x-- rack-2.1.4/test/multipart/content_type_and_no_filename000066400000000000000000000001731367177163600232740ustar00rootroot00000000000000--AaB03x Content-Disposition: form-data; name="text" Content-Type: text/plain; charset=US-ASCII contents --AaB03x-- rack-2.1.4/test/multipart/empty000066400000000000000000000002771367177163600165460ustar00rootroot00000000000000--AaB03x Content-Disposition: form-data; name="submit-name" Larry --AaB03x Content-Disposition: form-data; name="files"; filename="file1.txt" Content-Type: text/plain --AaB03x-- rack-2.1.4/test/multipart/fail_16384_nofile000066400000000000000000000651721367177163600204310ustar00rootroot00000000000000------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="_method" put ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="authenticity_token" XCUgSyYsZ+iHQunq/yCSKFzjeVmsXV/WcphHQ0J+05I= ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[SESE]" BooBar ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[BBBBBBBBB]" 18 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[CCCCCCCCCCCCCCCCCCC]" 0 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[STARTFOO]" 2009-11-04 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[ENDFOO]" 2009-12-01 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[DDDDDDDD]" 0 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[DDDDDDDD]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[EEEEEEEEEE]" 10000 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[FFFFFFFFF]" boskoizcool ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[GGGGGGGGGGG]" 0 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[GGGGGGGGGGG]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[YYYYYYYYYYYYYYY]" 5.00 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[ZZZZZZZZZZZZZ]" mille ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[XXXXXXXXXXXXXXXXXXXXX]" 0 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][9]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][10]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][11]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][12]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][13]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][14]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][15]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][16]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][17]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][18]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][19]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][20]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][21]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][22]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][23]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][0]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][1]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][2]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][3]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][4]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][5]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][6]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][7]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][1][8]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][9]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][10]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][11]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][12]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][13]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][14]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][15]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][16]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][17]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][18]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][19]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][20]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][21]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][22]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][23]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][0]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][1]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][2]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][3]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][4]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][5]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][6]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][7]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][2][8]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][9]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][10]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][11]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][12]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][13]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][14]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][15]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][16]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][17]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][18]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][19]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][20]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][21]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][22]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][23]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][0]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][1]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][2]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][3]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][4]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][5]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][6]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][7]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][3][8]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][9]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][10]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][11]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][12]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][13]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][14]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][15]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][16]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][17]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][18]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][19]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][20]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][21]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][22]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][23]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][0]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][1]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][2]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][3]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][4]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][5]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][6]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][7]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][4][8]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][9]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][10]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][11]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][12]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][13]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][14]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][15]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][16]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][17]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][18]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][19]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][20]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][21]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][22]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][23]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][0]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][1]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][2]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][3]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][4]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][5]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][6]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][7]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][5][8]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][9]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][10]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][11]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][12]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][13]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][14]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][15]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][16]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][17]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][18]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][19]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][20]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][21]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][22]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][23]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][0]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][1]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][2]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][3]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][4]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][5]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][6]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][7]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][6][8]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][9]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][10]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][11]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][12]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][13]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][14]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][15]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][16]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][17]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][18]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][19]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][20]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][21]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][22]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][23]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][0]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][1]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][2]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][3]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][4]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][5]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][6]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][7]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[VVVVVVVVVVVVVVVVVVVVVVV][0][8]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[WWWWWWWWWWWWWWWWWWWWWWWWW][678][ZEZE]" PLAPLAPLAINCINCINC ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[WWWWWWWWWWWWWWWWWWWWWWWWW][678][123412341234e]" SITE ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[WWWWWWWWWWWWWWWWWWWWWWWWW][678][12345678901]" 56 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[TARTARTAR_type]" none ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[TARTARTAR_wizard][has_hashashas_has]" 0 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[TARTARTAR_wizard][frefrefre_fre_freee]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[TARTARTAR_wizard][frefrefre_fre_frefre]" forever ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[TARTARTAR_wizard][self_block]" 0 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[TARTARTAR_wizard][GGG_RULES][][COUCOUN]" ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[TARTARTAR_wizard][GGG_RULES][][REGREG]" ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[TARTARTAR_wizard][GGG_RULES][][c1c1]" ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA_TARTARTAR_wizard_rule" ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[TARTARTAR_rule]" ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[selection_selection]" R ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[PLAPLAPLA_MEMMEMMEMM_ATTRATTRER][new][-1][selection_selection]" 1 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[PLAPLAPLA_MEMMEMMEMM_ATTRATTRER][new][-1][ba_unit_id]" 1015 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[PLAPLAPLA_MEMMEMMEMM_ATTRATTRER][new][-2][selection_selection]" 2 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[PLAPLAPLA_MEMMEMMEMM_ATTRATTRER][new][-2][ba_unit_id]" 1017 ------WebKitFormBoundaryWsY0GnpbI5U7ztzo Content-Disposition: form-data; name="AAAAAAAAAAAAAAAAAAA[tile_name]" ------WebKitFormBoundaryWsY0GnpbI5U7ztzo-- rack-2.1.4/test/multipart/file1.txt000066400000000000000000000000101367177163600172070ustar00rootroot00000000000000contentsrack-2.1.4/test/multipart/filename_and_modification_param000066400000000000000000000003601367177163600237100ustar00rootroot00000000000000--AaB03x Content-Type: image/jpeg Content-Disposition: attachment; name="files"; filename=genome.jpeg; modification-date="Wed, 12 Feb 1997 16:29:51 -0500"; Content-Description: a complete map of the human genome contents --AaB03x-- rack-2.1.4/test/multipart/filename_and_no_name000066400000000000000000000001621367177163600214770ustar00rootroot00000000000000--AaB03x Content-Disposition: form-data; filename="file1.txt" Content-Type: text/plain contents --AaB03x-- rack-2.1.4/test/multipart/filename_with_encoded_words000066400000000000000000000003171367177163600231150ustar00rootroot00000000000000--AaB03x Content-Type: image/jpeg Content-Disposition: attachment; name="files"; filename*=utf-8''%D1%84%D0%B0%D0%B9%D0%BB Content-Description: a complete map of the human genome contents --AaB03x-- rack-2.1.4/test/multipart/filename_with_escaped_quotes000066400000000000000000000002241367177163600232770ustar00rootroot00000000000000--AaB03x Content-Disposition: form-data; name="files"; filename="escape \"quotes" Content-Type: application/octet-stream contents --AaB03x-- rack-2.1.4/test/multipart/filename_with_escaped_quotes_and_modification_param000066400000000000000000000003721367177163600300320ustar00rootroot00000000000000--AaB03x Content-Type: image/jpeg Content-Disposition: attachment; name="files"; filename=""human" genome.jpeg"; modification-date="Wed, 12 Feb 1997 16:29:51 -0500"; Content-Description: a complete map of the human genome contents --AaB03x-- rack-2.1.4/test/multipart/filename_with_null_byte000066400000000000000000000003031367177163600222660ustar00rootroot00000000000000--AaB03x Content-Type: image/jpeg Content-Disposition: attachment; name="files"; filename="flowers.exe%00.jpg" Content-Description: a complete map of the human genome contents --AaB03x-- rack-2.1.4/test/multipart/filename_with_percent_escaped_quotes000066400000000000000000000002251367177163600250200ustar00rootroot00000000000000--AaB03x Content-Disposition: form-data; name="files"; filename="escape %22quotes" Content-Type: application/octet-stream contents --AaB03x-- rack-2.1.4/test/multipart/filename_with_plus000066400000000000000000000002141367177163600212550ustar00rootroot00000000000000--AaB03x Content-Disposition: form-data; name="files"; filename="foo+bar" Content-Type: application/octet-stream contents --AaB03x-- rack-2.1.4/test/multipart/filename_with_single_quote000066400000000000000000000003021367177163600227660ustar00rootroot00000000000000--AaB03x Content-Type: image/jpeg Content-Disposition: attachment; name="files"; filename="bob's flowers.jpg" Content-Description: a complete map of the human genome contents --AaB03x-- rack-2.1.4/test/multipart/filename_with_unescaped_percentages000066400000000000000000000003321367177163600246220ustar00rootroot00000000000000------WebKitFormBoundary2NHc7OhsgU68l3Al Content-Disposition: form-data; name="document[attachment]"; filename="100% of a photo.jpeg" Content-Type: image/jpeg contents ------WebKitFormBoundary2NHc7OhsgU68l3Al-- rack-2.1.4/test/multipart/filename_with_unescaped_percentages2000066400000000000000000000003131367177163600247030ustar00rootroot00000000000000------WebKitFormBoundary2NHc7OhsgU68l3Al Content-Disposition: form-data; name="document[attachment]"; filename="100%a" Content-Type: image/jpeg contents ------WebKitFormBoundary2NHc7OhsgU68l3Al-- rack-2.1.4/test/multipart/filename_with_unescaped_percentages3000066400000000000000000000003121367177163600247030ustar00rootroot00000000000000------WebKitFormBoundary2NHc7OhsgU68l3Al Content-Disposition: form-data; name="document[attachment]"; filename="100%" Content-Type: image/jpeg contents ------WebKitFormBoundary2NHc7OhsgU68l3Al-- rack-2.1.4/test/multipart/filename_with_unescaped_quotes000066400000000000000000000002231367177163600236410ustar00rootroot00000000000000--AaB03x Content-Disposition: form-data; name="files"; filename="escape "quotes" Content-Type: application/octet-stream contents --AaB03x-- rack-2.1.4/test/multipart/ie000066400000000000000000000002601367177163600157750ustar00rootroot00000000000000--AaB03x Content-Disposition: form-data; name="files"; filename="C:\Documents and Settings\Administrator\Desktop\file1.txt" Content-Type: text/plain contents --AaB03x-- rack-2.1.4/test/multipart/invalid_character000066400000000000000000000002031367177163600210370ustar00rootroot00000000000000--AaB03x Content-Disposition: form-data; name="files"; filename="invalid.txt" Content-Type: text/plain contents --AaB03x-- rack-2.1.4/test/multipart/mixed_files000066400000000000000000000006611367177163600176750ustar00rootroot00000000000000--AaB03x Content-Disposition: form-data; name="foo" bar --AaB03x Content-Disposition: form-data; name="files" Content-Type: multipart/mixed, boundary=BbC04y --BbC04y Content-Disposition: attachment; filename="file.txt" Content-Type: text/plain contents --BbC04y Content-Disposition: attachment; filename="flowers.jpg" Content-Type: image/jpeg Content-Transfer-Encoding: binary contents --BbC04y-- --AaB03x-- rack-2.1.4/test/multipart/nested000066400000000000000000000003211367177163600166600ustar00rootroot00000000000000--AaB03x Content-Disposition: form-data; name="foo[submit-name]" Larry --AaB03x Content-Disposition: form-data; name="foo[files]"; filename="file1.txt" Content-Type: text/plain contents --AaB03x-- rack-2.1.4/test/multipart/none000066400000000000000000000002341367177163600163400ustar00rootroot00000000000000--AaB03x Content-Disposition: form-data; name="submit-name" Larry --AaB03x Content-Disposition: form-data; name="files"; filename="" --AaB03x-- rack-2.1.4/test/multipart/quoted000066400000000000000000000004711367177163600167050ustar00rootroot00000000000000--AaB:03x Content-Disposition: form-data; name="submit-name" Larry --AaB:03x Content-Disposition: form-data; name="submit-name-with-content" Content-Type: text/plain Berry --AaB:03x Content-Disposition: form-data; name="files"; filename="file1.txt" Content-Type: text/plain contents --AaB:03x-- rack-2.1.4/test/multipart/rack-logo.png000066400000000000000000000635511367177163600200550ustar00rootroot00000000000000PNG  IHDRbKGD pHYsHHFk>fIDATxy|uߓ)fr$mR" iJz @QAA@Et9@T䐴E@( BiZp=6M L&mi&# !陒|G d^>?q@ Dgz A D@@ .@ ] @ @t $ H@% K A D@@ .@ ] @ @t $ H@% KDz NR)H$P @ $ ~p: (..FM~~8iɧBI$k %I q3=xFh[PPplNiz$qry@ 8|*99P(+ a"[T.s$IB3ɗ]. pO H111nlillj&,;~- X,$Hq$ɓ'''_ jz)>1 tQ4d2YN;222( {KK nD!pRZZ:t͋|Qq[T$Q9ȋ D@(z oK#(~FR rSEE0 #6 r/QrFY֡^lbʋ"99&HTDOkK4nh/*xQQ:>`e%Յ1G+м‹IPx*99]Z@zP4L:0XE%KT<]S[pI$>JUrr2%P:1,a' >iK4zE%eZ*eم9W-*XQh!H$HTD[ 1.VPF{2a`4Mi:d&m@ \.7>"IҌ~!_B& H4:EQ@tTiitm0F1 34M+USx B 7T@|DCB ].ac`͋-4M_W/F}" v+,,ThQTzEE%4RAt ;W}E_DߣGr޽{]0HpWowU4|nZh^T ,--΋haF2ܢ=}l}4ɱcp}ՈDDQ)((XY__?#Z0k֬ӦM+W*Ajz5^B*--MTihQ!UWުT*^uzT@-[|/`Pqzꩊ 333/8ތ*/**++QVVQh2\죡?:=- ._ߝqF.[p $ *H&$,]O'}]T233_۲e;"(E ]˗ \OKtF.KA$I{ bh!lƍ'~AjRjG]!.wbe%narZqX)"e V[j,:R CQR___V]]u7D/'$x]dddB+EIJb(7999.hw{ReJV[j+NgVfl6G 3РcYV)ZD@rn\'"Jr%KV[,~`H`f8˲I^==4>}M os5/,ZKXZ慥5!,((H0xш Wk4.:::SF  $ajyx…l$0"0aaxaIdY6j*Y zOT-!MrGq^rY*煥BVR%, K4F㽼hcYV ] 84K,˦A #gDD@Kvvvq:.\, a $ $R5i-`BCD4W{(J/x KP,2$,hIFQϋeYt]48/h4??o֦{@t4 '/, 鄅 z*&Ih2M&S"m60-,e iZFt"L &JKVrC!*((#ruMiiizT*%HgD/&TYX]yZ$Y Efq0LR4ᥥ.+j玁{H4 naRi,[!.$Itw@^4T^44,tsMb\RHOO߫K'A@QzB"D"q$II[0\uXJ[xxEO@^qͭkY*jYΓ$y٫>!)((ŋĆhtgnWbqJ:^Nd2C@QO|;||e_@=[rUXXX,Noa1{IVzI^Dne4'1eA=`qdGSRR̟?(%%R&]ek@ }^@NJ4egg[gDž+WÇ>HpD }Re%8-,ڈJ9jeف=p,Ntz*X͍(&E !@WL&.J%K^U $`P= aYVbXTq͜f֬Y{g͚}\\-^u ms0)==*>>++x7X"_hZz.UbqJ*LOOߣt2F -F@ձ+p%;;2s:|ad/,p/anZ^i愄SNݣt:L&shk@$Pxoy #=p_*s8&i8|@p f|qL&;©SV$$$xE(@Q6mZ +]'_LxH i_p82XT*Wk@ Ht,$I$j8 K^XKKK:wL \nٵkѣGšZ~  iY ;Be$+Ng_0(//OVSS3⣏>z qܩRG[k@ Hʱ{Wyȑ}@ ɭfa~qV pzp83 #}Z0 n!}$!sau@7poo@ 1aY- $O@‘x!У.,76o|ׇ wp@z@  zXkxYR_VVvV\ܭ-b,%%p%%%#].h:eY)[˲"^T *yQH8 @t>% ^VFlQQXʸhk,6\~V"8jh4fXg \1tdii(5j놨X*xTZp"\Dž@ :HvaXI^ -y{VF oeh4MMM=qZ"\.{BQTRZZ:tDCDE wy?RGT)?dž@ A@x+#dLQ.Hfdd|C_Qɧ(*a1/*#xQEQ+|r5EQ 1,@!ᭌ񼕑[BhqN&tG322N2 /*NVT D%T_ N 箃eYaίч K PeX,.WTG322kȨQT2Q9%*v,6EK]] f7@LF儅V2{eLii['t:FsDќtd2YЭ`%*ٍ^GT_Eq\ݻ޽w]SaQAiD%$., \._ʸZͲvX,>[GbccK222Cee?r'PȲ{C˲bQx+*Ӽ%ɕn%ra!}X Fqĉ'9v>nWM[Um p8D6msMwwDT;JgE G ;x ~bgYI$ JUme0^͛W74}p?/0:+k'* GIYC^\ ^lҤI愄V 7i\^H*~W1 Ì`f`0(4 ]*? Z*^ic(@BDoQKK#G8rH}5Msss-~JV[+Mm +""`- ~ĉo6>PvpHD^N(\X3p4'ڔmykiii?֊eY1@ #@ʲb P\^^^ bEDk#I"oҭ,,^4"F] 4MZAmBBwSNݫtjL#ч {V0jA$I$Yt:㭕 A0L'hOQhz˲Q@t MӣrrrXpS~OA$kS̋8h4L2i|A8_d%:n^/:u깄fo10je@Qz Zi8t:_ƪIb ?bH$P᭕@ueY1 p[+$9?NDvx)>>lRmmqo`OOOO?RAB~ ѧ\X ""bcc9&ڵk_t ;w3 3;ث E^A/ԁ|A$ ү`4/D^^ޭF~>~X1qqqg͚o֬Y5vQ4z5@ :M v-Uv@}.+DV,{+i,6-eYAt ,өS/^gP]c:A&uǽV(aUN0 f7;(} D&ZVe ")j:l6xx'>WbqJ:ċw:"ɜA C@Qz ^QBC?;7\997:gƔ 2J :GA.ֈ\gtnDzweS 2UTM!*V(h ɂHǛd2Y)vMzz*b DY );:Q91~|5vzfXuh$ !HgWY]]}z֭' 87TK!m"6M{ +AMcC ݤ'wtF,KwNV[- (JgX-0#XMZ*z~jn]rrr(T-`4Miz _,ǯ H$-:V;EQ'DD8\acz8WXX3􍛧x۶mEDD۸q:$Zb+{} #n_|qݻAP(YSL{NOz1βhKӴd^2bqF9z$##D"i.?O-Be$+0EQ`"p'L&d2y 0@0e١VUgDAqHXX,8 &pRyl|WȰl?pM)G]XXx$@oxw_ܳg"p_} ///)//M !,XG-^gVF+cD 2NK$Xb+mD 6$m$IaBa gf(0 0a,;jƱ,+⻉7siV4=,**[o5!**$F |*j˟Rilláw`5hqa?)iiigOwgP^^.\x"aA83cƌw,XPy a/ ^VF+#:nei4 +#(w=;;~t:pBe  @>V iZ nai+^c418N暽a$I^䅥#\ry_q$:Hd8΁a.3 2aTEiiN*JJJ|6rHؼlCN]]k3˟_OVXR yHYX>V&??.줕q],C,7t]F{DDD@\\nwTSvvvfq\h2$&I`2z P[X~Ͳlb :iǞ8K_RgxX@nmEďiiio222~+ɯ p\?V-q'M}+O,ǭ`[-W I$I^#༰L&S,iӦ;,cй,ˊ-K,pM!/Ix׳hZ+ ~ߓOח]DmΓhUU)))jܶm[.H8hankFRRRBJsllo5kVP(lqu` `&*??hL-..~0܀\AAuֽ#pr>QmB@8 \._UVVeeZ, 2|c!2 /,,$I$IqF< 'H~&gY֓vܖ;"iz$մp M*Vy׳,[).$ygD/#FX;~xL&cТT*+Vl>~g8$`mXc'MI&5V8p9g)5ꫯu:]M0`\p%Xv3]T5cƌ-X=5L(\XhԞ8qbci:VXF ͝;?Oر#nxGïimY4yT뉳L:eEu):\h$ ,Z-KT18 <#ƕ+W>]tv;xv> Dr>|nRRRSG>?ѯ |[֭[7Onm+VlQ*={],/ YYYSC=vV˔H~ܖp2']Zvq-B’H$Xll, rv@+ۙ quSO+|F,5҅Vh`lxoŕ*0==}ĉAFFbp@ӧ$%%uzݒU8t¯=BE[w()++i\Aeر566vUݻ]n]eˎz^JZ*eJ3< ^vp΂~gJ+,@O@v;VXX8h4jyѸS &$$|7uԯz!NW-ɜP]]-q<\[A &ЕvذaCz}}'{@А E"Qq oL\\\[ol6wЗF>!m0÷$hᄈΝvǎC@[nQJJm[8L;zO@a:΂  //||~gZ|sqf4'>0ow\d2I}L:wx̙?kJEGGsg'k: tV\\0eYOk{m,[gwdڎs ޜFDqqqhw׮]+**v\q:h*@zz^_ґ_i.ux+m`JIIVpLjTL ֭[m3f\MtBKKK[-xq oCyyaы/~1%%nYI3PN8@%v1MpIԩSc-G@ZZ \(*;zV $NƚXu]t [hq|ZVX\RNF;hqv(++~ Ç3 38X$c 78η233+rx%e8[+͛]揤ٳg]|D]x7nE_ b1T*}塇^LP߳e'ϴgϞ1۷oz2Mӣ~28%%LIIdWn HWillʺ]ORRRRWWo>>5xyp1a„uap~O=3M8yh4u._ DF/4tҿ@ ٳK6oiyy+}KXr^^ޱ3gV"WPea+6sq5&& h;; _GǸqʋd2o\qL&^yT*|td^D޽{~VVVٚ5k)JomڴIaÆ{iiiִmyyy:NaۍFcT*=qܙd0 b|=_7ܠsȾ=3Smw0v RRRjw_sa @h4Oemg\oOKߵw_⾙5kYf܃Yc}N@pwqeq8?8EQ;wt\#bG"ΝaaHѰ0<1///+(//͛,[l_ 퐀"@ {U㷬%oWbyJU5t:Lv#vkm@ 'y޽ݻw7ï/=IKK|?Ѕ h~QXX8aA8bݺu)))'C=P\Xa + QSߑUpdƔ=/JIId7]Ku+@tyrOH$~{OIIɿBÞ>s-tc_k׮V]yӂ\XңTSu+\4iV^^T3qsaL> 6,//^O\bb+VX__?·dPYA8dݻw_n]ѲeˊC=PMz"$O~||<3r쟖-[VbŊ^1LOΝ;Up b1bDIIJJj={z0pL3.YfB!oIIIٳ?a֭{ 佌BIO Hsa1 #`Y!"~\~llDBC5 mfGf̘ xWq~׿XƎa<#? z补ٳg'&&n ]{6lxn] 9 CbjƲ$I{^[Cʤ[(Jv͚5f̘Tw'脄3fh! #Rl%K裏f.\ms m}=A6X xOzO}AL 0moKgϞjS^ ºkܾ  $3..;Z1 9ŕ85R*׿6tc&eHeLv"%%e߼y 'Nvɔ .A^LNN 333RTo?,s8$%%9^~[zvlqxjjrVKW?: 4?D :g_~=Pk왙3guEE1o޼g- 5}΅ŋFbhL4V d2YN;jdj2!,Z =9ڪm6a\T2 uv>y։8F*6I$p:pň(%(b9(v\+\[.`$~?blq g%9G.]:ܭ9?Z}JlP]]=`0XpS#GX,_X,>R>x6''֓'O m65ǾpႠ8u|ʕ,Y˗!33sY\\b/Pάl֟ .8^kR;n,Ze˖=xb]555ѵ^ziǺtԞ:R ?c^t{ժU111+w䌘cƌF_KLL\P()}111_̚5kEQkjj3F3l6>cJjڹfYHBrCILL\P(v* 駟j<㭪k|g_z'lR({ Ŷ?޽;e6UQQQC=\EPQ(.3.>>scbby,Kx=wqDz>h)S)/]n|/^B_UU%gL&{oժU 4 [l\P|P(|F][[ItIJe>| EB#˷8'111O?[,?z'OܻwovRR#й:vϙ3gX,7mA>==(Jʟϡ ~zX,= b7nܸF$v?Ͽ{겲64yǗ/_d-[l&!`J9sD)LEر֑#G7nvh-..~/xwї^zogϞ}… >*--H$2lv;,\p֭[:thٳ#HZ=:a֭,;r͚5P*EIV]v W*zj._|QFٗ-[VdX"|7i9gΜ'*)RL&Gv A d$ȑA]4N<)gB*pTo?9r… ۵kPүG f:ulʕ×,Y_|7VhpW*wj פ,_ŋ߹k׮555"f3},Z>glUK.uqx˖-`(`GN먮.Zr8eҥxIT*7GEEK., dff.0`@і-[s,bm59bɓ':W555޲'KsXv˖-}k׮{&113gΈ|ބgΜ@.]z'\ti2q#϶n*|;N&O>-歞z,*BP,^-ku8]v >^,`Kv4)nߩS ޤbB?禰@xKCZPP0h4ꋋSư,c8bJ:^M:N&uG-<>;є0h4h4~M?6swO9@^] w @PJwsRyeĉ}?~|qjJKKQ(G׿*Jp}cǎ}m۶L6Nh/X(`׮]0 [o=77w8aHaŋ/]߿ߒHl)))yeفp+9s ] ҶmۦM0$33H$Bp$IZredogfssssM&Sn?7ŋSSSsv#G<l!I ݑoo|G}ǿ(jAN~f͚uJϟ-[͛oqrRI' q<"))q8y9_hYY$s-اOyRR|nycΝ]@%%%V-K.裏6x=""{9JBQTUUE EE`Vp8T|SFﴬL;gΜnRt͟?ˢ9[l!">>ޤwfI||q͛uĉվV)NWT\\|lokwTA$Iҟ~iq|p;>wm'N:o޼'NX aNgOt:Qedd(H.rWFGjR $I^&I<Z  0CM6=hXC%+`4|mK-WHte Z~jaS?ApgoMq\QZT*U 劊^_XPPX^^ވiӦ|ѻ~III &,...d2E^A~ iii{Z˗/~8p;(ׯ_K<״~}X.<@[{l >x<8~}ݺu=%"!sa\.Zd>ݶ#5Nd2qNWT*U x`ή999ptRTt:YVW t eف%R=Ǎm_J͛7wK@Dz2Qcc~f@PW_/\|,OV,+0 $V\iol8^-+W|Pʻ ###A(^'xb%K6.9hl"H'N\W /۷GFu$ʕ+ E.^8D̳n~{/EQŋzH;vlcdd'[d6;P _}wdYV)Hp[sΝ{tʔ)oqVZ5kb0|AW_ɳeFAum]8. ӧWA|(9t r??fff֋D"lݺu&q3\.࿳TVV&2 #dYvHDDD5kv]Oĉ?+xWرo>T$;zp8ݻ9sNhx8~VR}U4: Ans/9(6 v`ǯpbن4=?O4MyX-Njl6po:K0j8ڹs<))jÇr GOю,**J9sfUWW'8vX4jݿ=TZhQǏnTVV y$ IҚsn+V:mD"cݺu eUYY)*>NjN53I?\-_|s=(++#FCMtiiig0 s655^|ŗiii<^v\~&55@cPRRvnٲM6ܙk&++k?ȑ#[6o|'|bBBžӧ{{n2+++V@gTTTdΜ9j#ӧO~[YYYwTRRB==""܎;ƧOMMXRR"]fj/^".qXJ 8:PxpΜ9_O6;FS- [{2t%:kV$)>kXc-RP4+?j(u IIIxǏOb;nbb 55̫x޼y NSt̙3sV^ErssZ,&L0SnnŒ8a„D"^z ÇOV)q8Qo[ppuEW)))k^jU 4M/ohk!H977be„ E>=b̈́ {`ӧOK _,;N z뭿qw)99yfS͛7SPxiH$2Y)SSO=uرcޱcG֝wP---رc+Ϗ~{ Lcc#;& RRR>ݷo¢_tI1cƌWk ޞ/jKa5kr>z޽v\/^W|ӹf͚|A޽{hѢN5Ryeƍ̜9s?XE~饗^;vlcBBBmV3~S'On}_+SRRvDE7Vmزe˞F )=|֯_ՙ3g.XHtzΜ9Jlĉ9uW:9m7)ّ뢙o8t1 =X 2^iQ}Y-Ojĝj罬V^hzd?21>0mv18nd?y>4iҹ!55uǯUwĉb$s`ĴѵvWPb`j9UyV˲e|p}eҥ-[vAb4/..~a,B3Bρ[O5k־Yf]H$yc" yJ$i|ʼF̞hmW0Z~ b-ZvM|e"r׮] Fqbqq񤆆q,*TbBR:^&2cW6_vݽ6 _c- XpEkqvmT vTQQqRAn*[^4t571-a V_Tb ۮr+R!MCOx aЉ *pd))){ϟ0%%R&]A@<_{/ZD ⭖Quk0 s577þ}dFQA5A%LV鿠2 ~e&NZ"(rjYl˗u'N\(JI|:AA?}R($%=bfXD")?p@h|ܽrDе _T*>q<--H$/q 7Y-t :N9" Hs3 oNWFT  "jpgPYe2YN۫N:2!!ųY@t$ 7[-.~xO~A@ ӃV'' QH@˜V"w]OX,ʠ*CT'@ ` 0LrjZyA@ z$ 72@ }$ H@% K A D@@ .@ ] @ ws\tEXtSoftwarewww.inkscape.org<IENDB`rack-2.1.4/test/multipart/robust_field_separation000066400000000000000000000001501367177163600223040ustar00rootroot00000000000000--AaB03x Content-Disposition: form-data;name="text" Content-Type: text/plain contents --AaB03x-- rack-2.1.4/test/multipart/semicolon000066400000000000000000000001771367177163600173770ustar00rootroot00000000000000--AaB03x Content-Disposition: form-data; name="files"; filename="fi;le1.txt" Content-Type: text/plain contents --AaB03x--rack-2.1.4/test/multipart/text000066400000000000000000000004631367177163600163710ustar00rootroot00000000000000--AaB03x Content-Disposition: form-data; name="submit-name" Larry --AaB03x Content-Disposition: form-data; name="submit-name-with-content" Content-Type: text/plain Berry --AaB03x Content-Disposition: form-data; name="files"; filename="file1.txt" Content-Type: text/plain contents --AaB03x--rack-2.1.4/test/multipart/three_files_three_fields000066400000000000000000000015561367177163600224170ustar00rootroot00000000000000--AaB03x content-disposition: form-data; name="reply" yes --AaB03x content-disposition: form-data; name="to" people --AaB03x content-disposition: form-data; name="from" others --AaB03x content-disposition: form-data; name="fileupload1"; filename="file1.jpg" Content-Type: image/jpeg Content-Transfer-Encoding: base64 /9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg --AaB03x content-disposition: form-data; name="fileupload2"; filename="file2.jpg" Content-Type: image/jpeg Content-Transfer-Encoding: base64 /9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg --AaB03x content-disposition: form-data; name="fileupload3"; filename="file3.jpg" Content-Type: image/jpeg Content-Transfer-Encoding: base64 /9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg --AaB03x-- rack-2.1.4/test/multipart/unity3d_wwwform000066400000000000000000000004571367177163600205770ustar00rootroot00000000000000--AaB03x Content-Type: text/plain; charset="utf-8" Content-disposition: form-data; name="user_sid" bbf14f82-d2aa-4c07-9fb8-ca6714a7ea97 --AaB03x Content-Type: image/png; charset=UTF-8 Content-disposition: form-data; name="file"; filename="b67879ed-bfed-4491-a8cc-f99cca769f94.png" --AaB03x rack-2.1.4/test/multipart/webkit000066400000000000000000000014531367177163600166720ustar00rootroot00000000000000------WebKitFormBoundaryWLHCs9qmcJJoyjKR Content-Disposition: form-data; name="_method" put ------WebKitFormBoundaryWLHCs9qmcJJoyjKR Content-Disposition: form-data; name="profile[blog]" ------WebKitFormBoundaryWLHCs9qmcJJoyjKR Content-Disposition: form-data; name="profile[public_email]" ------WebKitFormBoundaryWLHCs9qmcJJoyjKR Content-Disposition: form-data; name="profile[interests]" ------WebKitFormBoundaryWLHCs9qmcJJoyjKR Content-Disposition: form-data; name="profile[bio]" hello "quote" ------WebKitFormBoundaryWLHCs9qmcJJoyjKR Content-Disposition: form-data; name="media"; filename="" Content-Type: application/octet-stream ------WebKitFormBoundaryWLHCs9qmcJJoyjKR Content-Disposition: form-data; name="commit" Save ------WebKitFormBoundaryWLHCs9qmcJJoyjKR-- rack-2.1.4/test/rackup/000077500000000000000000000000001367177163600147235ustar00rootroot00000000000000rack-2.1.4/test/rackup/.gitignore000066400000000000000000000000131367177163600167050ustar00rootroot00000000000000log_output rack-2.1.4/test/rackup/config.ru000066400000000000000000000015521367177163600165430ustar00rootroot00000000000000# frozen_string_literal: true require "#{File.dirname(__FILE__)}/../testrequest" $stderr = File.open("#{File.dirname(__FILE__)}/log_output", "w") class EnvMiddleware def initialize(app) @app = app end def call(env) # provides a way to test that lint is present if env["PATH_INFO"] == "/broken_lint" return [200, {}, ["Broken Lint"]] # provides a way to kill the process without knowing the pid elsif env["PATH_INFO"] == "/die" exit! end env["test.$DEBUG"] = $DEBUG env["test.$EVAL"] = BUKKIT if defined?(BUKKIT) env["test.$VERBOSE"] = $VERBOSE env["test.$LOAD_PATH"] = $LOAD_PATH env["test.stderr"] = File.expand_path($stderr.path) env["test.Ping"] = defined?(Ping) env["test.pid"] = Process.pid @app.call(env) end end use EnvMiddleware run TestRequest.new rack-2.1.4/test/registering_handler/000077500000000000000000000000001367177163600174555ustar00rootroot00000000000000rack-2.1.4/test/registering_handler/rack/000077500000000000000000000000001367177163600203755ustar00rootroot00000000000000rack-2.1.4/test/registering_handler/rack/handler/000077500000000000000000000000001367177163600220125ustar00rootroot00000000000000rack-2.1.4/test/registering_handler/rack/handler/registering_myself.rb000066400000000000000000000002371367177163600262420ustar00rootroot00000000000000# frozen_string_literal: true module Rack module Handler class RegisteringMyself end register :registering_myself, RegisteringMyself end end rack-2.1.4/test/spec_auth_basic.rb000066400000000000000000000047741367177163600171130ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/auth/basic' require 'rack/lint' require 'rack/mock' describe Rack::Auth::Basic do def realm 'WallysWorld' end def unprotected_app Rack::Lint.new lambda { |env| [ 200, { 'Content-Type' => 'text/plain' }, ["Hi #{env['REMOTE_USER']}"] ] } end def protected_app app = Rack::Auth::Basic.new(unprotected_app) { |username, password| 'Boss' == username } app.realm = realm app end before do @request = Rack::MockRequest.new(protected_app) end def request_with_basic_auth(username, password, &block) request 'HTTP_AUTHORIZATION' => 'Basic ' + ["#{username}:#{password}"].pack("m*"), &block end def request(headers = {}) yield @request.get('/', headers) end def assert_basic_auth_challenge(response) response.must_be :client_error? response.status.must_equal 401 response.must_include 'WWW-Authenticate' response.headers['WWW-Authenticate'].must_match(/Basic realm="#{Regexp.escape(realm)}"/) response.body.must_be :empty? end it 'challenge correctly when no credentials are specified' do request do |response| assert_basic_auth_challenge response end end it 'rechallenge if incorrect credentials are specified' do request_with_basic_auth 'joe', 'password' do |response| assert_basic_auth_challenge response end end it 'return application output if correct credentials are specified' do request_with_basic_auth 'Boss', 'password' do |response| response.status.must_equal 200 response.body.to_s.must_equal 'Hi Boss' end end it 'return 400 Bad Request if different auth scheme used' do request 'HTTP_AUTHORIZATION' => 'Digest params' do |response| response.must_be :client_error? response.status.must_equal 400 response.wont_include 'WWW-Authenticate' end end it 'return 400 Bad Request for a malformed authorization header' do request 'HTTP_AUTHORIZATION' => '' do |response| response.must_be :client_error? response.status.must_equal 400 response.wont_include 'WWW-Authenticate' end end it 'return 401 Bad Request for a nil authorization header' do request 'HTTP_AUTHORIZATION' => nil do |response| response.must_be :client_error? response.status.must_equal 401 end end it 'takes realm as optional constructor arg' do app = Rack::Auth::Basic.new(unprotected_app, realm) { true } realm.must_equal app.realm end end rack-2.1.4/test/spec_auth_digest.rb000066400000000000000000000200351367177163600172750ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/auth/digest/md5' require 'rack/lint' require 'rack/mock' describe Rack::Auth::Digest::MD5 do def realm 'WallysWorld' end def unprotected_app Rack::Lint.new lambda { |env| friend = Rack::Utils.parse_query(env["QUERY_STRING"])["friend"] [ 200, { 'Content-Type' => 'text/plain' }, ["Hi #{env['REMOTE_USER']}#{friend ? " and #{friend}" : ''}"] ] } end def protected_app Rack::Auth::Digest::MD5.new(unprotected_app, realm: realm, opaque: 'this-should-be-secret') do |username| { 'Alice' => 'correct-password' }[username] end end def protected_app_with_hashed_passwords app = Rack::Auth::Digest::MD5.new(unprotected_app) do |username| username == 'Alice' ? Digest::MD5.hexdigest("Alice:#{realm}:correct-password") : nil end app.realm = realm app.opaque = 'this-should-be-secret' app.passwords_hashed = true app end def partially_protected_app Rack::URLMap.new({ '/' => unprotected_app, '/protected' => protected_app }) end def protected_app_with_method_override Rack::MethodOverride.new(protected_app) end before do @request = Rack::MockRequest.new(protected_app) end def request(method, path, headers = {}, &block) response = @request.request(method, path, headers) block.call(response) if block return response end class MockDigestRequest def initialize(params) @params = params end def method_missing(sym) if @params.has_key? k = sym.to_s return @params[k] end super end def method @params['method'] end def response(password) Rack::Auth::Digest::MD5.new(nil).send :digest, self, password end end def request_with_digest_auth(method, path, username, password, options = {}, &block) request_options = {} request_options[:input] = options.delete(:input) if options.include? :input response = request(method, path, request_options) return response unless response.status == 401 if wait = options.delete(:wait) sleep wait end challenge = response['WWW-Authenticate'].split(' ', 2).last params = Rack::Auth::Digest::Params.parse(challenge) params['username'] = username params['nc'] = '00000001' params['cnonce'] = 'nonsensenonce' params['uri'] = path params['method'] = method params.update options params['response'] = MockDigestRequest.new(params).response(password) request(method, path, request_options.merge('HTTP_AUTHORIZATION' => "Digest #{params}"), &block) end def assert_digest_auth_challenge(response) response.must_be :client_error? response.status.must_equal 401 response.must_include 'WWW-Authenticate' response.headers['WWW-Authenticate'].must_match(/^Digest /) response.body.must_be :empty? end def assert_bad_request(response) response.must_be :client_error? response.status.must_equal 400 response.wont_include 'WWW-Authenticate' end it 'challenge when no credentials are specified' do request 'GET', '/' do |response| assert_digest_auth_challenge response end end it 'return application output if correct credentials given' do request_with_digest_auth 'GET', '/', 'Alice', 'correct-password' do |response| response.status.must_equal 200 response.body.to_s.must_equal 'Hi Alice' end end it 'return application output if correct credentials given (hashed passwords)' do @request = Rack::MockRequest.new(protected_app_with_hashed_passwords) request_with_digest_auth 'GET', '/', 'Alice', 'correct-password' do |response| response.status.must_equal 200 response.body.to_s.must_equal 'Hi Alice' end end it 'rechallenge if incorrect username given' do request_with_digest_auth 'GET', '/', 'Bob', 'correct-password' do |response| assert_digest_auth_challenge response end end it 'rechallenge if incorrect password given' do request_with_digest_auth 'GET', '/', 'Alice', 'wrong-password' do |response| assert_digest_auth_challenge response end end it 'rechallenge if incorrect user and blank password given' do request_with_digest_auth 'GET', '/', 'Bob', '' do |response| assert_digest_auth_challenge response end end it 'not rechallenge if nonce is not stale' do begin Rack::Auth::Digest::Nonce.time_limit = 10 request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', wait: 1 do |response| response.status.must_equal 200 response.body.to_s.must_equal 'Hi Alice' response.headers['WWW-Authenticate'].wont_match(/\bstale=true\b/) end ensure Rack::Auth::Digest::Nonce.time_limit = nil end end it 'rechallenge with stale parameter if nonce is stale' do begin Rack::Auth::Digest::Nonce.time_limit = 1 request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', wait: 2 do |response| assert_digest_auth_challenge response response.headers['WWW-Authenticate'].must_match(/\bstale=true\b/) end ensure Rack::Auth::Digest::Nonce.time_limit = nil end end it 'return 400 Bad Request if incorrect qop given' do request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', 'qop' => 'auth-int' do |response| assert_bad_request response end end it 'return 400 Bad Request if incorrect uri given' do request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', 'uri' => '/foo' do |response| assert_bad_request response end end it 'return 400 Bad Request if different auth scheme used' do request 'GET', '/', 'HTTP_AUTHORIZATION' => 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==' do |response| assert_bad_request response end end it 'not require credentials for unprotected path' do @request = Rack::MockRequest.new(partially_protected_app) request 'GET', '/' do |response| response.must_be :ok? end end it 'challenge when no credentials are specified for protected path' do @request = Rack::MockRequest.new(partially_protected_app) request 'GET', '/protected' do |response| assert_digest_auth_challenge response end end it 'return application output if correct credentials given for protected path' do @request = Rack::MockRequest.new(partially_protected_app) request_with_digest_auth 'GET', '/protected', 'Alice', 'correct-password' do |response| response.status.must_equal 200 response.body.to_s.must_equal 'Hi Alice' end end it 'return application output when used with a query string and path as uri' do @request = Rack::MockRequest.new(partially_protected_app) request_with_digest_auth 'GET', '/protected?friend=Mike', 'Alice', 'correct-password' do |response| response.status.must_equal 200 response.body.to_s.must_equal 'Hi Alice and Mike' end end it 'return application output when used with a query string and fullpath as uri' do @request = Rack::MockRequest.new(partially_protected_app) qs_uri = '/protected?friend=Mike' request_with_digest_auth 'GET', qs_uri, 'Alice', 'correct-password', 'uri' => qs_uri do |response| response.status.must_equal 200 response.body.to_s.must_equal 'Hi Alice and Mike' end end it 'return application output if correct credentials given for POST' do request_with_digest_auth 'POST', '/', 'Alice', 'correct-password' do |response| response.status.must_equal 200 response.body.to_s.must_equal 'Hi Alice' end end it 'return application output if correct credentials given for PUT (using method override of POST)' do @request = Rack::MockRequest.new(protected_app_with_method_override) request_with_digest_auth 'POST', '/', 'Alice', 'correct-password', input: "_method=put" do |response| response.status.must_equal 200 response.body.to_s.must_equal 'Hi Alice' end end it 'takes realm as optional constructor arg' do app = Rack::Auth::Digest::MD5.new(unprotected_app, realm) { true } realm.must_equal app.realm end end rack-2.1.4/test/spec_body_proxy.rb000066400000000000000000000042061367177163600171750ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/body_proxy' require 'stringio' describe Rack::BodyProxy do it 'call each on the wrapped body' do called = false proxy = Rack::BodyProxy.new(['foo']) { } proxy.each do |str| called = true str.must_equal 'foo' end called.must_equal true end it 'call close on the wrapped body' do body = StringIO.new proxy = Rack::BodyProxy.new(body) { } proxy.close body.must_be :closed? end it 'only call close on the wrapped body if it responds to close' do body = [] proxy = Rack::BodyProxy.new(body) { } proxy.close.must_be_nil end it 'call the passed block on close' do called = false proxy = Rack::BodyProxy.new([]) { called = true } called.must_equal false proxy.close called.must_equal true end it 'call the passed block on close even if there is an exception' do object = Object.new def object.close() raise "No!" end called = false begin proxy = Rack::BodyProxy.new(object) { called = true } called.must_equal false proxy.close rescue RuntimeError => e end raise "Expected exception to have been raised" unless e called.must_equal true end it 'allow multiple arguments in respond_to?' do body = [] proxy = Rack::BodyProxy.new(body) { } proxy.respond_to?(:foo, false).must_equal false end it 'not respond to :to_ary' do body = Object.new.tap { |o| def o.to_ary() end } body.respond_to?(:to_ary).must_equal true proxy = Rack::BodyProxy.new(body) { } x = [proxy] assert_equal x, x.flatten end it 'not close more than one time' do count = 0 proxy = Rack::BodyProxy.new([]) { count += 1; raise "Block invoked more than 1 time!" if count > 1 } 2.times { proxy.close } count.must_equal 1 end it 'be closed when the callback is triggered' do closed = false proxy = Rack::BodyProxy.new([]) { closed = proxy.closed? } proxy.close closed.must_equal true end it 'provide an #each method' do Rack::BodyProxy.method_defined?(:each).must_equal true end end rack-2.1.4/test/spec_builder.rb000066400000000000000000000172021367177163600164250ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/builder' require 'rack/lint' require 'rack/mock' require 'rack/show_exceptions' require 'rack/urlmap' class NothingMiddleware def initialize(app, **) @app = app end def call(env) @@env = env response = @app.call(env) response end def self.env @@env end end describe Rack::Builder do def builder(&block) Rack::Lint.new Rack::Builder.new(&block) end def builder_to_app(&block) Rack::Lint.new Rack::Builder.new(&block).to_app end it "supports mapping" do app = builder_to_app do map '/' do |outer_env| run lambda { |inner_env| [200, { "Content-Type" => "text/plain" }, ['root']] } end map '/sub' do run lambda { |inner_env| [200, { "Content-Type" => "text/plain" }, ['sub']] } end end Rack::MockRequest.new(app).get("/").body.to_s.must_equal 'root' Rack::MockRequest.new(app).get("/sub").body.to_s.must_equal 'sub' end it "doesn't dupe env even when mapping" do app = builder_to_app do use NothingMiddleware, noop: :noop map '/' do |outer_env| run lambda { |inner_env| inner_env['new_key'] = 'new_value' [200, { "Content-Type" => "text/plain" }, ['root']] } end end Rack::MockRequest.new(app).get("/").body.to_s.must_equal 'root' NothingMiddleware.env['new_key'].must_equal 'new_value' end it "dupe #to_app when mapping so Rack::Reloader can reload the application on each request" do app = builder do map '/' do |outer_env| run lambda { |env| [200, { "Content-Type" => "text/plain" }, [object_id.to_s]] } end end builder_app1_id = Rack::MockRequest.new(app).get("/").body.to_s builder_app2_id = Rack::MockRequest.new(app).get("/").body.to_s builder_app2_id.wont_equal builder_app1_id end it "chains apps by default" do app = builder_to_app do use Rack::ShowExceptions run lambda { |env| raise "bzzzt" } end Rack::MockRequest.new(app).get("/").must_be :server_error? Rack::MockRequest.new(app).get("/").must_be :server_error? Rack::MockRequest.new(app).get("/").must_be :server_error? end it "has implicit #to_app" do app = builder do use Rack::ShowExceptions run lambda { |env| raise "bzzzt" } end Rack::MockRequest.new(app).get("/").must_be :server_error? Rack::MockRequest.new(app).get("/").must_be :server_error? Rack::MockRequest.new(app).get("/").must_be :server_error? end it "supports blocks on use" do app = builder do use Rack::ShowExceptions use Rack::Auth::Basic do |username, password| 'secret' == password end run lambda { |env| [200, { "Content-Type" => "text/plain" }, ['Hi Boss']] } end response = Rack::MockRequest.new(app).get("/") response.must_be :client_error? response.status.must_equal 401 # with auth... response = Rack::MockRequest.new(app).get("/", 'HTTP_AUTHORIZATION' => 'Basic ' + ["joe:secret"].pack("m*")) response.status.must_equal 200 response.body.to_s.must_equal 'Hi Boss' end it "has explicit #to_app" do app = builder do use Rack::ShowExceptions run lambda { |env| raise "bzzzt" } end Rack::MockRequest.new(app).get("/").must_be :server_error? Rack::MockRequest.new(app).get("/").must_be :server_error? Rack::MockRequest.new(app).get("/").must_be :server_error? end it "can mix map and run for endpoints" do app = builder do map '/sub' do run lambda { |inner_env| [200, { "Content-Type" => "text/plain" }, ['sub']] } end run lambda { |inner_env| [200, { "Content-Type" => "text/plain" }, ['root']] } end Rack::MockRequest.new(app).get("/").body.to_s.must_equal 'root' Rack::MockRequest.new(app).get("/sub").body.to_s.must_equal 'sub' end it "accepts middleware-only map blocks" do app = builder do map('/foo') { use Rack::ShowExceptions } run lambda { |env| raise "bzzzt" } end proc { Rack::MockRequest.new(app).get("/") }.must_raise(RuntimeError) Rack::MockRequest.new(app).get("/foo").must_be :server_error? end it "yields the generated app to a block for warmup" do warmed_up_app = nil app = Rack::Builder.new do warmup { |a| warmed_up_app = a } run lambda { |env| [200, {}, []] } end.to_app warmed_up_app.must_equal app end it "initialize apps once" do app = builder do class AppClass def initialize @called = 0 end def call(env) raise "bzzzt" if @called > 0 @called += 1 [200, { 'Content-Type' => 'text/plain' }, ['OK']] end end use Rack::ShowExceptions run AppClass.new end Rack::MockRequest.new(app).get("/").status.must_equal 200 Rack::MockRequest.new(app).get("/").must_be :server_error? end it "allows use after run" do app = builder do run lambda { |env| raise "bzzzt" } use Rack::ShowExceptions end Rack::MockRequest.new(app).get("/").must_be :server_error? Rack::MockRequest.new(app).get("/").must_be :server_error? Rack::MockRequest.new(app).get("/").must_be :server_error? end it "supports #freeze_app for freezing app and middleware" do app = builder do freeze_app use Rack::ShowExceptions use(Class.new do def initialize(app) @app = app end def call(env) @a = 1 if env['PATH_INFO'] == '/a'; @app.call(env) end end) o = Object.new def o.call(env) @a = 1 if env['PATH_INFO'] == '/b'; [200, {}, []] end run o end Rack::MockRequest.new(app).get("/a").must_be :server_error? Rack::MockRequest.new(app).get("/b").must_be :server_error? Rack::MockRequest.new(app).get("/c").status.must_equal 200 end it 'complains about a missing run' do proc do Rack::Lint.new Rack::Builder.app { use Rack::ShowExceptions } end.must_raise(RuntimeError) end describe "parse_file" do def config_file(name) File.join(File.dirname(__FILE__), 'builder', name) end it "parses commented options" do app, options = Rack::Builder.parse_file config_file('options.ru') options[:debug].must_equal true options[:environment].must_equal 'test' options[:Port].must_equal '2929' Rack::MockRequest.new(app).get("/").body.to_s.must_equal 'OK' end it "removes __END__ before evaluating app" do app, _ = Rack::Builder.parse_file config_file('end.ru') Rack::MockRequest.new(app).get("/").body.to_s.must_equal 'OK' end it "supports multi-line comments" do proc, env = Rack::Builder.parse_file(config_file('comment.ru')) proc.must_be_kind_of Proc env.must_equal({}) end it 'requires an_underscore_app not ending in .ru' do $: << File.dirname(__FILE__) app, * = Rack::Builder.parse_file 'builder/an_underscore_app' Rack::MockRequest.new(app).get('/').body.to_s.must_equal 'OK' $:.pop end it "sets __LINE__ correctly" do app, _ = Rack::Builder.parse_file config_file('line.ru') Rack::MockRequest.new(app).get("/").body.to_s.must_equal '3' end it "strips leading unicode byte order mark when present" do app, _ = Rack::Builder.parse_file config_file('bom.ru') Rack::MockRequest.new(app).get("/").body.to_s.must_equal 'OK' end end describe 'new_from_string' do it "builds a rack app from string" do app, = Rack::Builder.new_from_string "run lambda{|env| [200, {'Content-Type' => 'text/plane'}, ['OK']] }" Rack::MockRequest.new(app).get("/").body.to_s.must_equal 'OK' end end end rack-2.1.4/test/spec_cascade.rb000066400000000000000000000042741367177163600163670ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack' require 'rack/cascade' require 'rack/files' require 'rack/lint' require 'rack/urlmap' require 'rack/mock' describe Rack::Cascade do def cascade(*args) Rack::Lint.new Rack::Cascade.new(*args) end docroot = File.expand_path(File.dirname(__FILE__)) app1 = Rack::Files.new(docroot) app2 = Rack::URLMap.new("/crash" => lambda { |env| raise "boom" }) app3 = Rack::URLMap.new("/foo" => lambda { |env| [200, { "Content-Type" => "text/plain" }, [""]]}) it "dispatch onward on 404 and 405 by default" do cascade = cascade([app1, app2, app3]) Rack::MockRequest.new(cascade).get("/cgi/test").must_be :ok? Rack::MockRequest.new(cascade).get("/foo").must_be :ok? Rack::MockRequest.new(cascade).get("/toobad").must_be :not_found? Rack::MockRequest.new(cascade).get("/cgi/../..").must_be :client_error? # Put is not allowed by Rack::Files so it'll 405. Rack::MockRequest.new(cascade).put("/foo").must_be :ok? end it "dispatch onward on whatever is passed" do cascade = cascade([app1, app2, app3], [404, 403]) Rack::MockRequest.new(cascade).get("/cgi/../bla").must_be :not_found? end it "return 404 if empty" do Rack::MockRequest.new(cascade([])).get('/').must_be :not_found? end it "append new app" do cascade = Rack::Cascade.new([], [404, 403]) Rack::MockRequest.new(cascade).get('/').must_be :not_found? cascade << app2 Rack::MockRequest.new(cascade).get('/cgi/test').must_be :not_found? Rack::MockRequest.new(cascade).get('/cgi/../bla').must_be :not_found? cascade << app1 Rack::MockRequest.new(cascade).get('/cgi/test').must_be :ok? Rack::MockRequest.new(cascade).get('/cgi/../..').must_be :client_error? Rack::MockRequest.new(cascade).get('/foo').must_be :not_found? cascade << app3 Rack::MockRequest.new(cascade).get('/foo').must_be :ok? end it "close the body on cascade" do body = StringIO.new closer = lambda { |env| [404, {}, body] } cascade = Rack::Cascade.new([closer, app3], [404]) Rack::MockRequest.new(cascade).get("/foo").must_be :ok? body.must_be :closed? end end rack-2.1.4/test/spec_chunked.rb000066400000000000000000000111621367177163600164170ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/chunked' require 'rack/lint' require 'rack/mock' describe Rack::Chunked do def chunked(app) proc do |env| app = Rack::Chunked.new(app) response = Rack::Lint.new(app).call(env) # we want to use body like an array, but it only has #each response[2] = response[2].to_enum.to_a response end end before do @env = Rack::MockRequest. env_for('/', 'SERVER_PROTOCOL' => 'HTTP/1.1', 'REQUEST_METHOD' => 'GET') end class TrailerBody def each(&block) ['Hello', ' ', 'World!'].each(&block) end def trailers { "Expires" => "tomorrow" } end end it 'yields trailer headers after the response' do app = lambda { |env| [200, { "Content-Type" => "text/plain", "Trailer" => "Expires" }, TrailerBody.new] } response = Rack::MockResponse.new(*chunked(app).call(@env)) response.headers.wont_include 'Content-Length' response.headers['Transfer-Encoding'].must_equal 'chunked' response.body.must_equal "5\r\nHello\r\n1\r\n \r\n6\r\nWorld!\r\n0\r\nExpires: tomorrow\r\n\r\n" end it 'chunk responses with no Content-Length' do app = lambda { |env| [200, { "Content-Type" => "text/plain" }, ['Hello', ' ', 'World!']] } response = Rack::MockResponse.new(*chunked(app).call(@env)) response.headers.wont_include 'Content-Length' response.headers['Transfer-Encoding'].must_equal 'chunked' response.body.must_equal "5\r\nHello\r\n1\r\n \r\n6\r\nWorld!\r\n0\r\n\r\n" end it 'chunks empty bodies properly' do app = lambda { |env| [200, { "Content-Type" => "text/plain" }, []] } response = Rack::MockResponse.new(*chunked(app).call(@env)) response.headers.wont_include 'Content-Length' response.headers['Transfer-Encoding'].must_equal 'chunked' response.body.must_equal "0\r\n\r\n" end it 'chunks encoded bodies properly' do body = ["\uFFFEHello", " ", "World"].map {|t| t.encode("UTF-16LE") } app = lambda { |env| [200, { "Content-Type" => "text/plain" }, body] } response = Rack::MockResponse.new(*chunked(app).call(@env)) response.headers.wont_include 'Content-Length' response.headers['Transfer-Encoding'].must_equal 'chunked' response.body.encoding.to_s.must_equal "ASCII-8BIT" response.body.must_equal "c\r\n\xFE\xFFH\x00e\x00l\x00l\x00o\x00\r\n2\r\n \x00\r\na\r\nW\x00o\x00r\x00l\x00d\x00\r\n0\r\n\r\n".dup.force_encoding("BINARY") response.body.must_equal "c\r\n\xFE\xFFH\x00e\x00l\x00l\x00o\x00\r\n2\r\n \x00\r\na\r\nW\x00o\x00r\x00l\x00d\x00\r\n0\r\n\r\n".dup.force_encoding(Encoding::BINARY) end it 'not modify response when Content-Length header present' do app = lambda { |env| [200, { "Content-Type" => "text/plain", 'Content-Length' => '12' }, ['Hello', ' ', 'World!']] } status, headers, body = chunked(app).call(@env) status.must_equal 200 headers.wont_include 'Transfer-Encoding' headers.must_include 'Content-Length' body.join.must_equal 'Hello World!' end it 'not modify response when client is HTTP/1.0' do app = lambda { |env| [200, { "Content-Type" => "text/plain" }, ['Hello', ' ', 'World!']] } @env['SERVER_PROTOCOL'] = 'HTTP/1.0' status, headers, body = chunked(app).call(@env) status.must_equal 200 headers.wont_include 'Transfer-Encoding' body.join.must_equal 'Hello World!' end it 'not modify response when client is ancient, pre-HTTP/1.0' do app = lambda { |env| [200, { "Content-Type" => "text/plain" }, ['Hello', ' ', 'World!']] } check = lambda do status, headers, body = chunked(app).call(@env.dup) status.must_equal 200 headers.wont_include 'Transfer-Encoding' body.join.must_equal 'Hello World!' end @env.delete('SERVER_PROTOCOL') # unicorn will do this on pre-HTTP/1.0 requests check.call @env['SERVER_PROTOCOL'] = 'HTTP/0.9' # not sure if this happens in practice check.call end it 'not modify response when Transfer-Encoding header already present' do app = lambda { |env| [200, { "Content-Type" => "text/plain", 'Transfer-Encoding' => 'identity' }, ['Hello', ' ', 'World!']] } status, headers, body = chunked(app).call(@env) status.must_equal 200 headers['Transfer-Encoding'].must_equal 'identity' body.join.must_equal 'Hello World!' end [100, 204, 304].each do |status_code| it "not modify response when status code is #{status_code}" do app = lambda { |env| [status_code, {}, []] } status, headers, _ = chunked(app).call(@env) status.must_equal status_code headers.wont_include 'Transfer-Encoding' end end end rack-2.1.4/test/spec_common_logger.rb000066400000000000000000000047121367177163600176300ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/common_logger' require 'rack/lint' require 'rack/mock' require 'logger' describe Rack::CommonLogger do obj = 'foobar' length = obj.size app = Rack::Lint.new lambda { |env| [200, { "Content-Type" => "text/html", "Content-Length" => length.to_s }, [obj]]} app_without_length = Rack::Lint.new lambda { |env| [200, { "Content-Type" => "text/html" }, []]} app_with_zero_length = Rack::Lint.new lambda { |env| [200, { "Content-Type" => "text/html", "Content-Length" => "0" }, []]} it "log to rack.errors by default" do res = Rack::MockRequest.new(Rack::CommonLogger.new(app)).get("/") res.errors.wont_be :empty? res.errors.must_match(/"GET \/ " 200 #{length} /) end it "log to anything with +write+" do log = StringIO.new Rack::MockRequest.new(Rack::CommonLogger.new(app, log)).get("/") log.string.must_match(/"GET \/ " 200 #{length} /) end it "work with standartd library logger" do logdev = StringIO.new log = Logger.new(logdev) Rack::MockRequest.new(Rack::CommonLogger.new(app, log)).get("/") logdev.string.must_match(/"GET \/ " 200 #{length} /) end it "log - content length if header is missing" do res = Rack::MockRequest.new(Rack::CommonLogger.new(app_without_length)).get("/") res.errors.wont_be :empty? res.errors.must_match(/"GET \/ " 200 - /) end it "log - content length if header is zero" do res = Rack::MockRequest.new(Rack::CommonLogger.new(app_with_zero_length)).get("/") res.errors.wont_be :empty? res.errors.must_match(/"GET \/ " 200 - /) end def with_mock_time(t = 0) mc = class << Time; self; end mc.send :alias_method, :old_now, :now mc.send :define_method, :now do at(t) end yield ensure mc.send :undef_method, :now mc.send :alias_method, :now, :old_now end it "log in common log format" do log = StringIO.new with_mock_time do Rack::MockRequest.new(Rack::CommonLogger.new(app, log)).get("/") end md = /- - - \[([^\]]+)\] "(\w+) \/ " (\d{3}) \d+ ([\d\.]+)/.match(log.string) md.wont_equal nil time, method, status, duration = *md.captures time.must_equal Time.at(0).strftime("%d/%b/%Y:%H:%M:%S %z") method.must_equal "GET" status.must_equal "200" (0..1).must_include duration.to_f end def length 123 end def self.obj "hello world" end end rack-2.1.4/test/spec_conditional_get.rb000066400000000000000000000065321367177163600201450ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'time' require 'rack/conditional_get' require 'rack/mock' describe Rack::ConditionalGet do def conditional_get(app) Rack::Lint.new Rack::ConditionalGet.new(app) end it "set a 304 status and truncate body when If-Modified-Since hits" do timestamp = Time.now.httpdate app = conditional_get(lambda { |env| [200, { 'Last-Modified' => timestamp }, ['TEST']] }) response = Rack::MockRequest.new(app). get("/", 'HTTP_IF_MODIFIED_SINCE' => timestamp) response.status.must_equal 304 response.body.must_be :empty? end it "set a 304 status and truncate body when If-Modified-Since hits and is higher than current time" do app = conditional_get(lambda { |env| [200, { 'Last-Modified' => (Time.now - 3600).httpdate }, ['TEST']] }) response = Rack::MockRequest.new(app). get("/", 'HTTP_IF_MODIFIED_SINCE' => Time.now.httpdate) response.status.must_equal 304 response.body.must_be :empty? end it "set a 304 status and truncate body when If-None-Match hits" do app = conditional_get(lambda { |env| [200, { 'ETag' => '1234' }, ['TEST']] }) response = Rack::MockRequest.new(app). get("/", 'HTTP_IF_NONE_MATCH' => '1234') response.status.must_equal 304 response.body.must_be :empty? end it "not set a 304 status if If-Modified-Since hits but Etag does not" do timestamp = Time.now.httpdate app = conditional_get(lambda { |env| [200, { 'Last-Modified' => timestamp, 'Etag' => '1234', 'Content-Type' => 'text/plain' }, ['TEST']] }) response = Rack::MockRequest.new(app). get("/", 'HTTP_IF_MODIFIED_SINCE' => timestamp, 'HTTP_IF_NONE_MATCH' => '4321') response.status.must_equal 200 response.body.must_equal 'TEST' end it "set a 304 status and truncate body when both If-None-Match and If-Modified-Since hits" do timestamp = Time.now.httpdate app = conditional_get(lambda { |env| [200, { 'Last-Modified' => timestamp, 'ETag' => '1234' }, ['TEST']] }) response = Rack::MockRequest.new(app). get("/", 'HTTP_IF_MODIFIED_SINCE' => timestamp, 'HTTP_IF_NONE_MATCH' => '1234') response.status.must_equal 304 response.body.must_be :empty? end it "not affect non-GET/HEAD requests" do app = conditional_get(lambda { |env| [200, { 'Etag' => '1234', 'Content-Type' => 'text/plain' }, ['TEST']] }) response = Rack::MockRequest.new(app). post("/", 'HTTP_IF_NONE_MATCH' => '1234') response.status.must_equal 200 response.body.must_equal 'TEST' end it "not affect non-200 requests" do app = conditional_get(lambda { |env| [302, { 'Etag' => '1234', 'Content-Type' => 'text/plain' }, ['TEST']] }) response = Rack::MockRequest.new(app). get("/", 'HTTP_IF_NONE_MATCH' => '1234') response.status.must_equal 302 response.body.must_equal 'TEST' end it "not affect requests with malformed HTTP_IF_NONE_MATCH" do bad_timestamp = Time.now.strftime('%Y-%m-%d %H:%M:%S %z') app = conditional_get(lambda { |env| [200, { 'Last-Modified' => (Time.now - 3600).httpdate, 'Content-Type' => 'text/plain' }, ['TEST']] }) response = Rack::MockRequest.new(app). get("/", 'HTTP_IF_MODIFIED_SINCE' => bad_timestamp) response.status.must_equal 200 response.body.must_equal 'TEST' end end rack-2.1.4/test/spec_config.rb000066400000000000000000000011511367177163600162400ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/builder' require 'rack/config' require 'rack/content_length' require 'rack/lint' require 'rack/mock' describe Rack::Config do it "accept a block that modifies the environment" do app = Rack::Builder.new do use Rack::Lint use Rack::Config do |env| env['greeting'] = 'hello' end run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, [env['greeting'] || '']] } end response = Rack::MockRequest.new(app).get('/') response.body.must_equal 'hello' end end rack-2.1.4/test/spec_content_length.rb000066400000000000000000000055221367177163600200140ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/content_length' require 'rack/lint' require 'rack/mock' describe Rack::ContentLength do def content_length(app) Rack::Lint.new Rack::ContentLength.new(app) end def request Rack::MockRequest.env_for end it "set Content-Length on Array bodies if none is set" do app = lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["Hello, World!"]] } response = content_length(app).call(request) response[1]['Content-Length'].must_equal '13' end it "not set Content-Length on variable length bodies" do body = lambda { "Hello World!" } def body.each ; yield call ; end app = lambda { |env| [200, { 'Content-Type' => 'text/plain' }, body] } response = content_length(app).call(request) response[1]['Content-Length'].must_be_nil end it "not change Content-Length if it is already set" do app = lambda { |env| [200, { 'Content-Type' => 'text/plain', 'Content-Length' => '1' }, "Hello, World!"] } response = content_length(app).call(request) response[1]['Content-Length'].must_equal '1' end it "not set Content-Length on 304 responses" do app = lambda { |env| [304, {}, []] } response = content_length(app).call(request) response[1]['Content-Length'].must_be_nil end it "not set Content-Length when Transfer-Encoding is chunked" do app = lambda { |env| [200, { 'Content-Type' => 'text/plain', 'Transfer-Encoding' => 'chunked' }, []] } response = content_length(app).call(request) response[1]['Content-Length'].must_be_nil end # Using "Connection: close" for this is fairly contended. It might be useful # to have some other way to signal this. # # should "not force a Content-Length when Connection:close" do # app = lambda { |env| [200, {'Connection' => 'close'}, []] } # response = content_length(app).call({}) # response[1]['Content-Length'].must_be_nil # end it "close bodies that need to be closed" do body = Struct.new(:body) do attr_reader :closed def each; body.join; end def close; @closed = true; end def to_ary; end end.new(%w[one two three]) app = lambda { |env| [200, { 'Content-Type' => 'text/plain' }, body] } response = content_length(app).call(request) body.closed.must_be_nil response[2].close body.closed.must_equal true end it "support single-execute bodies" do body = Struct.new(:body) do def each yield body.shift until body.empty? end def to_ary; end end.new(%w[one two three]) app = lambda { |env| [200, { 'Content-Type' => 'text/plain' }, body] } response = content_length(app).call(request) expected = %w[one two three] response[1]['Content-Length'].must_equal expected.join.size.to_s response[2].to_enum.to_a.must_equal expected end end rack-2.1.4/test/spec_content_type.rb000066400000000000000000000035451367177163600175170ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/content_type' require 'rack/lint' require 'rack/mock' describe Rack::ContentType do def content_type(app, *args) Rack::Lint.new Rack::ContentType.new(app, *args) end def request Rack::MockRequest.env_for end it "set Content-Type to default text/html if none is set" do app = lambda { |env| [200, {}, "Hello, World!"] } headers = content_type(app).call(request)[1] headers['Content-Type'].must_equal 'text/html' end it "set Content-Type to chosen default if none is set" do app = lambda { |env| [200, {}, "Hello, World!"] } headers = content_type(app, 'application/octet-stream').call(request)[1] headers['Content-Type'].must_equal 'application/octet-stream' end it "not change Content-Type if it is already set" do app = lambda { |env| [200, { 'Content-Type' => 'foo/bar' }, "Hello, World!"] } headers = content_type(app).call(request)[1] headers['Content-Type'].must_equal 'foo/bar' end it "detect Content-Type case insensitive" do app = lambda { |env| [200, { 'CONTENT-Type' => 'foo/bar' }, "Hello, World!"] } headers = content_type(app).call(request)[1] headers.to_a.select { |k, v| k.downcase == "content-type" }. must_equal [["CONTENT-Type", "foo/bar"]] end [100, 204, 304].each do |code| it "not set Content-Type on #{code} responses" do app = lambda { |env| [code, {}, []] } response = content_type(app, "text/html").call(request) response[1]['Content-Type'].must_be_nil end end ['100', '204', '304'].each do |code| it "not set Content-Type on #{code} responses if status is a string" do app = lambda { |env| [code, {}, []] } response = content_type(app, "text/html").call(request) response[1]['Content-Type'].must_be_nil end end end rack-2.1.4/test/spec_deflater.rb000066400000000000000000000313421367177163600165660ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'stringio' require 'time' # for Time#httpdate require 'rack/deflater' require 'rack/lint' require 'rack/mock' require 'zlib' describe Rack::Deflater do def build_response(status, body, accept_encoding, options = {}) body = [body] if body.respond_to? :to_str app = lambda do |env| res = [status, options['response_headers'] || {}, body] res[1]['Content-Type'] = 'text/plain' unless res[0] == 304 res end request = Rack::MockRequest.env_for('', (options['request_headers'] || {}).merge('HTTP_ACCEPT_ENCODING' => accept_encoding)) deflater = Rack::Lint.new Rack::Deflater.new(app, options['deflater_options'] || {}) deflater.call(request) end ## # Constructs response object and verifies if it yields right results # # [expected_status] expected response status, e.g. 200, 304 # [expected_body] expected response body # [accept_encoing] what Accept-Encoding header to send and expect, e.g. # 'deflate' - accepts and expects deflate encoding in response # { 'gzip' => nil } - accepts gzip but expects no encoding in response # [options] hash of request options, i.e. # 'app_status' - what status dummy app should return (may be changed by deflater at some point) # 'app_body' - what body dummy app should return (may be changed by deflater at some point) # 'request_headers' - extra request headers to be sent # 'response_headers' - extra response headers to be returned # 'deflater_options' - options passed to deflater middleware # [block] useful for doing some extra verification def verify(expected_status, expected_body, accept_encoding, options = {}, &block) accept_encoding, expected_encoding = if accept_encoding.kind_of?(Hash) [accept_encoding.keys.first, accept_encoding.values.first] else [accept_encoding, accept_encoding.dup] end start = Time.now.to_i # build response status, headers, body = build_response( options['app_status'] || expected_status, options['app_body'] || expected_body, accept_encoding, options ) # verify status status.must_equal expected_status # verify body unless options['skip_body_verify'] body_text = ''.dup body.each { |part| body_text << part } deflated_body = case expected_encoding when 'deflate' inflater = Zlib::Inflate.new(-Zlib::MAX_WBITS) inflater.inflate(body_text) << inflater.finish when 'gzip' io = StringIO.new(body_text) gz = Zlib::GzipReader.new(io) mtime = gz.mtime.to_i if last_mod = headers['Last-Modified'] Time.httpdate(last_mod).to_i.must_equal mtime else mtime.must_be(:<=, Time.now.to_i) mtime.must_be(:>=, start.to_i) end tmp = gz.read gz.close tmp else body_text end deflated_body.must_equal expected_body end # yield full response verification yield(status, headers, body) if block_given? end # automatic gzip detection (streamable) def auto_inflater Zlib::Inflate.new(32 + Zlib::MAX_WBITS) end def deflate_or_gzip { 'deflate, gzip' => 'gzip' } end it 'be able to deflate bodies that respond to each' do app_body = Object.new class << app_body; def each; yield('foo'); yield('bar'); end; end verify(200, 'foobar', deflate_or_gzip, { 'app_body' => app_body }) do |status, headers, body| headers.must_equal({ 'Content-Encoding' => 'gzip', 'Vary' => 'Accept-Encoding', 'Content-Type' => 'text/plain' }) end end it 'be able to deflate bodies that respond to each and contain empty chunks' do app_body = Object.new class << app_body; def each; yield('foo'); yield(''); yield('bar'); end; end verify(200, 'foobar', deflate_or_gzip, { 'app_body' => app_body }) do |status, headers, body| headers.must_equal({ 'Content-Encoding' => 'gzip', 'Vary' => 'Accept-Encoding', 'Content-Type' => 'text/plain' }) end end it 'flush deflated chunks to the client as they become ready' do app_body = Object.new class << app_body; def each; yield('foo'); yield('bar'); end; end verify(200, app_body, deflate_or_gzip, { 'skip_body_verify' => true }) do |status, headers, body| headers.must_equal({ 'Content-Encoding' => 'gzip', 'Vary' => 'Accept-Encoding', 'Content-Type' => 'text/plain' }) buf = [] inflater = auto_inflater body.each { |part| buf << inflater.inflate(part) } buf << inflater.finish buf.delete_if { |part| part.empty? }.join.must_equal 'foobar' end end it 'does not raise when a client aborts reading' do app_body = Object.new class << app_body; def each; yield('foo'); yield('bar'); end; end opts = { 'skip_body_verify' => true } verify(200, app_body, 'gzip', opts) do |status, headers, body| headers.must_equal({ 'Content-Encoding' => 'gzip', 'Vary' => 'Accept-Encoding', 'Content-Type' => 'text/plain' }) buf = [] inflater = auto_inflater FakeDisconnect = Class.new(RuntimeError) assert_raises(FakeDisconnect, "not Zlib::DataError not raised") do body.each do |part| tmp = inflater.inflate(part) buf << tmp if tmp.bytesize > 0 raise FakeDisconnect end end inflater.finish buf.must_equal(%w(foo)) end end # TODO: This is really just a special case of the above... it 'be able to deflate String bodies' do verify(200, 'Hello world!', deflate_or_gzip) do |status, headers, body| headers.must_equal({ 'Content-Encoding' => 'gzip', 'Vary' => 'Accept-Encoding', 'Content-Type' => 'text/plain' }) end end it 'be able to gzip bodies that respond to each' do app_body = Object.new class << app_body; def each; yield('foo'); yield('bar'); end; end verify(200, 'foobar', 'gzip', { 'app_body' => app_body }) do |status, headers, body| headers.must_equal({ 'Content-Encoding' => 'gzip', 'Vary' => 'Accept-Encoding', 'Content-Type' => 'text/plain' }) end end it 'flush gzipped chunks to the client as they become ready' do app_body = Object.new class << app_body; def each; yield('foo'); yield('bar'); end; end verify(200, app_body, 'gzip', { 'skip_body_verify' => true }) do |status, headers, body| headers.must_equal({ 'Content-Encoding' => 'gzip', 'Vary' => 'Accept-Encoding', 'Content-Type' => 'text/plain' }) buf = [] inflater = Zlib::Inflate.new(Zlib::MAX_WBITS + 32) body.each { |part| buf << inflater.inflate(part) } buf << inflater.finish buf.delete_if { |part| part.empty? }.join.must_equal 'foobar' end end it 'be able to fallback to no deflation' do verify(200, 'Hello world!', 'superzip') do |status, headers, body| headers.must_equal({ 'Vary' => 'Accept-Encoding', 'Content-Type' => 'text/plain' }) end end it 'be able to skip when there is no response entity body' do verify(304, '', { 'gzip' => nil }, { 'app_body' => [] }) do |status, headers, body| headers.must_equal({}) end end it 'handle the lack of an acceptable encoding' do app_body = 'Hello world!' not_found_body1 = 'An acceptable encoding for the requested resource / could not be found.' not_found_body2 = 'An acceptable encoding for the requested resource /foo/bar could not be found.' options1 = { 'app_status' => 200, 'app_body' => app_body, 'request_headers' => { 'PATH_INFO' => '/' } } options2 = { 'app_status' => 200, 'app_body' => app_body, 'request_headers' => { 'PATH_INFO' => '/foo/bar' } } verify(406, not_found_body1, 'identity;q=0', options1) do |status, headers, body| headers.must_equal({ 'Content-Type' => 'text/plain', 'Content-Length' => not_found_body1.length.to_s }) end verify(406, not_found_body2, 'identity;q=0', options2) do |status, headers, body| headers.must_equal({ 'Content-Type' => 'text/plain', 'Content-Length' => not_found_body2.length.to_s }) end end it 'handle gzip response with Last-Modified header' do last_modified = Time.now.httpdate options = { 'response_headers' => { 'Content-Type' => 'text/plain', 'Last-Modified' => last_modified } } verify(200, 'Hello World!', 'gzip', options) do |status, headers, body| headers.must_equal({ 'Content-Encoding' => 'gzip', 'Vary' => 'Accept-Encoding', 'Last-Modified' => last_modified, 'Content-Type' => 'text/plain' }) end end it 'do nothing when no-transform Cache-Control directive present' do options = { 'response_headers' => { 'Content-Type' => 'text/plain', 'Cache-Control' => 'no-transform' } } verify(200, 'Hello World!', { 'gzip' => nil }, options) do |status, headers, body| headers.wont_include 'Content-Encoding' end end it 'do nothing when Content-Encoding already present' do options = { 'response_headers' => { 'Content-Type' => 'text/plain', 'Content-Encoding' => 'gzip' } } verify(200, 'Hello World!', { 'gzip' => nil }, options) end it 'deflate when Content-Encoding is identity' do options = { 'response_headers' => { 'Content-Type' => 'text/plain', 'Content-Encoding' => 'identity' } } verify(200, 'Hello World!', deflate_or_gzip, options) end it "deflate if content-type matches :include" do options = { 'response_headers' => { 'Content-Type' => 'text/plain' }, 'deflater_options' => { include: %w(text/plain) } } verify(200, 'Hello World!', 'gzip', options) end it "deflate if content-type is included it :include" do options = { 'response_headers' => { 'Content-Type' => 'text/plain; charset=us-ascii' }, 'deflater_options' => { include: %w(text/plain) } } verify(200, 'Hello World!', 'gzip', options) end it "not deflate if content-type is not set but given in :include" do options = { 'deflater_options' => { include: %w(text/plain) } } verify(304, 'Hello World!', { 'gzip' => nil }, options) end it "not deflate if content-type do not match :include" do options = { 'response_headers' => { 'Content-Type' => 'text/plain' }, 'deflater_options' => { include: %w(text/json) } } verify(200, 'Hello World!', { 'gzip' => nil }, options) end it "not deflate if content-length is 0" do options = { 'response_headers' => { 'Content-Length' => '0' }, } verify(200, '', { 'gzip' => nil }, options) end it "deflate response if :if lambda evaluates to true" do options = { 'deflater_options' => { if: lambda { |env, status, headers, body| true } } } verify(200, 'Hello World!', deflate_or_gzip, options) end it "not deflate if :if lambda evaluates to false" do options = { 'deflater_options' => { if: lambda { |env, status, headers, body| false } } } verify(200, 'Hello World!', { 'gzip' => nil }, options) end it "check for Content-Length via :if" do response = 'Hello World!' response_len = response.length options = { 'response_headers' => { 'Content-Length' => response_len.to_s }, 'deflater_options' => { if: lambda { |env, status, headers, body| headers['Content-Length'].to_i >= response_len } } } verify(200, response, 'gzip', options) end it 'will honor sync: false to avoid unnecessary flushing' do app_body = Object.new class << app_body def each (0..20).each { |i| yield "hello\n" } end end options = { 'deflater_options' => { sync: false }, 'app_body' => app_body, 'skip_body_verify' => true, } verify(200, app_body, deflate_or_gzip, options) do |status, headers, body| headers.must_equal({ 'Content-Encoding' => 'gzip', 'Vary' => 'Accept-Encoding', 'Content-Type' => 'text/plain' }) buf = ''.dup raw_bytes = 0 inflater = auto_inflater body.each do |part| raw_bytes += part.bytesize buf << inflater.inflate(part) end buf << inflater.finish expect = "hello\n" * 21 buf.must_equal expect raw_bytes.must_be(:<, expect.bytesize) end end end rack-2.1.4/test/spec_directory.rb000066400000000000000000000102171367177163600170020ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/directory' require 'rack/lint' require 'rack/mock' require 'tempfile' require 'fileutils' describe Rack::Directory do DOCROOT = File.expand_path(File.dirname(__FILE__)) unless defined? DOCROOT FILE_CATCH = proc{|env| [200, { 'Content-Type' => 'text/plain', "Content-Length" => "7" }, ['passed!']] } attr_reader :app def setup @app = Rack::Lint.new(Rack::Directory.new(DOCROOT, FILE_CATCH)) end it 'serves directories with + in the name' do Dir.mktmpdir do |dir| plus_dir = "foo+bar" full_dir = File.join(dir, plus_dir) FileUtils.mkdir full_dir FileUtils.touch File.join(full_dir, "omg.txt") app = Rack::Directory.new(dir, FILE_CATCH) env = Rack::MockRequest.env_for("/#{plus_dir}/") status, _, body = app.call env assert_equal 200, status str = ''.dup body.each { |x| str << x } assert_match "foo+bar", str end end it "serve directory indices" do res = Rack::MockRequest.new(Rack::Lint.new(app)). get("/cgi/") res.must_be :ok? assert_match(res, //) end it "pass to app if file found" do res = Rack::MockRequest.new(Rack::Lint.new(app)). get("/cgi/test") res.must_be :ok? assert_match(res, /passed!/) end it "serve uri with URL encoded filenames" do res = Rack::MockRequest.new(Rack::Lint.new(app)). get("/%63%67%69/") # "/cgi/test" res.must_be :ok? assert_match(res, //) res = Rack::MockRequest.new(Rack::Lint.new(app)). get("/cgi/%74%65%73%74") # "/cgi/test" res.must_be :ok? assert_match(res, /passed!/) end it "serve uri with URL encoded null byte (%00) in filenames" do res = Rack::MockRequest.new(Rack::Lint.new(app)) .get("/cgi/test%00") res.must_be :bad_request? end it "not allow directory traversal" do res = Rack::MockRequest.new(Rack::Lint.new(app)). get("/cgi/../test") res.must_be :forbidden? res = Rack::MockRequest.new(Rack::Lint.new(app)). get("/cgi/%2E%2E/test") res.must_be :forbidden? end it "not allow dir globs" do Dir.mktmpdir do |dir| weirds = "uploads/.?/.?" full_dir = File.join(dir, weirds) FileUtils.mkdir_p full_dir FileUtils.touch File.join(dir, "secret.txt") app = Rack::Directory.new(File.join(dir, "uploads")) res = Rack::MockRequest.new(app).get("/.%3F") refute_match "secret.txt", res.body end end it "404 if it can't find the file" do res = Rack::MockRequest.new(Rack::Lint.new(app)). get("/cgi/blubb") res.must_be :not_found? end it "uri escape path parts" do # #265, properly escape file names mr = Rack::MockRequest.new(Rack::Lint.new(app)) res = mr.get("/cgi/test%2bdirectory") res.must_be :ok? res.body.must_match(%r[/cgi/test\+directory/test\+file]) res = mr.get("/cgi/test%2bdirectory/test%2bfile") res.must_be :ok? end it "correctly escape script name with spaces" do Dir.mktmpdir do |dir| space_dir = "foo bar" full_dir = File.join(dir, space_dir) FileUtils.mkdir full_dir FileUtils.touch File.join(full_dir, "omg omg.txt") app = Rack::Directory.new(dir, FILE_CATCH) env = Rack::MockRequest.env_for(Rack::Utils.escape_path("/#{space_dir}/")) status, _, body = app.call env assert_equal 200, status str = ''.dup body.each { |x| str << x } assert_match "/foo%20bar/omg%20omg.txt", str end end it "correctly escape script name" do _app = app app2 = Rack::Builder.new do map '/script-path' do run _app end end mr = Rack::MockRequest.new(Rack::Lint.new(app2)) res = mr.get("/script-path/cgi/test%2bdirectory") res.must_be :ok? res.body.must_match(%r[/script-path/cgi/test\+directory/test\+file]) res = mr.get("/script-path/cgi/test+directory/test+file") res.must_be :ok? end it "return error when file not found for head request" do res = Rack::MockRequest.new(Rack::Lint.new(app)). head("/cgi/missing") res.must_be :not_found? res.body.must_be :empty? end end rack-2.1.4/test/spec_etag.rb000066400000000000000000000075431367177163600157260ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/etag' require 'rack/lint' require 'rack/mock' require 'time' describe Rack::ETag do def etag(app, *args) Rack::Lint.new Rack::ETag.new(app, *args) end def request Rack::MockRequest.env_for end def sendfile_body res = ['Hello World'] def res.to_path ; "/tmp/hello.txt" ; end res end it "set ETag if none is set if status is 200" do app = lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["Hello, World!"]] } response = etag(app).call(request) response[1]['ETag'].must_equal "W/\"dffd6021bb2bd5b0af676290809ec3a5\"" end it "set ETag if none is set if status is 201" do app = lambda { |env| [201, { 'Content-Type' => 'text/plain' }, ["Hello, World!"]] } response = etag(app).call(request) response[1]['ETag'].must_equal "W/\"dffd6021bb2bd5b0af676290809ec3a5\"" end it "set Cache-Control to 'max-age=0, private, must-revalidate' (default) if none is set" do app = lambda { |env| [201, { 'Content-Type' => 'text/plain' }, ["Hello, World!"]] } response = etag(app).call(request) response[1]['Cache-Control'].must_equal 'max-age=0, private, must-revalidate' end it "set Cache-Control to chosen one if none is set" do app = lambda { |env| [201, { 'Content-Type' => 'text/plain' }, ["Hello, World!"]] } response = etag(app, nil, 'public').call(request) response[1]['Cache-Control'].must_equal 'public' end it "set a given Cache-Control even if digest could not be calculated" do app = lambda { |env| [200, { 'Content-Type' => 'text/plain' }, []] } response = etag(app, 'no-cache').call(request) response[1]['Cache-Control'].must_equal 'no-cache' end it "not set Cache-Control if it is already set" do app = lambda { |env| [201, { 'Content-Type' => 'text/plain', 'Cache-Control' => 'public' }, ["Hello, World!"]] } response = etag(app).call(request) response[1]['Cache-Control'].must_equal 'public' end it "not set Cache-Control if directive isn't present" do app = lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["Hello, World!"]] } response = etag(app, nil, nil).call(request) response[1]['Cache-Control'].must_be_nil end it "not change ETag if it is already set" do app = lambda { |env| [200, { 'Content-Type' => 'text/plain', 'ETag' => '"abc"' }, ["Hello, World!"]] } response = etag(app).call(request) response[1]['ETag'].must_equal "\"abc\"" end it "not set ETag if body is empty" do app = lambda { |env| [200, { 'Content-Type' => 'text/plain', 'Last-Modified' => Time.now.httpdate }, []] } response = etag(app).call(request) response[1]['ETag'].must_be_nil end it "not set ETag if Last-Modified is set" do app = lambda { |env| [200, { 'Content-Type' => 'text/plain', 'Last-Modified' => Time.now.httpdate }, ["Hello, World!"]] } response = etag(app).call(request) response[1]['ETag'].must_be_nil end it "not set ETag if a sendfile_body is given" do app = lambda { |env| [200, { 'Content-Type' => 'text/plain' }, sendfile_body] } response = etag(app).call(request) response[1]['ETag'].must_be_nil end it "not set ETag if a status is not 200 or 201" do app = lambda { |env| [401, { 'Content-Type' => 'text/plain' }, ['Access denied.']] } response = etag(app).call(request) response[1]['ETag'].must_be_nil end it "not set ETag if no-cache is given" do app = lambda { |env| [200, { 'Content-Type' => 'text/plain', 'Cache-Control' => 'no-cache, must-revalidate' }, ['Hello, World!']] } response = etag(app).call(request) response[1]['ETag'].must_be_nil end it "close the original body" do body = StringIO.new app = lambda { |env| [200, {}, body] } response = etag(app).call(request) body.wont_be :closed? response[2].close body.must_be :closed? end end rack-2.1.4/test/spec_events.rb000066400000000000000000000070731367177163600163100ustar00rootroot00000000000000# frozen_string_literal: true require 'helper' require 'rack/events' module Rack class TestEvents < Rack::TestCase class EventMiddleware attr_reader :events def initialize events @events = events end def on_start req, res events << [self, __method__] end def on_commit req, res events << [self, __method__] end def on_send req, res events << [self, __method__] end def on_finish req, res events << [self, __method__] end def on_error req, res, e events << [self, __method__] end end def test_events_fire events = [] ret = [200, {}, []] app = lambda { |env| events << [app, :call]; ret } se = EventMiddleware.new events e = Events.new app, [se] triple = e.call({}) response_body = [] triple[2].each { |x| response_body << x } triple[2].close triple[2] = response_body assert_equal ret, triple assert_equal [[se, :on_start], [app, :call], [se, :on_commit], [se, :on_send], [se, :on_finish], ], events end def test_send_and_finish_are_not_run_until_body_is_sent events = [] ret = [200, {}, []] app = lambda { |env| events << [app, :call]; ret } se = EventMiddleware.new events e = Events.new app, [se] triple = e.call({}) assert_equal [[se, :on_start], [app, :call], [se, :on_commit], ], events end def test_send_is_called_on_each events = [] ret = [200, {}, []] app = lambda { |env| events << [app, :call]; ret } se = EventMiddleware.new events e = Events.new app, [se] triple = e.call({}) triple[2].each { |x| } assert_equal [[se, :on_start], [app, :call], [se, :on_commit], [se, :on_send], ], events end def test_finish_is_called_on_close events = [] ret = [200, {}, []] app = lambda { |env| events << [app, :call]; ret } se = EventMiddleware.new events e = Events.new app, [se] triple = e.call({}) triple[2].each { |x| } triple[2].close assert_equal [[se, :on_start], [app, :call], [se, :on_commit], [se, :on_send], [se, :on_finish], ], events end def test_finish_is_called_in_reverse_order events = [] ret = [200, {}, []] app = lambda { |env| events << [app, :call]; ret } se1 = EventMiddleware.new events se2 = EventMiddleware.new events se3 = EventMiddleware.new events e = Events.new app, [se1, se2, se3] triple = e.call({}) triple[2].each { |x| } triple[2].close groups = events.group_by { |x| x.last } assert_equal groups[:on_start].map(&:first), groups[:on_finish].map(&:first).reverse assert_equal groups[:on_commit].map(&:first), groups[:on_finish].map(&:first) assert_equal groups[:on_send].map(&:first), groups[:on_finish].map(&:first) end def test_finish_is_called_if_there_is_an_exception events = [] ret = [200, {}, []] app = lambda { |env| raise } se = EventMiddleware.new events e = Events.new app, [se] assert_raises(RuntimeError) do e.call({}) end assert_equal [[se, :on_start], [se, :on_error], [se, :on_finish], ], events end end end rack-2.1.4/test/spec_files.rb000066400000000000000000000174411367177163600161060ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/files' require 'rack/lint' require 'rack/mock' describe Rack::Files do DOCROOT = File.expand_path(File.dirname(__FILE__)) unless defined? DOCROOT def files(*args) Rack::Lint.new Rack::Files.new(*args) end it "can be used without root" do # https://github.com/rack/rack/issues/1464 app = Rack::Files.new(nil) request = Rack::Request.new( Rack::MockRequest.env_for("/cgi/test") ) file_path = File.expand_path("cgi/test", __dir__) status, headers, body = app.serving(request, file_path) assert_equal 200, status end it 'serves files with + in the file name' do Dir.mktmpdir do |dir| File.write File.join(dir, "you+me.txt"), "hello world" app = files(dir) env = Rack::MockRequest.env_for("/you+me.txt") status, _, body = app.call env assert_equal 200, status str = ''.dup body.each { |x| str << x } assert_match "hello world", str end end it "serve files" do res = Rack::MockRequest.new(files(DOCROOT)).get("/cgi/test") res.must_be :ok? assert_match(res, /ruby/) end it "set Last-Modified header" do res = Rack::MockRequest.new(files(DOCROOT)).get("/cgi/test") path = File.join(DOCROOT, "/cgi/test") res.must_be :ok? res["Last-Modified"].must_equal File.mtime(path).httpdate end it "return 304 if file isn't modified since last serve" do path = File.join(DOCROOT, "/cgi/test") res = Rack::MockRequest.new(files(DOCROOT)). get("/cgi/test", 'HTTP_IF_MODIFIED_SINCE' => File.mtime(path).httpdate) res.status.must_equal 304 res.body.must_be :empty? end it "return the file if it's modified since last serve" do path = File.join(DOCROOT, "/cgi/test") res = Rack::MockRequest.new(files(DOCROOT)). get("/cgi/test", 'HTTP_IF_MODIFIED_SINCE' => (File.mtime(path) - 100).httpdate) res.must_be :ok? end it "serve files with URL encoded filenames" do res = Rack::MockRequest.new(files(DOCROOT)).get("/cgi/%74%65%73%74") # "/cgi/test" res.must_be :ok? # res.must_match(/ruby/) # nope # (/ruby/).must_match res # This is wierd, but an oddity of minitest # assert_match(/ruby/, res) # nope assert_match(res, /ruby/) end it "serve uri with URL encoded null byte (%00) in filenames" do res = Rack::MockRequest.new(files(DOCROOT)).get("/cgi/test%00") res.must_be :bad_request? end it "allow safe directory traversal" do req = Rack::MockRequest.new(files(DOCROOT)) res = req.get('/cgi/../cgi/test') res.must_be :successful? res = req.get('.') res.must_be :not_found? res = req.get("test/..") res.must_be :not_found? end it "not allow unsafe directory traversal" do req = Rack::MockRequest.new(files(DOCROOT)) res = req.get("/../README.rdoc") res.must_be :client_error? res = req.get("../test/spec_file.rb") res.must_be :client_error? res = req.get("../README.rdoc") res.must_be :client_error? res.must_be :not_found? end it "allow files with .. in their name" do req = Rack::MockRequest.new(files(DOCROOT)) res = req.get("/cgi/..test") res.must_be :not_found? res = req.get("/cgi/test..") res.must_be :not_found? res = req.get("/cgi../test..") res.must_be :not_found? end it "not allow unsafe directory traversal with encoded periods" do res = Rack::MockRequest.new(files(DOCROOT)).get("/%2E%2E/README") res.must_be :client_error? res.must_be :not_found? end it "allow safe directory traversal with encoded periods" do res = Rack::MockRequest.new(files(DOCROOT)).get("/cgi/%2E%2E/cgi/test") res.must_be :successful? end it "404 if it can't find the file" do res = Rack::MockRequest.new(files(DOCROOT)).get("/cgi/blubb") res.must_be :not_found? end it "detect SystemCallErrors" do res = Rack::MockRequest.new(files(DOCROOT)).get("/cgi") res.must_be :not_found? end it "return bodies that respond to #to_path" do env = Rack::MockRequest.env_for("/cgi/test") status, _, body = Rack::Files.new(DOCROOT).call(env) path = File.join(DOCROOT, "/cgi/test") status.must_equal 200 body.must_respond_to :to_path body.to_path.must_equal path end it "return correct byte range in body" do env = Rack::MockRequest.env_for("/cgi/test") env["HTTP_RANGE"] = "bytes=22-33" res = Rack::MockResponse.new(*files(DOCROOT).call(env)) res.status.must_equal 206 res["Content-Length"].must_equal "12" res["Content-Range"].must_equal "bytes 22-33/208" res.body.must_equal "frozen_strin" end it "return error for unsatisfiable byte range" do env = Rack::MockRequest.env_for("/cgi/test") env["HTTP_RANGE"] = "bytes=1234-5678" res = Rack::MockResponse.new(*files(DOCROOT).call(env)) res.status.must_equal 416 res["Content-Range"].must_equal "bytes */208" end it "support custom http headers" do env = Rack::MockRequest.env_for("/cgi/test") status, heads, _ = files(DOCROOT, 'Cache-Control' => 'public, max-age=38', 'Access-Control-Allow-Origin' => '*').call(env) status.must_equal 200 heads['Cache-Control'].must_equal 'public, max-age=38' heads['Access-Control-Allow-Origin'].must_equal '*' end it "support not add custom http headers if none are supplied" do env = Rack::MockRequest.env_for("/cgi/test") status, heads, _ = files(DOCROOT).call(env) status.must_equal 200 heads['Cache-Control'].must_be_nil heads['Access-Control-Allow-Origin'].must_be_nil end it "only support GET, HEAD, and OPTIONS requests" do req = Rack::MockRequest.new(files(DOCROOT)) forbidden = %w[post put patch delete] forbidden.each do |method| res = req.send(method, "/cgi/test") res.must_be :client_error? res.must_be :method_not_allowed? res.headers['Allow'].split(/, */).sort.must_equal %w(GET HEAD OPTIONS) end allowed = %w[get head options] allowed.each do |method| res = req.send(method, "/cgi/test") res.must_be :successful? end end it "set Allow correctly for OPTIONS requests" do req = Rack::MockRequest.new(files(DOCROOT)) res = req.options('/cgi/test') res.must_be :successful? res.headers['Allow'].wont_equal nil res.headers['Allow'].split(/, */).sort.must_equal %w(GET HEAD OPTIONS) end it "set Content-Length correctly for HEAD requests" do req = Rack::MockRequest.new(Rack::Lint.new(Rack::Files.new(DOCROOT))) res = req.head "/cgi/test" res.must_be :successful? res['Content-Length'].must_equal "208" end it "default to a mime type of text/plain" do req = Rack::MockRequest.new(Rack::Lint.new(Rack::Files.new(DOCROOT))) res = req.get "/cgi/test" res.must_be :successful? res['Content-Type'].must_equal "text/plain" end it "allow the default mime type to be set" do req = Rack::MockRequest.new(Rack::Lint.new(Rack::Files.new(DOCROOT, nil, 'application/octet-stream'))) res = req.get "/cgi/test" res.must_be :successful? res['Content-Type'].must_equal "application/octet-stream" end it "not set Content-Type if the mime type is not set" do req = Rack::MockRequest.new(Rack::Lint.new(Rack::Files.new(DOCROOT, nil, nil))) res = req.get "/cgi/test" res.must_be :successful? res['Content-Type'].must_be_nil end it "return error when file not found for head request" do res = Rack::MockRequest.new(files(DOCROOT)).head("/cgi/missing") res.must_be :not_found? res.body.must_be :empty? end class MyFile < Rack::File def response_body "hello world" end end it "behaves gracefully if response_body is present" do file = Rack::Lint.new MyFile.new(DOCROOT) res = Rack::MockRequest.new(file).get("/cgi/test") res.must_be :ok? end end rack-2.1.4/test/spec_handler.rb000066400000000000000000000034461367177163600164210ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/handler' class Rack::Handler::Lobster; end class RockLobster; end describe Rack::Handler do it "has registered default handlers" do Rack::Handler.get('cgi').must_equal Rack::Handler::CGI Rack::Handler.get('webrick').must_equal Rack::Handler::WEBrick begin Rack::Handler.get('fastcgi').must_equal Rack::Handler::FastCGI rescue LoadError end end it "raise LoadError if handler doesn't exist" do lambda { Rack::Handler.get('boom') }.must_raise(LoadError) lambda { Rack::Handler.get('Object') }.must_raise(LoadError) end it "get unregistered, but already required, handler by name" do Rack::Handler.get('Lobster').must_equal Rack::Handler::Lobster end it "register custom handler" do Rack::Handler.register('rock_lobster', 'RockLobster') Rack::Handler.get('rock_lobster').must_equal RockLobster end it "not need registration for properly coded handlers even if not already required" do begin $LOAD_PATH.push File.expand_path('../unregistered_handler', __FILE__) Rack::Handler.get('Unregistered').must_equal Rack::Handler::Unregistered lambda { Rack::Handler.get('UnRegistered') }.must_raise LoadError Rack::Handler.get('UnregisteredLongOne').must_equal Rack::Handler::UnregisteredLongOne ensure $LOAD_PATH.delete File.expand_path('../unregistered_handler', __FILE__) end end it "allow autoloaded handlers to be registered properly while being loaded" do path = File.expand_path('../registering_handler', __FILE__) begin $LOAD_PATH.push path Rack::Handler.get('registering_myself').must_equal Rack::Handler::RegisteringMyself ensure $LOAD_PATH.delete path end end end rack-2.1.4/test/spec_head.rb000066400000000000000000000026131367177163600157000ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/head' require 'rack/lint' require 'rack/mock' describe Rack::Head do def test_response(headers = {}) body = StringIO.new "foo" app = lambda do |env| [200, { "Content-type" => "test/plain", "Content-length" => "3" }, body] end request = Rack::MockRequest.env_for("/", headers) response = Rack::Lint.new(Rack::Head.new(app)).call(request) return response, body end it "pass GET, POST, PUT, DELETE, OPTIONS, TRACE requests" do %w[GET POST PUT DELETE OPTIONS TRACE].each do |type| resp, _ = test_response("REQUEST_METHOD" => type) resp[0].must_equal 200 resp[1].must_equal "Content-type" => "test/plain", "Content-length" => "3" resp[2].to_enum.to_a.must_equal ["foo"] end end it "remove body from HEAD requests" do resp, _ = test_response("REQUEST_METHOD" => "HEAD") resp[0].must_equal 200 resp[1].must_equal "Content-type" => "test/plain", "Content-length" => "3" resp[2].to_enum.to_a.must_equal [] end it "close the body when it is removed" do resp, body = test_response("REQUEST_METHOD" => "HEAD") resp[0].must_equal 200 resp[1].must_equal "Content-type" => "test/plain", "Content-length" => "3" resp[2].to_enum.to_a.must_equal [] body.wont_be :closed? resp[2].close body.must_be :closed? end end rack-2.1.4/test/spec_lint.rb000066400000000000000000000427351367177163600157560ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'stringio' require 'tempfile' require 'rack/lint' require 'rack/mock' describe Rack::Lint do def env(*args) Rack::MockRequest.env_for("/", *args) end it "pass valid request" do Rack::Lint.new(lambda { |env| [200, { "Content-type" => "test/plain", "Content-length" => "3" }, ["foo"]] }).call(env({})).first.must_equal 200 end it "notice fatal errors" do lambda { Rack::Lint.new(nil).call }.must_raise(Rack::Lint::LintError). message.must_match(/No env given/) end it "notice environment errors" do lambda { Rack::Lint.new(nil).call 5 }.must_raise(Rack::Lint::LintError). message.must_match(/not a Hash/) lambda { e = env e.delete("REQUEST_METHOD") Rack::Lint.new(nil).call(e) }.must_raise(Rack::Lint::LintError). message.must_match(/missing required key REQUEST_METHOD/) lambda { e = env e.delete("SERVER_NAME") Rack::Lint.new(nil).call(e) }.must_raise(Rack::Lint::LintError). message.must_match(/missing required key SERVER_NAME/) lambda { Rack::Lint.new(nil).call(env("HTTP_CONTENT_TYPE" => "text/plain")) }.must_raise(Rack::Lint::LintError). message.must_match(/contains HTTP_CONTENT_TYPE/) lambda { Rack::Lint.new(nil).call(env("HTTP_CONTENT_LENGTH" => "42")) }.must_raise(Rack::Lint::LintError). message.must_match(/contains HTTP_CONTENT_LENGTH/) lambda { Rack::Lint.new(nil).call(env("FOO" => Object.new)) }.must_raise(Rack::Lint::LintError). message.must_match(/non-string value/) lambda { Rack::Lint.new(nil).call(env("rack.version" => "0.2")) }.must_raise(Rack::Lint::LintError). message.must_match(/must be an Array/) lambda { Rack::Lint.new(nil).call(env("rack.url_scheme" => "gopher")) }.must_raise(Rack::Lint::LintError). message.must_match(/url_scheme unknown/) lambda { Rack::Lint.new(nil).call(env("rack.session" => [])) }.must_raise(Rack::Lint::LintError). message.must_equal "session [] must respond to store and []=" lambda { Rack::Lint.new(nil).call(env("rack.logger" => [])) }.must_raise(Rack::Lint::LintError). message.must_equal "logger [] must respond to info" lambda { Rack::Lint.new(nil).call(env("rack.multipart.buffer_size" => 0)) }.must_raise(Rack::Lint::LintError). message.must_equal "rack.multipart.buffer_size must be an Integer > 0 if specified" lambda { Rack::Lint.new(nil).call(env("rack.multipart.tempfile_factory" => Tempfile)) }.must_raise(Rack::Lint::LintError). message.must_equal "rack.multipart.tempfile_factory must respond to #call" lambda { Rack::Lint.new(lambda { |env| env['rack.multipart.tempfile_factory'].call("testfile", "text/plain") }).call(env("rack.multipart.tempfile_factory" => lambda { |filename, content_type| Object.new })) }.must_raise(Rack::Lint::LintError). message.must_equal "rack.multipart.tempfile_factory return value must respond to #<<" lambda { Rack::Lint.new(nil).call(env("REQUEST_METHOD" => "FUCKUP?")) }.must_raise(Rack::Lint::LintError). message.must_match(/REQUEST_METHOD/) lambda { Rack::Lint.new(nil).call(env("SCRIPT_NAME" => "howdy")) }.must_raise(Rack::Lint::LintError). message.must_match(/must start with/) lambda { Rack::Lint.new(nil).call(env("PATH_INFO" => "../foo")) }.must_raise(Rack::Lint::LintError). message.must_match(/must start with/) lambda { Rack::Lint.new(nil).call(env("CONTENT_LENGTH" => "xcii")) }.must_raise(Rack::Lint::LintError). message.must_match(/Invalid CONTENT_LENGTH/) lambda { e = env e.delete("PATH_INFO") e.delete("SCRIPT_NAME") Rack::Lint.new(nil).call(e) }.must_raise(Rack::Lint::LintError). message.must_match(/One of .* must be set/) lambda { Rack::Lint.new(nil).call(env("SCRIPT_NAME" => "/")) }.must_raise(Rack::Lint::LintError). message.must_match(/cannot be .* make it ''/) end it "notice input errors" do lambda { Rack::Lint.new(nil).call(env("rack.input" => "")) }.must_raise(Rack::Lint::LintError). message.must_match(/does not respond to #gets/) lambda { input = Object.new def input.binmode? false end Rack::Lint.new(nil).call(env("rack.input" => input)) }.must_raise(Rack::Lint::LintError). message.must_match(/is not opened in binary mode/) lambda { input = Object.new def input.external_encoding result = Object.new def result.name "US-ASCII" end result end Rack::Lint.new(nil).call(env("rack.input" => input)) }.must_raise(Rack::Lint::LintError). message.must_match(/does not have ASCII-8BIT as its external encoding/) end it "notice error errors" do lambda { Rack::Lint.new(nil).call(env("rack.errors" => "")) }.must_raise(Rack::Lint::LintError). message.must_match(/does not respond to #puts/) end it "notice status errors" do lambda { Rack::Lint.new(lambda { |env| ["cc", {}, ""] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_match(/must be >=100 seen as integer/) lambda { Rack::Lint.new(lambda { |env| [42, {}, ""] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_match(/must be >=100 seen as integer/) end it "notice header errors" do lambda { Rack::Lint.new(lambda { |env| [200, Object.new, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_equal "headers object should respond to #each, but doesn't (got Object as headers)" lambda { Rack::Lint.new(lambda { |env| [200, { true => false }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_equal "header key must be a string, was TrueClass" lambda { Rack::Lint.new(lambda { |env| [200, { "Status" => "404" }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_match(/must not contain Status/) # From RFC 7230: # Most HTTP header field values are defined using common syntax # components (token, quoted-string, and comment) separated by # whitespace or specific delimiting characters. Delimiters are chosen # from the set of US-ASCII visual characters not allowed in a token # (DQUOTE and "(),/:;<=>?@[\]{}"). # # token = 1*tchar # # tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" # / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" # / DIGIT / ALPHA # ; any VCHAR, except delimiters invalid_headers = 0.upto(31).map(&:chr) + %W<( ) , / : ; < = > ? @ [ \\ ] { } \x7F> invalid_headers.each do |invalid_header| lambda { Rack::Lint.new(lambda { |env| [200, { invalid_header => "text/plain" }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError, "on invalid header: #{invalid_header}"). message.must_equal("invalid header name: #{invalid_header}") end valid_headers = 0.upto(127).map(&:chr) - invalid_headers valid_headers.each do |valid_header| Rack::Lint.new(lambda { |env| [200, { valid_header => "text/plain" }, []] }).call(env({})).first.must_equal 200 end lambda { Rack::Lint.new(lambda { |env| [200, { "Foo" => Object.new }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_equal "a header value must be a String, but the value of 'Foo' is a Object" lambda { Rack::Lint.new(lambda { |env| [200, { "Foo" => [1, 2, 3] }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_equal "a header value must be a String, but the value of 'Foo' is a Array" lambda { Rack::Lint.new(lambda { |env| [200, { "Foo-Bar" => "text\000plain" }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_match(/invalid header/) # line ends (010).must_be :allowed in header values.? Rack::Lint.new(lambda { |env| [200, { "Foo-Bar" => "one\ntwo\nthree", "Content-Length" => "0", "Content-Type" => "text/plain" }, []] }).call(env({})).first.must_equal 200 # non-Hash header responses.must_be :allowed? Rack::Lint.new(lambda { |env| [200, [%w(Content-Type text/plain), %w(Content-Length 0)], []] }).call(env({})).first.must_equal 200 end it "notice content-type errors" do # lambda { # Rack::Lint.new(lambda { |env| # [200, {"Content-length" => "0"}, []] # }).call(env({})) # }.must_raise(Rack::Lint::LintError). # message.must_match(/No Content-Type/) [100, 101, 204, 304].each do |status| lambda { Rack::Lint.new(lambda { |env| [status, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_match(/Content-Type header found/) end end it "notice content-length errors" do [100, 101, 204, 304].each do |status| lambda { Rack::Lint.new(lambda { |env| [status, { "Content-length" => "0" }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_match(/Content-Length header found/) end lambda { Rack::Lint.new(lambda { |env| [200, { "Content-type" => "text/plain", "Content-Length" => "1" }, []] }).call(env({}))[2].each { } }.must_raise(Rack::Lint::LintError). message.must_match(/Content-Length header was 1, but should be 0/) end it "notice body errors" do lambda { body = Rack::Lint.new(lambda { |env| [200, { "Content-type" => "text/plain", "Content-length" => "3" }, [1, 2, 3]] }).call(env({}))[2] body.each { |part| } }.must_raise(Rack::Lint::LintError). message.must_match(/yielded non-string/) end it "notice input handling errors" do lambda { Rack::Lint.new(lambda { |env| env["rack.input"].gets("\r\n") [201, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_match(/gets called with arguments/) lambda { Rack::Lint.new(lambda { |env| env["rack.input"].read(1, 2, 3) [201, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_match(/read called with too many arguments/) lambda { Rack::Lint.new(lambda { |env| env["rack.input"].read("foo") [201, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_match(/read called with non-integer and non-nil length/) lambda { Rack::Lint.new(lambda { |env| env["rack.input"].read(-1) [201, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_match(/read called with a negative length/) lambda { Rack::Lint.new(lambda { |env| env["rack.input"].read(nil, nil) [201, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_match(/read called with non-String buffer/) lambda { Rack::Lint.new(lambda { |env| env["rack.input"].read(nil, 1) [201, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_match(/read called with non-String buffer/) lambda { Rack::Lint.new(lambda { |env| env["rack.input"].rewind(0) [201, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_match(/rewind called with arguments/) weirdio = Object.new class << weirdio def gets 42 end def read 23 end def each yield 23 yield 42 end def rewind raise Errno::ESPIPE, "Errno::ESPIPE" end end eof_weirdio = Object.new class << eof_weirdio def gets nil end def read(*args) nil end def each end def rewind end end lambda { Rack::Lint.new(lambda { |env| env["rack.input"].gets [201, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env("rack.input" => weirdio)) }.must_raise(Rack::Lint::LintError). message.must_match(/gets didn't return a String/) lambda { Rack::Lint.new(lambda { |env| env["rack.input"].each { |x| } [201, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env("rack.input" => weirdio)) }.must_raise(Rack::Lint::LintError). message.must_match(/each didn't yield a String/) lambda { Rack::Lint.new(lambda { |env| env["rack.input"].read [201, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env("rack.input" => weirdio)) }.must_raise(Rack::Lint::LintError). message.must_match(/read didn't return nil or a String/) lambda { Rack::Lint.new(lambda { |env| env["rack.input"].read [201, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env("rack.input" => eof_weirdio)) }.must_raise(Rack::Lint::LintError). message.must_match(/read\(nil\) returned nil on EOF/) lambda { Rack::Lint.new(lambda { |env| env["rack.input"].rewind [201, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env("rack.input" => weirdio)) }.must_raise(Rack::Lint::LintError). message.must_match(/rewind raised Errno::ESPIPE/) lambda { Rack::Lint.new(lambda { |env| env["rack.input"].close [201, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_match(/close must not be called/) end it "notice error handling errors" do lambda { Rack::Lint.new(lambda { |env| env["rack.errors"].write(42) [201, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_match(/write not called with a String/) lambda { Rack::Lint.new(lambda { |env| env["rack.errors"].close [201, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env({})) }.must_raise(Rack::Lint::LintError). message.must_match(/close must not be called/) end it "notice HEAD errors" do Rack::Lint.new(lambda { |env| [200, { "Content-type" => "test/plain", "Content-length" => "3" }, []] }).call(env({ "REQUEST_METHOD" => "HEAD" })).first.must_equal 200 lambda { Rack::Lint.new(lambda { |env| [200, { "Content-type" => "test/plain", "Content-length" => "3" }, ["foo"]] }).call(env({ "REQUEST_METHOD" => "HEAD" }))[2].each { } }.must_raise(Rack::Lint::LintError). message.must_match(/body was given for HEAD/) end def assert_lint(*args) hello_str = "hello world".dup hello_str.force_encoding(Encoding::ASCII_8BIT) Rack::Lint.new(lambda { |env| env["rack.input"].send(:read, *args) [201, { "Content-type" => "text/plain", "Content-length" => "0" }, []] }).call(env({ "rack.input" => StringIO.new(hello_str) })). first.must_equal 201 end it "pass valid read calls" do assert_lint assert_lint 0 assert_lint 1 assert_lint nil assert_lint nil, ''.dup assert_lint 1, ''.dup end end describe "Rack::Lint::InputWrapper" do it "delegate :rewind to underlying IO object" do io = StringIO.new("123") wrapper = Rack::Lint::InputWrapper.new(io) wrapper.read.must_equal "123" wrapper.read.must_equal "" wrapper.rewind wrapper.read.must_equal "123" end end rack-2.1.4/test/spec_lobster.rb000066400000000000000000000024351367177163600164530ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/lobster' require 'rack/lint' require 'rack/mock' module LobsterHelpers def lobster Rack::MockRequest.new Rack::Lint.new(Rack::Lobster.new) end def lambda_lobster Rack::MockRequest.new Rack::Lint.new(Rack::Lobster::LambdaLobster) end end describe Rack::Lobster::LambdaLobster do include LobsterHelpers it "be a single lambda" do Rack::Lobster::LambdaLobster.must_be_kind_of Proc end it "look like a lobster" do res = lambda_lobster.get("/") res.must_be :ok? res.body.must_include "(,(,,(,,,(" res.body.must_include "?flip" end it "be flippable" do res = lambda_lobster.get("/?flip") res.must_be :ok? res.body.must_include "(,,,(,,(,(" end end describe Rack::Lobster do include LobsterHelpers it "look like a lobster" do res = lobster.get("/") res.must_be :ok? res.body.must_include "(,(,,(,,,(" res.body.must_include "?flip" res.body.must_include "crash" end it "be flippable" do res = lobster.get("/?flip=left") res.must_be :ok? res.body.must_include "),,,),,),)" end it "provide crashing for testing purposes" do lambda { lobster.get("/?flip=crash") }.must_raise RuntimeError end end rack-2.1.4/test/spec_lock.rb000066400000000000000000000134411367177163600157300ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/lint' require 'rack/lock' require 'rack/mock' class Lock attr_reader :synchronized def initialize @synchronized = false end def lock @synchronized = true end def unlock @synchronized = false end end module LockHelpers def lock_app(app, lock = Lock.new) app = if lock Rack::Lock.new app, lock else Rack::Lock.new app end Rack::Lint.new app end end describe Rack::Lock do include LockHelpers describe 'Proxy' do include LockHelpers it 'delegate each' do env = Rack::MockRequest.env_for("/") response = Class.new { attr_accessor :close_called def initialize; @close_called = false; end def each; %w{ hi mom }.each { |x| yield x }; end }.new app = lock_app(lambda { |inner_env| [200, { "Content-Type" => "text/plain" }, response] }) response = app.call(env)[2] list = [] response.each { |x| list << x } list.must_equal %w{ hi mom } end it 'delegate to_path' do lock = Lock.new env = Rack::MockRequest.env_for("/") res = ['Hello World'] def res.to_path ; "/tmp/hello.txt" ; end app = Rack::Lock.new(lambda { |inner_env| [200, { "Content-Type" => "text/plain" }, res] }, lock) body = app.call(env)[2] body.must_respond_to :to_path body.to_path.must_equal "/tmp/hello.txt" end it 'not delegate to_path if body does not implement it' do env = Rack::MockRequest.env_for("/") res = ['Hello World'] app = lock_app(lambda { |inner_env| [200, { "Content-Type" => "text/plain" }, res] }) body = app.call(env)[2] body.wont_respond_to :to_path end end it 'call super on close' do env = Rack::MockRequest.env_for("/") response = Class.new { attr_accessor :close_called def initialize; @close_called = false; end def close; @close_called = true; end }.new app = lock_app(lambda { |inner_env| [200, { "Content-Type" => "text/plain" }, response] }) app.call(env) response.close_called.must_equal false response.close response.close_called.must_equal true end it "not unlock until body is closed" do lock = Lock.new env = Rack::MockRequest.env_for("/") response = Object.new app = lock_app(lambda { |inner_env| [200, { "Content-Type" => "text/plain" }, response] }, lock) lock.synchronized.must_equal false response = app.call(env)[2] lock.synchronized.must_equal true response.close lock.synchronized.must_equal false end it "return value from app" do env = Rack::MockRequest.env_for("/") body = [200, { "Content-Type" => "text/plain" }, %w{ hi mom }] app = lock_app(lambda { |inner_env| body }) res = app.call(env) res[0].must_equal body[0] res[1].must_equal body[1] res[2].to_enum.to_a.must_equal ["hi", "mom"] end it "call synchronize on lock" do lock = Lock.new env = Rack::MockRequest.env_for("/") app = lock_app(lambda { |inner_env| [200, { "Content-Type" => "text/plain" }, %w{ a b c }] }, lock) lock.synchronized.must_equal false app.call(env) lock.synchronized.must_equal true end it "unlock if the app raises" do lock = Lock.new env = Rack::MockRequest.env_for("/") app = lock_app(lambda { raise Exception }, lock) lambda { app.call(env) }.must_raise Exception lock.synchronized.must_equal false end it "unlock if the app throws" do lock = Lock.new env = Rack::MockRequest.env_for("/") app = lock_app(lambda {|_| throw :bacon }, lock) lambda { app.call(env) }.must_throw :bacon lock.synchronized.must_equal false end it "set multithread flag to false" do app = lock_app(lambda { |env| env['rack.multithread'].must_equal false [200, { "Content-Type" => "text/plain" }, %w{ a b c }] }, false) env = Rack::MockRequest.env_for("/") env['rack.multithread'].must_equal true _, _, body = app.call(env) body.close env['rack.multithread'].must_equal true end it "reset original multithread flag when exiting lock" do app = Class.new(Rack::Lock) { def call(env) env['rack.multithread'].must_equal true super end }.new(lambda { |env| [200, { "Content-Type" => "text/plain" }, %w{ a b c }] }) Rack::Lint.new(app).call(Rack::MockRequest.env_for("/")) end it 'not unlock if an error is raised before the mutex is locked' do lock = Class.new do def initialize() @unlocked = false end def unlocked?() @unlocked end def lock() raise Exception end def unlock() @unlocked = true end end.new env = Rack::MockRequest.env_for("/") app = lock_app(proc { [200, { "Content-Type" => "text/plain" }, []] }, lock) lambda { app.call(env) }.must_raise Exception lock.unlocked?.must_equal false end it "not reset the environment while the body is proxied" do proxy = Class.new do attr_reader :env def initialize(env) @env = env end end app = Rack::Lock.new lambda { |env| [200, { "Content-Type" => "text/plain" }, proxy.new(env)] } response = app.call(Rack::MockRequest.env_for("/"))[2] response.env['rack.multithread'].must_equal false end it "unlock if an exception occurs before returning" do lock = Lock.new env = Rack::MockRequest.env_for("/") app = lock_app(proc { [].freeze }, lock) lambda { app.call(env) }.must_raise Exception lock.synchronized.must_equal false end it "not replace the environment" do env = Rack::MockRequest.env_for("/") app = lock_app(lambda { |inner_env| [200, { "Content-Type" => "text/plain" }, [inner_env.object_id.to_s]] }) _, _, body = app.call(env) body.to_enum.to_a.must_equal [env.object_id.to_s] end end rack-2.1.4/test/spec_logger.rb000066400000000000000000000012661367177163600162610ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'stringio' require 'rack/lint' require 'rack/logger' require 'rack/mock' describe Rack::Logger do app = lambda { |env| log = env['rack.logger'] log.debug("Created logger") log.info("Program started") log.warn("Nothing to do!") [200, { 'Content-Type' => 'text/plain' }, ["Hello, World!"]] } it "conform to Rack::Lint" do errors = StringIO.new a = Rack::Lint.new(Rack::Logger.new(app)) Rack::MockRequest.new(a).get('/', 'rack.errors' => errors) errors.string.must_match(/INFO -- : Program started/) errors.string.must_match(/WARN -- : Nothing to do/) end end rack-2.1.4/test/spec_media_type.rb000066400000000000000000000022311367177163600171130ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/media_type' describe Rack::MediaType do before { @empty_hash = {} } describe 'when content_type nil' do before { @content_type = nil } it '#type is nil' do Rack::MediaType.type(@content_type).must_be_nil end it '#params is empty' do Rack::MediaType.params(@content_type).must_equal @empty_hash end end describe 'when content_type contains only media_type' do before { @content_type = 'application/text' } it '#type is application/text' do Rack::MediaType.type(@content_type).must_equal 'application/text' end it '#params is empty' do Rack::MediaType.params(@content_type).must_equal @empty_hash end end describe 'when content_type contains media_type and params' do before { @content_type = 'application/text;CHARSET="utf-8"' } it '#type is application/text' do Rack::MediaType.type(@content_type).must_equal 'application/text' end it '#params has key "charset" with value "utf-8"' do Rack::MediaType.params(@content_type)['charset'].must_equal 'utf-8' end end end rack-2.1.4/test/spec_method_override.rb000066400000000000000000000065521367177163600201640ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'stringio' require 'rack/method_override' require 'rack/mock' describe Rack::MethodOverride do def app Rack::Lint.new(Rack::MethodOverride.new(lambda {|e| [200, { "Content-Type" => "text/plain" }, []] })) end it "not affect GET requests" do env = Rack::MockRequest.env_for("/?_method=delete", method: "GET") app.call env env["REQUEST_METHOD"].must_equal "GET" end it "sets rack.errors for invalid UTF8 _method values" do errors = StringIO.new env = Rack::MockRequest.env_for("/", :method => "POST", :input => "_method=\xBF".b, Rack::RACK_ERRORS => errors) app.call env errors.rewind errors.read.must_equal "Invalid string for method\n" env["REQUEST_METHOD"].must_equal "POST" end it "modify REQUEST_METHOD for POST requests when _method parameter is set" do env = Rack::MockRequest.env_for("/", method: "POST", input: "_method=put") app.call env env["REQUEST_METHOD"].must_equal "PUT" end it "modify REQUEST_METHOD for POST requests when X-HTTP-Method-Override is set" do env = Rack::MockRequest.env_for("/", :method => "POST", "HTTP_X_HTTP_METHOD_OVERRIDE" => "PATCH" ) app.call env env["REQUEST_METHOD"].must_equal "PATCH" end it "not modify REQUEST_METHOD if the method is unknown" do env = Rack::MockRequest.env_for("/", method: "POST", input: "_method=foo") app.call env env["REQUEST_METHOD"].must_equal "POST" end it "not modify REQUEST_METHOD when _method is nil" do env = Rack::MockRequest.env_for("/", method: "POST", input: "foo=bar") app.call env env["REQUEST_METHOD"].must_equal "POST" end it "store the original REQUEST_METHOD prior to overriding" do env = Rack::MockRequest.env_for("/", method: "POST", input: "_method=options") app.call env env["rack.methodoverride.original_method"].must_equal "POST" end it "not modify REQUEST_METHOD when given invalid multipart form data" do input = < "multipart/form-data, boundary=AaB03x", "CONTENT_LENGTH" => input.size.to_s, :method => "POST", :input => input) app.call env env["REQUEST_METHOD"].must_equal "POST" end it "writes error to RACK_ERRORS when given invalid multipart form data" do input = < "multipart/form-data, boundary=AaB03x", "CONTENT_LENGTH" => input.size.to_s, Rack::RACK_ERRORS => StringIO.new, :method => "POST", :input => input) Rack::MethodOverride.new(proc { [200, { "Content-Type" => "text/plain" }, []] }).call env env[Rack::RACK_ERRORS].rewind env[Rack::RACK_ERRORS].read.must_match /Bad request content body/ end it "not modify REQUEST_METHOD for POST requests when the params are unparseable" do env = Rack::MockRequest.env_for("/", method: "POST", input: "(%bad-params%)") app.call env env["REQUEST_METHOD"].must_equal "POST" end end rack-2.1.4/test/spec_mime.rb000066400000000000000000000035371367177163600157340ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/mime' describe Rack::Mime do it "should return the fallback mime-type for files with no extension" do fallback = 'image/jpg' Rack::Mime.mime_type(File.extname('no_ext'), fallback).must_equal fallback end it "should always return 'application/octet-stream' for unknown file extensions" do unknown_ext = File.extname('unknown_ext.abcdefg') Rack::Mime.mime_type(unknown_ext).must_equal 'application/octet-stream' end it "should return the mime-type for a given extension" do # sanity check. it would be infeasible test every single mime-type. Rack::Mime.mime_type(File.extname('image.jpg')).must_equal 'image/jpeg' end it "should support null fallbacks" do Rack::Mime.mime_type('.nothing', nil).must_be_nil end it "should match exact mimes" do Rack::Mime.match?('text/html', 'text/html').must_equal true Rack::Mime.match?('text/html', 'text/meme').must_equal false Rack::Mime.match?('text', 'text').must_equal true Rack::Mime.match?('text', 'binary').must_equal false end it "should match class wildcard mimes" do Rack::Mime.match?('text/html', 'text/*').must_equal true Rack::Mime.match?('text/plain', 'text/*').must_equal true Rack::Mime.match?('application/json', 'text/*').must_equal false Rack::Mime.match?('text/html', 'text').must_equal true end it "should match full wildcards" do Rack::Mime.match?('text/html', '*').must_equal true Rack::Mime.match?('text/plain', '*').must_equal true Rack::Mime.match?('text/html', '*/*').must_equal true Rack::Mime.match?('text/plain', '*/*').must_equal true end it "should match type wildcard mimes" do Rack::Mime.match?('text/html', '*/html').must_equal true Rack::Mime.match?('text/plain', '*/plain').must_equal true end end rack-2.1.4/test/spec_mock.rb000066400000000000000000000322231367177163600157300ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'yaml' require 'rack/lint' require 'rack/mock' require 'stringio' app = Rack::Lint.new(lambda { |env| req = Rack::Request.new(env) env["mock.postdata"] = env["rack.input"].read if req.GET["error"] env["rack.errors"].puts req.GET["error"] env["rack.errors"].flush end body = req.head? ? "" : env.to_yaml response = Rack::Response.new( body, req.GET["status"] || 200, "Content-Type" => "text/yaml" ) response.set_cookie("session_test", { value: "session_test", domain: ".test.com", path: "/" }) response.set_cookie("secure_test", { value: "secure_test", domain: ".test.com", path: "/", secure: true }) response.set_cookie("persistent_test", { value: "persistent_test", max_age: 15552000, path: "/" }) response.finish }) describe Rack::MockRequest do it "return a MockResponse" do res = Rack::MockRequest.new(app).get("") res.must_be_kind_of Rack::MockResponse end it "be able to only return the environment" do env = Rack::MockRequest.env_for("") env.must_be_kind_of Hash env.must_include "rack.version" end it "return an environment with a path" do env = Rack::MockRequest.env_for("http://www.example.com/parse?location[]=1&location[]=2&age_group[]=2") env["QUERY_STRING"].must_equal "location[]=1&location[]=2&age_group[]=2" env["PATH_INFO"].must_equal "/parse" env.must_be_kind_of Hash env.must_include "rack.version" end it "provide sensible defaults" do res = Rack::MockRequest.new(app).request env = YAML.load(res.body) env["REQUEST_METHOD"].must_equal "GET" env["SERVER_NAME"].must_equal "example.org" env["SERVER_PORT"].must_equal "80" env["QUERY_STRING"].must_equal "" env["PATH_INFO"].must_equal "/" env["SCRIPT_NAME"].must_equal "" env["rack.url_scheme"].must_equal "http" env["mock.postdata"].must_be :empty? end it "allow GET/POST/PUT/DELETE/HEAD" do res = Rack::MockRequest.new(app).get("", input: "foo") env = YAML.load(res.body) env["REQUEST_METHOD"].must_equal "GET" res = Rack::MockRequest.new(app).post("", input: "foo") env = YAML.load(res.body) env["REQUEST_METHOD"].must_equal "POST" res = Rack::MockRequest.new(app).put("", input: "foo") env = YAML.load(res.body) env["REQUEST_METHOD"].must_equal "PUT" res = Rack::MockRequest.new(app).patch("", input: "foo") env = YAML.load(res.body) env["REQUEST_METHOD"].must_equal "PATCH" res = Rack::MockRequest.new(app).delete("", input: "foo") env = YAML.load(res.body) env["REQUEST_METHOD"].must_equal "DELETE" Rack::MockRequest.env_for("/", method: "HEAD")["REQUEST_METHOD"] .must_equal "HEAD" Rack::MockRequest.env_for("/", method: "OPTIONS")["REQUEST_METHOD"] .must_equal "OPTIONS" end it "set content length" do env = Rack::MockRequest.env_for("/", input: "foo") env["CONTENT_LENGTH"].must_equal "3" env = Rack::MockRequest.env_for("/", input: StringIO.new("foo")) env["CONTENT_LENGTH"].must_equal "3" env = Rack::MockRequest.env_for("/", input: Tempfile.new("name").tap { |t| t << "foo" }) env["CONTENT_LENGTH"].must_equal "3" env = Rack::MockRequest.env_for("/", input: IO.pipe.first) env["CONTENT_LENGTH"].must_be_nil end it "allow posting" do res = Rack::MockRequest.new(app).get("", input: "foo") env = YAML.load(res.body) env["mock.postdata"].must_equal "foo" res = Rack::MockRequest.new(app).post("", input: StringIO.new("foo")) env = YAML.load(res.body) env["mock.postdata"].must_equal "foo" end it "use all parts of an URL" do res = Rack::MockRequest.new(app). get("https://bla.example.org:9292/meh/foo?bar") res.must_be_kind_of Rack::MockResponse env = YAML.load(res.body) env["REQUEST_METHOD"].must_equal "GET" env["SERVER_NAME"].must_equal "bla.example.org" env["SERVER_PORT"].must_equal "9292" env["QUERY_STRING"].must_equal "bar" env["PATH_INFO"].must_equal "/meh/foo" env["rack.url_scheme"].must_equal "https" end it "set SSL port and HTTP flag on when using https" do res = Rack::MockRequest.new(app). get("https://example.org/foo") res.must_be_kind_of Rack::MockResponse env = YAML.load(res.body) env["REQUEST_METHOD"].must_equal "GET" env["SERVER_NAME"].must_equal "example.org" env["SERVER_PORT"].must_equal "443" env["QUERY_STRING"].must_equal "" env["PATH_INFO"].must_equal "/foo" env["rack.url_scheme"].must_equal "https" env["HTTPS"].must_equal "on" end it "prepend slash to uri path" do res = Rack::MockRequest.new(app). get("foo") res.must_be_kind_of Rack::MockResponse env = YAML.load(res.body) env["REQUEST_METHOD"].must_equal "GET" env["SERVER_NAME"].must_equal "example.org" env["SERVER_PORT"].must_equal "80" env["QUERY_STRING"].must_equal "" env["PATH_INFO"].must_equal "/foo" env["rack.url_scheme"].must_equal "http" end it "properly convert method name to an uppercase string" do res = Rack::MockRequest.new(app).request(:get) env = YAML.load(res.body) env["REQUEST_METHOD"].must_equal "GET" end it "accept params and build query string for GET requests" do res = Rack::MockRequest.new(app).get("/foo?baz=2", params: { foo: { bar: "1" } }) env = YAML.load(res.body) env["REQUEST_METHOD"].must_equal "GET" env["QUERY_STRING"].must_include "baz=2" env["QUERY_STRING"].must_include "foo[bar]=1" env["PATH_INFO"].must_equal "/foo" env["mock.postdata"].must_equal "" end it "accept raw input in params for GET requests" do res = Rack::MockRequest.new(app).get("/foo?baz=2", params: "foo[bar]=1") env = YAML.load(res.body) env["REQUEST_METHOD"].must_equal "GET" env["QUERY_STRING"].must_include "baz=2" env["QUERY_STRING"].must_include "foo[bar]=1" env["PATH_INFO"].must_equal "/foo" env["mock.postdata"].must_equal "" end it "accept params and build url encoded params for POST requests" do res = Rack::MockRequest.new(app).post("/foo", params: { foo: { bar: "1" } }) env = YAML.load(res.body) env["REQUEST_METHOD"].must_equal "POST" env["QUERY_STRING"].must_equal "" env["PATH_INFO"].must_equal "/foo" env["CONTENT_TYPE"].must_equal "application/x-www-form-urlencoded" env["mock.postdata"].must_equal "foo[bar]=1" end it "accept raw input in params for POST requests" do res = Rack::MockRequest.new(app).post("/foo", params: "foo[bar]=1") env = YAML.load(res.body) env["REQUEST_METHOD"].must_equal "POST" env["QUERY_STRING"].must_equal "" env["PATH_INFO"].must_equal "/foo" env["CONTENT_TYPE"].must_equal "application/x-www-form-urlencoded" env["mock.postdata"].must_equal "foo[bar]=1" end it "accept params and build multipart encoded params for POST requests" do files = Rack::Multipart::UploadedFile.new(File.join(File.dirname(__FILE__), "multipart", "file1.txt")) res = Rack::MockRequest.new(app).post("/foo", params: { "submit-name" => "Larry", "files" => files }) env = YAML.load(res.body) env["REQUEST_METHOD"].must_equal "POST" env["QUERY_STRING"].must_equal "" env["PATH_INFO"].must_equal "/foo" env["CONTENT_TYPE"].must_equal "multipart/form-data; boundary=AaB03x" # The gsub accounts for differences in YAMLs affect on the data. env["mock.postdata"].gsub("\r", "").length.must_equal 206 end it "behave valid according to the Rack spec" do url = "https://bla.example.org:9292/meh/foo?bar" Rack::MockRequest.new(app).get(url, lint: true). must_be_kind_of Rack::MockResponse end it "call close on the original body object" do called = false body = Rack::BodyProxy.new(['hi']) { called = true } capp = proc { |e| [200, { 'Content-Type' => 'text/plain' }, body] } called.must_equal false Rack::MockRequest.new(capp).get('/', lint: true) called.must_equal true end it "defaults encoding to ASCII 8BIT" do req = Rack::MockRequest.env_for("/foo") keys = [ Rack::REQUEST_METHOD, Rack::SERVER_NAME, Rack::SERVER_PORT, Rack::QUERY_STRING, Rack::PATH_INFO, Rack::HTTPS, Rack::RACK_URL_SCHEME ] keys.each do |k| assert_equal Encoding::ASCII_8BIT, req[k].encoding end end end describe Rack::MockResponse do it "provide access to the HTTP status" do res = Rack::MockRequest.new(app).get("") res.must_be :successful? res.must_be :ok? res = Rack::MockRequest.new(app).get("/?status=404") res.wont_be :successful? res.must_be :client_error? res.must_be :not_found? res = Rack::MockRequest.new(app).get("/?status=501") res.wont_be :successful? res.must_be :server_error? res = Rack::MockRequest.new(app).get("/?status=307") res.must_be :redirect? res = Rack::MockRequest.new(app).get("/?status=201", lint: true) res.must_be :empty? end it "provide access to the HTTP headers" do res = Rack::MockRequest.new(app).get("") res.must_include "Content-Type" res.headers["Content-Type"].must_equal "text/yaml" res.original_headers["Content-Type"].must_equal "text/yaml" res["Content-Type"].must_equal "text/yaml" res.content_type.must_equal "text/yaml" res.content_length.wont_equal 0 res.location.must_be_nil end it "provide access to session cookies" do res = Rack::MockRequest.new(app).get("") session_cookie = res.cookie("session_test") session_cookie.value[0].must_equal "session_test" session_cookie.domain.must_equal ".test.com" session_cookie.path.must_equal "/" session_cookie.secure.must_equal false session_cookie.expires.must_be_nil end it "provide access to persistent cookies" do res = Rack::MockRequest.new(app).get("") persistent_cookie = res.cookie("persistent_test") persistent_cookie.value[0].must_equal "persistent_test" persistent_cookie.domain.must_be_nil persistent_cookie.path.must_equal "/" persistent_cookie.secure.must_equal false persistent_cookie.expires.wont_be_nil persistent_cookie.expires.must_be :<, (Time.now + 15552000) end it "provide access to secure cookies" do res = Rack::MockRequest.new(app).get("") secure_cookie = res.cookie("secure_test") secure_cookie.value[0].must_equal "secure_test" secure_cookie.domain.must_equal ".test.com" secure_cookie.path.must_equal "/" secure_cookie.secure.must_equal true secure_cookie.expires.must_be_nil end it "return nil if a non existent cookie is requested" do res = Rack::MockRequest.new(app).get("") res.cookie("i_dont_exist").must_be_nil end it "provide access to the HTTP body" do res = Rack::MockRequest.new(app).get("") res.body.must_match(/rack/) assert_match(res, /rack/) end it "provide access to the Rack errors" do res = Rack::MockRequest.new(app).get("/?error=foo", lint: true) res.must_be :ok? res.errors.wont_be :empty? res.errors.must_include "foo" end it "allow calling body.close afterwards" do # this is exactly what rack-test does body = StringIO.new("hi") res = Rack::MockResponse.new(200, {}, body) body.close if body.respond_to?(:close) res.body.must_equal 'hi' end it "optionally make Rack errors fatal" do lambda { Rack::MockRequest.new(app).get("/?error=foo", fatal: true) }.must_raise Rack::MockRequest::FatalWarning end end describe Rack::MockResponse, 'headers' do before do @res = Rack::MockRequest.new(app).get('') @res.set_header 'FOO', '1' end it 'has_header?' do lambda { @res.has_header? nil }.must_raise NoMethodError @res.has_header?('FOO').must_equal true @res.has_header?('Foo').must_equal true end it 'get_header' do lambda { @res.get_header nil }.must_raise NoMethodError @res.get_header('FOO').must_equal '1' @res.get_header('Foo').must_equal '1' end it 'set_header' do lambda { @res.set_header nil, '1' }.must_raise NoMethodError @res.set_header('FOO', '2').must_equal '2' @res.get_header('FOO').must_equal '2' @res.set_header('Foo', '3').must_equal '3' @res.get_header('Foo').must_equal '3' @res.get_header('FOO').must_equal '3' @res.set_header('FOO', nil).must_be_nil @res.get_header('FOO').must_be_nil @res.has_header?('FOO').must_equal true end it 'add_header' do lambda { @res.add_header nil, '1' }.must_raise NoMethodError # Sets header on first addition @res.add_header('FOO', '1').must_equal '1,1' @res.get_header('FOO').must_equal '1,1' # Ignores nil additions @res.add_header('FOO', nil).must_equal '1,1' @res.get_header('FOO').must_equal '1,1' # Converts additions to strings @res.add_header('FOO', 2).must_equal '1,1,2' @res.get_header('FOO').must_equal '1,1,2' # Respects underlying case-sensitivity @res.add_header('Foo', 'yep').must_equal '1,1,2,yep' @res.get_header('Foo').must_equal '1,1,2,yep' @res.get_header('FOO').must_equal '1,1,2,yep' end it 'delete_header' do lambda { @res.delete_header nil }.must_raise NoMethodError @res.delete_header('FOO').must_equal '1' @res.has_header?('FOO').must_equal false @res.has_header?('Foo').must_equal false @res.delete_header('Foo').must_be_nil end end rack-2.1.4/test/spec_multipart.rb000066400000000000000000000712321367177163600170230ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack' require 'rack/multipart' require 'rack/multipart/parser' require 'rack/utils' require 'rack/mock' require 'timeout' describe Rack::Multipart do def multipart_fixture(name, boundary = "AaB03x") file = multipart_file(name) data = File.open(file, 'rb') { |io| io.read } type = %(multipart/form-data; boundary=#{boundary}) length = data.bytesize { "CONTENT_TYPE" => type, "CONTENT_LENGTH" => length.to_s, :input => StringIO.new(data) } end def multipart_file(name) File.join(File.dirname(__FILE__), "multipart", name.to_s) end it "return nil if content type is not multipart" do env = Rack::MockRequest.env_for("/", "CONTENT_TYPE" => 'application/x-www-form-urlencoded') Rack::Multipart.parse_multipart(env).must_be_nil end it "parse multipart content when content type present but filename is not" do env = Rack::MockRequest.env_for("/", multipart_fixture(:content_type_and_no_filename)) params = Rack::Multipart.parse_multipart(env) params["text"].must_equal "contents" end it "set US_ASCII encoding based on charset" do env = Rack::MockRequest.env_for("/", multipart_fixture(:content_type_and_no_filename)) params = Rack::Multipart.parse_multipart(env) params["text"].encoding.must_equal Encoding::US_ASCII # I'm not 100% sure if making the param name encoding match the # Content-Type charset is the right thing to do. We should revisit this. params.keys.each do |key| key.encoding.must_equal Encoding::US_ASCII end end it "set BINARY encoding on things without content type" do env = Rack::MockRequest.env_for("/", multipart_fixture(:none)) params = Rack::Multipart.parse_multipart(env) params["submit-name"].encoding.must_equal Encoding::UTF_8 end it "set UTF8 encoding on names of things without content type" do env = Rack::MockRequest.env_for("/", multipart_fixture(:none)) params = Rack::Multipart.parse_multipart(env) params.keys.each do |key| key.encoding.must_equal Encoding::UTF_8 end end it "default text to UTF8" do env = Rack::MockRequest.env_for("/", multipart_fixture(:text)) params = Rack::Multipart.parse_multipart(env) params['submit-name'].encoding.must_equal Encoding::UTF_8 params['submit-name-with-content'].encoding.must_equal Encoding::UTF_8 params.keys.each do |key| key.encoding.must_equal Encoding::UTF_8 end end it "handles quoted encodings" do # See #905 env = Rack::MockRequest.env_for("/", multipart_fixture(:unity3d_wwwform)) params = Rack::Multipart.parse_multipart(env) params['user_sid'].encoding.must_equal Encoding::UTF_8 end it "raise RangeError if the key space is exhausted" do env = Rack::MockRequest.env_for("/", multipart_fixture(:content_type_and_no_filename)) old, Rack::Utils.key_space_limit = Rack::Utils.key_space_limit, 1 begin lambda { Rack::Multipart.parse_multipart(env) }.must_raise(RangeError) ensure Rack::Utils.key_space_limit = old end end it "parse multipart form webkit style" do env = Rack::MockRequest.env_for '/', multipart_fixture(:webkit) env['CONTENT_TYPE'] = "multipart/form-data; boundary=----WebKitFormBoundaryWLHCs9qmcJJoyjKR" params = Rack::Multipart.parse_multipart(env) params['profile']['bio'].must_include 'hello' params['profile'].keys.must_include 'public_email' end it "reject insanely long boundaries" do # using a pipe since a tempfile can use up too much space rd, wr = IO.pipe # we only call rewind once at start, so make sure it succeeds # and doesn't hit ESPIPE def rd.rewind; end wr.sync = true # write to a pipe in a background thread, this will write a lot # unless Rack (properly) shuts down the read end thr = Thread.new do begin wr.write("--AaB03x") # make the initial boundary a few gigs long longer = "0123456789" * 1024 * 1024 (1024 * 1024).times { wr.write(longer) } wr.write("\r\n") wr.write('Content-Disposition: form-data; name="a"; filename="a.txt"') wr.write("\r\n") wr.write("Content-Type: text/plain\r\n") wr.write("\r\na") wr.write("--AaB03x--\r\n") wr.close rescue => err # this is EPIPE if Rack shuts us down err end end fixture = { "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x", "CONTENT_LENGTH" => (1024 * 1024 * 8).to_s, :input => rd, } env = Rack::MockRequest.env_for '/', fixture lambda { Rack::Multipart.parse_multipart(env) }.must_raise EOFError rd.close err = thr.value err.must_be_instance_of Errno::EPIPE wr.close end # see https://github.com/rack/rack/pull/1309 it "parse strange multipart pdf" do boundary = '---------------------------932620571087722842402766118' data = StringIO.new data.write("--#{boundary}") data.write("\r\n") data.write('Content-Disposition: form-data; name="a"; filename="a.pdf"') data.write("\r\n") data.write("Content-Type:application/pdf\r\n") data.write("\r\n") data.write("-" * (1024 * 1024)) data.write("\r\n") data.write("--#{boundary}--\r\n") fixture = { "CONTENT_TYPE" => "multipart/form-data; boundary=#{boundary}", "CONTENT_LENGTH" => data.length.to_s, :input => data, } env = Rack::MockRequest.env_for '/', fixture Timeout::timeout(10) { Rack::Multipart.parse_multipart(env) } end it 'raises an EOF error on content-length mistmatch' do env = Rack::MockRequest.env_for("/", multipart_fixture(:empty)) env['rack.input'] = StringIO.new assert_raises(EOFError) do Rack::Multipart.parse_multipart(env) end end it "parse multipart upload with text file" do env = Rack::MockRequest.env_for("/", multipart_fixture(:text)) params = Rack::Multipart.parse_multipart(env) params["submit-name"].must_equal "Larry" params["submit-name-with-content"].must_equal "Berry" params["files"][:type].must_equal "text/plain" params["files"][:filename].must_equal "file1.txt" params["files"][:head].must_equal "Content-Disposition: form-data; " + "name=\"files\"; filename=\"file1.txt\"\r\n" + "Content-Type: text/plain\r\n" params["files"][:name].must_equal "files" params["files"][:tempfile].read.must_equal "contents" end it "accept the params hash class to use for multipart parsing" do c = Class.new(Rack::QueryParser::Params) do def initialize(*) super @params = Hash.new{|h, k| h[k.to_s] if k.is_a?(Symbol)} end end query_parser = Rack::QueryParser.new c, 65536, 100 env = Rack::MockRequest.env_for("/", multipart_fixture(:text)) params = Rack::Multipart.parse_multipart(env, query_parser) params[:files][:type].must_equal "text/plain" end it "preserve extension in the created tempfile" do env = Rack::MockRequest.env_for("/", multipart_fixture(:text)) params = Rack::Multipart.parse_multipart(env) File.extname(params["files"][:tempfile].path).must_equal ".txt" end it "parse multipart upload with text file with no name field" do env = Rack::MockRequest.env_for("/", multipart_fixture(:filename_and_no_name)) params = Rack::Multipart.parse_multipart(env) params["file1.txt"][:type].must_equal "text/plain" params["file1.txt"][:filename].must_equal "file1.txt" params["file1.txt"][:head].must_equal "Content-Disposition: form-data; " + "filename=\"file1.txt\"\r\n" + "Content-Type: text/plain\r\n" params["file1.txt"][:name].must_equal "file1.txt" params["file1.txt"][:tempfile].read.must_equal "contents" end it "parse multipart upload file using custom tempfile class" do env = Rack::MockRequest.env_for("/", multipart_fixture(:text)) my_tempfile = "".dup env['rack.multipart.tempfile_factory'] = lambda { |filename, content_type| my_tempfile } params = Rack::Multipart.parse_multipart(env) params["files"][:tempfile].object_id.must_equal my_tempfile.object_id my_tempfile.must_equal "contents" end it "parse multipart upload with nested parameters" do env = Rack::MockRequest.env_for("/", multipart_fixture(:nested)) params = Rack::Multipart.parse_multipart(env) params["foo"]["submit-name"].must_equal "Larry" params["foo"]["files"][:type].must_equal "text/plain" params["foo"]["files"][:filename].must_equal "file1.txt" params["foo"]["files"][:head].must_equal "Content-Disposition: form-data; " + "name=\"foo[files]\"; filename=\"file1.txt\"\r\n" + "Content-Type: text/plain\r\n" params["foo"]["files"][:name].must_equal "foo[files]" params["foo"]["files"][:tempfile].read.must_equal "contents" end it "parse multipart upload with binary file" do env = Rack::MockRequest.env_for("/", multipart_fixture(:binary)) params = Rack::Multipart.parse_multipart(env) params["submit-name"].must_equal "Larry" params["files"][:type].must_equal "image/png" params["files"][:filename].must_equal "rack-logo.png" params["files"][:head].must_equal "Content-Disposition: form-data; " + "name=\"files\"; filename=\"rack-logo.png\"\r\n" + "Content-Type: image/png\r\n" params["files"][:name].must_equal "files" params["files"][:tempfile].read.length.must_equal 26473 end it "parse multipart upload with empty file" do env = Rack::MockRequest.env_for("/", multipart_fixture(:empty)) params = Rack::Multipart.parse_multipart(env) params["submit-name"].must_equal "Larry" params["files"][:type].must_equal "text/plain" params["files"][:filename].must_equal "file1.txt" params["files"][:head].must_equal "Content-Disposition: form-data; " + "name=\"files\"; filename=\"file1.txt\"\r\n" + "Content-Type: text/plain\r\n" params["files"][:name].must_equal "files" params["files"][:tempfile].read.must_equal "" end it "parse multipart upload with filename with semicolons" do env = Rack::MockRequest.env_for("/", multipart_fixture(:semicolon)) params = Rack::Multipart.parse_multipart(env) params["files"][:type].must_equal "text/plain" params["files"][:filename].must_equal "fi;le1.txt" params["files"][:head].must_equal "Content-Disposition: form-data; " + "name=\"files\"; filename=\"fi;le1.txt\"\r\n" + "Content-Type: text/plain\r\n" params["files"][:name].must_equal "files" params["files"][:tempfile].read.must_equal "contents" end it "parse multipart upload with quoted boundary" do env = Rack::MockRequest.env_for("/", multipart_fixture(:quoted, %("AaB:03x"))) params = Rack::Multipart.parse_multipart(env) params["submit-name"].must_equal "Larry" params["submit-name-with-content"].must_equal "Berry" params["files"][:type].must_equal "text/plain" params["files"][:filename].must_equal "file1.txt" params["files"][:head].must_equal "Content-Disposition: form-data; " + "name=\"files\"; filename=\"file1.txt\"\r\n" + "Content-Type: text/plain\r\n" params["files"][:name].must_equal "files" params["files"][:tempfile].read.must_equal "contents" end it "parse multipart upload with filename with invalid characters" do env = Rack::MockRequest.env_for("/", multipart_fixture(:invalid_character)) params = Rack::Multipart.parse_multipart(env) params["files"][:type].must_equal "text/plain" params["files"][:filename].must_match(/invalid/) head = "Content-Disposition: form-data; " + "name=\"files\"; filename=\"invalid\xC3.txt\"\r\n" + "Content-Type: text/plain\r\n" head = head.force_encoding(Encoding::ASCII_8BIT) params["files"][:head].must_equal head params["files"][:name].must_equal "files" params["files"][:tempfile].read.must_equal "contents" end it "parse multipart form with an encoded word filename" do env = Rack::MockRequest.env_for '/', multipart_fixture(:filename_with_encoded_words) params = Rack::Multipart.parse_multipart(env) params["files"][:filename].must_equal "файл" end it "parse multipart form with a single quote in the filename" do env = Rack::MockRequest.env_for '/', multipart_fixture(:filename_with_single_quote) params = Rack::Multipart.parse_multipart(env) params["files"][:filename].must_equal "bob's flowers.jpg" end it "parse multipart form with a null byte in the filename" do env = Rack::MockRequest.env_for '/', multipart_fixture(:filename_with_null_byte) params = Rack::Multipart.parse_multipart(env) params["files"][:filename].must_equal "flowers.exe\u0000.jpg" end it "is robust separating Content-Disposition fields" do env = Rack::MockRequest.env_for("/", multipart_fixture(:robust_field_separation)) params = Rack::Multipart.parse_multipart(env) params["text"].must_equal "contents" end it "not include file params if no file was selected" do env = Rack::MockRequest.env_for("/", multipart_fixture(:none)) params = Rack::Multipart.parse_multipart(env) params["submit-name"].must_equal "Larry" params["files"].must_be_nil params.keys.wont_include "files" end it "parse multipart/mixed" do env = Rack::MockRequest.env_for("/", multipart_fixture(:mixed_files)) params = Rack::Multipart.parse_multipart(env) params["foo"].must_equal "bar" params["files"].must_be_instance_of String params["files"].size.must_equal 252 end it "parse IE multipart upload and clean up filename" do env = Rack::MockRequest.env_for("/", multipart_fixture(:ie)) params = Rack::Multipart.parse_multipart(env) params["files"][:type].must_equal "text/plain" params["files"][:filename].must_equal "file1.txt" params["files"][:head].must_equal "Content-Disposition: form-data; " + "name=\"files\"; " + 'filename="C:\Documents and Settings\Administrator\Desktop\file1.txt"' + "\r\nContent-Type: text/plain\r\n" params["files"][:name].must_equal "files" params["files"][:tempfile].read.must_equal "contents" end it "parse filename and modification param" do env = Rack::MockRequest.env_for("/", multipart_fixture(:filename_and_modification_param)) params = Rack::Multipart.parse_multipart(env) params["files"][:type].must_equal "image/jpeg" params["files"][:filename].must_equal "genome.jpeg" params["files"][:head].must_equal "Content-Type: image/jpeg\r\n" + "Content-Disposition: attachment; " + "name=\"files\"; " + "filename=genome.jpeg; " + "modification-date=\"Wed, 12 Feb 1997 16:29:51 -0500\";\r\n" + "Content-Description: a complete map of the human genome\r\n" params["files"][:name].must_equal "files" params["files"][:tempfile].read.must_equal "contents" end it "parse filename with escaped quotes" do env = Rack::MockRequest.env_for("/", multipart_fixture(:filename_with_escaped_quotes)) params = Rack::Multipart.parse_multipart(env) params["files"][:type].must_equal "application/octet-stream" params["files"][:filename].must_equal "escape \"quotes" params["files"][:head].must_equal "Content-Disposition: form-data; " + "name=\"files\"; " + "filename=\"escape \\\"quotes\"\r\n" + "Content-Type: application/octet-stream\r\n" params["files"][:name].must_equal "files" params["files"][:tempfile].read.must_equal "contents" end it "parse filename with plus character" do env = Rack::MockRequest.env_for("/", multipart_fixture(:filename_with_plus)) params = Rack::Multipart.parse_multipart(env) params["files"][:type].must_equal "application/octet-stream" params["files"][:filename].must_equal "foo+bar" params["files"][:head].must_equal "Content-Disposition: form-data; " + "name=\"files\"; " + "filename=\"foo+bar\"\r\n" + "Content-Type: application/octet-stream\r\n" params["files"][:name].must_equal "files" params["files"][:tempfile].read.must_equal "contents" end it "parse filename with percent escaped quotes" do env = Rack::MockRequest.env_for("/", multipart_fixture(:filename_with_percent_escaped_quotes)) params = Rack::Multipart.parse_multipart(env) params["files"][:type].must_equal "application/octet-stream" params["files"][:filename].must_equal "escape \"quotes" params["files"][:head].must_equal "Content-Disposition: form-data; " + "name=\"files\"; " + "filename=\"escape %22quotes\"\r\n" + "Content-Type: application/octet-stream\r\n" params["files"][:name].must_equal "files" params["files"][:tempfile].read.must_equal "contents" end it "parse filename with unescaped quotes" do env = Rack::MockRequest.env_for("/", multipart_fixture(:filename_with_unescaped_quotes)) params = Rack::Multipart.parse_multipart(env) params["files"][:type].must_equal "application/octet-stream" params["files"][:filename].must_equal "escape \"quotes" params["files"][:head].must_equal "Content-Disposition: form-data; " + "name=\"files\"; " + "filename=\"escape \"quotes\"\r\n" + "Content-Type: application/octet-stream\r\n" params["files"][:name].must_equal "files" params["files"][:tempfile].read.must_equal "contents" end it "parse filename with escaped quotes and modification param" do env = Rack::MockRequest.env_for("/", multipart_fixture(:filename_with_escaped_quotes_and_modification_param)) params = Rack::Multipart.parse_multipart(env) params["files"][:type].must_equal "image/jpeg" params["files"][:filename].must_equal "\"human\" genome.jpeg" params["files"][:head].must_equal "Content-Type: image/jpeg\r\n" + "Content-Disposition: attachment; " + "name=\"files\"; " + "filename=\"\"human\" genome.jpeg\"; " + "modification-date=\"Wed, 12 Feb 1997 16:29:51 -0500\";\r\n" + "Content-Description: a complete map of the human genome\r\n" params["files"][:name].must_equal "files" params["files"][:tempfile].read.must_equal "contents" end it "parse filename with unescaped percentage characters" do env = Rack::MockRequest.env_for("/", multipart_fixture(:filename_with_unescaped_percentages, "----WebKitFormBoundary2NHc7OhsgU68l3Al")) params = Rack::Multipart.parse_multipart(env) files = params["document"]["attachment"] files[:type].must_equal "image/jpeg" files[:filename].must_equal "100% of a photo.jpeg" files[:head].must_equal <<-MULTIPART Content-Disposition: form-data; name="document[attachment]"; filename="100% of a photo.jpeg"\r Content-Type: image/jpeg\r MULTIPART files[:name].must_equal "document[attachment]" files[:tempfile].read.must_equal "contents" end it "parse filename with unescaped percentage characters that look like partial hex escapes" do env = Rack::MockRequest.env_for("/", multipart_fixture(:filename_with_unescaped_percentages2, "----WebKitFormBoundary2NHc7OhsgU68l3Al")) params = Rack::Multipart.parse_multipart(env) files = params["document"]["attachment"] files[:type].must_equal "image/jpeg" files[:filename].must_equal "100%a" files[:head].must_equal <<-MULTIPART Content-Disposition: form-data; name="document[attachment]"; filename="100%a"\r Content-Type: image/jpeg\r MULTIPART files[:name].must_equal "document[attachment]" files[:tempfile].read.must_equal "contents" end it "parse filename with unescaped percentage characters that look like partial hex escapes" do env = Rack::MockRequest.env_for("/", multipart_fixture(:filename_with_unescaped_percentages3, "----WebKitFormBoundary2NHc7OhsgU68l3Al")) params = Rack::Multipart.parse_multipart(env) files = params["document"]["attachment"] files[:type].must_equal "image/jpeg" files[:filename].must_equal "100%" files[:head].must_equal <<-MULTIPART Content-Disposition: form-data; name="document[attachment]"; filename="100%"\r Content-Type: image/jpeg\r MULTIPART files[:name].must_equal "document[attachment]" files[:tempfile].read.must_equal "contents" end it "rewinds input after parsing upload" do options = multipart_fixture(:text) input = options[:input] env = Rack::MockRequest.env_for("/", options) params = Rack::Multipart.parse_multipart(env) params["submit-name"].must_equal "Larry" params["files"][:filename].must_equal "file1.txt" input.read.length.must_equal 307 end it "builds multipart body" do files = Rack::Multipart::UploadedFile.new(multipart_file("file1.txt")) data = Rack::Multipart.build_multipart("submit-name" => "Larry", "files" => files) options = { "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x", "CONTENT_LENGTH" => data.length.to_s, :input => StringIO.new(data) } env = Rack::MockRequest.env_for("/", options) params = Rack::Multipart.parse_multipart(env) params["submit-name"].must_equal "Larry" params["files"][:filename].must_equal "file1.txt" params["files"][:tempfile].read.must_equal "contents" end it "builds nested multipart body" do files = Rack::Multipart::UploadedFile.new(multipart_file("file1.txt")) data = Rack::Multipart.build_multipart("people" => [{ "submit-name" => "Larry", "files" => files }]) options = { "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x", "CONTENT_LENGTH" => data.length.to_s, :input => StringIO.new(data) } env = Rack::MockRequest.env_for("/", options) params = Rack::Multipart.parse_multipart(env) params["people"][0]["submit-name"].must_equal "Larry" params["people"][0]["files"][:filename].must_equal "file1.txt" params["people"][0]["files"][:tempfile].read.must_equal "contents" end it "can parse fields that end at the end of the buffer" do input = File.read(multipart_file("bad_robots")) req = Rack::Request.new Rack::MockRequest.env_for("/", "CONTENT_TYPE" => "multipart/form-data, boundary=1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon", "CONTENT_LENGTH" => input.size, :input => input) req.POST['file.path'].must_equal "/var/tmp/uploads/4/0001728414" req.POST['addresses'].wont_equal nil end it "builds complete params with the chunk size of 16384 slicing exactly on boundary" do begin previous_limit = Rack::Utils.multipart_part_limit Rack::Utils.multipart_part_limit = 256 data = File.open(multipart_file("fail_16384_nofile"), 'rb') { |f| f.read }.gsub(/\n/, "\r\n") options = { "CONTENT_TYPE" => "multipart/form-data; boundary=----WebKitFormBoundaryWsY0GnpbI5U7ztzo", "CONTENT_LENGTH" => data.length.to_s, :input => StringIO.new(data) } env = Rack::MockRequest.env_for("/", options) params = Rack::Multipart.parse_multipart(env) params.wont_equal nil params.keys.must_include "AAAAAAAAAAAAAAAAAAA" params["AAAAAAAAAAAAAAAAAAA"].keys.must_include "PLAPLAPLA_MEMMEMMEMM_ATTRATTRER" params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"].keys.must_include "new" params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"].keys.must_include "-2" params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"]["-2"].keys.must_include "ba_unit_id" params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"]["-2"]["ba_unit_id"].must_equal "1017" ensure Rack::Utils.multipart_part_limit = previous_limit end end it "not reach a multi-part limit" do begin previous_limit = Rack::Utils.multipart_part_limit Rack::Utils.multipart_part_limit = 4 env = Rack::MockRequest.env_for '/', multipart_fixture(:three_files_three_fields) params = Rack::Multipart.parse_multipart(env) params['reply'].must_equal 'yes' params['to'].must_equal 'people' params['from'].must_equal 'others' ensure Rack::Utils.multipart_part_limit = previous_limit end end it "reach a multipart limit" do begin previous_limit = Rack::Utils.multipart_part_limit Rack::Utils.multipart_part_limit = 3 env = Rack::MockRequest.env_for '/', multipart_fixture(:three_files_three_fields) lambda { Rack::Multipart.parse_multipart(env) }.must_raise Rack::Multipart::MultipartPartLimitError ensure Rack::Utils.multipart_part_limit = previous_limit end end it "return nil if no UploadedFiles were used" do data = Rack::Multipart.build_multipart("people" => [{ "submit-name" => "Larry", "files" => "contents" }]) data.must_be_nil end it "raise ArgumentError if params is not a Hash" do lambda { Rack::Multipart.build_multipart("foo=bar") }.must_raise(ArgumentError).message.must_equal "value must be a Hash" end it "can parse fields with a content type" do data = <<-EOF --1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon\r Content-Disposition: form-data; name="description"\r Content-Type: text/plain"\r \r Very very blue\r --1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon--\r EOF options = { "CONTENT_TYPE" => "multipart/form-data; boundary=1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon", "CONTENT_LENGTH" => data.length.to_s, :input => StringIO.new(data) } env = Rack::MockRequest.env_for("/", options) params = Rack::Multipart.parse_multipart(env) params.must_equal "description" => "Very very blue" end it "parse multipart upload with no content-length header" do env = Rack::MockRequest.env_for '/', multipart_fixture(:webkit) env['CONTENT_TYPE'] = "multipart/form-data; boundary=----WebKitFormBoundaryWLHCs9qmcJJoyjKR" env.delete 'CONTENT_LENGTH' params = Rack::Multipart.parse_multipart(env) params['profile']['bio'].must_include 'hello' end it "parse very long unquoted multipart file names" do data = <<-EOF --AaB03x\r Content-Type: text/plain\r Content-Disposition: attachment; name=file; filename=#{'long' * 100}\r \r contents\r --AaB03x--\r EOF options = { "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x", "CONTENT_LENGTH" => data.length.to_s, :input => StringIO.new(data) } env = Rack::MockRequest.env_for("/", options) params = Rack::Multipart.parse_multipart(env) params["file"][:filename].must_equal 'long' * 100 end it "parse unquoted parameter values at end of line" do data = <<-EOF --AaB03x\r Content-Type: text/plain\r Content-Disposition: attachment; name=inline\r \r true\r --AaB03x--\r EOF options = { "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x", "CONTENT_LENGTH" => data.length.to_s, :input => StringIO.new(data) } env = Rack::MockRequest.env_for("/", options) params = Rack::Multipart.parse_multipart(env) params["inline"].must_equal 'true' end it "parse quoted chars in name parameter" do data = <<-EOF --AaB03x\r Content-Type: text/plain\r Content-Disposition: attachment; name="quoted\\\\chars\\"in\rname"\r \r true\r --AaB03x--\r EOF options = { "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x", "CONTENT_LENGTH" => data.length.to_s, :input => StringIO.new(data) } env = Rack::MockRequest.env_for("/", options) params = Rack::Multipart.parse_multipart(env) params["quoted\\chars\"in\rname"].must_equal 'true' end it "support mixed case metadata" do file = multipart_file(:text) data = File.open(file, 'rb') { |io| io.read } type = "Multipart/Form-Data; Boundary=AaB03x" length = data.bytesize e = { "CONTENT_TYPE" => type, "CONTENT_LENGTH" => length.to_s, :input => StringIO.new(data) } env = Rack::MockRequest.env_for("/", e) params = Rack::Multipart.parse_multipart(env) params["submit-name"].must_equal "Larry" params["submit-name-with-content"].must_equal "Berry" params["files"][:type].must_equal "text/plain" params["files"][:filename].must_equal "file1.txt" params["files"][:head].must_equal "Content-Disposition: form-data; " + "name=\"files\"; filename=\"file1.txt\"\r\n" + "Content-Type: text/plain\r\n" params["files"][:name].must_equal "files" params["files"][:tempfile].read.must_equal "contents" end it "fallback to content-type for name" do rack_logo = File.read(multipart_file("rack-logo.png")) data = <<-EOF.dup --AaB03x\r Content-Type: text/plain\r \r some text\r --AaB03x\r \r \r some more text (I didn't specify Content-Type)\r --AaB03x\r Content-Type: image/png\r \r #{rack_logo}\r --AaB03x--\r EOF options = { "CONTENT_TYPE" => "multipart/related; boundary=AaB03x", "CONTENT_LENGTH" => data.bytesize.to_s, :input => StringIO.new(data.dup) } env = Rack::MockRequest.env_for("/", options) params = Rack::Multipart.parse_multipart(env) params["text/plain"].must_equal ["some text", "some more text (I didn't specify Content-Type)"] params["image/png"].length.must_equal 1 f = Tempfile.new("rack-logo") f.write(params["image/png"][0]) f.length.must_equal 26473 end end rack-2.1.4/test/spec_null_logger.rb000066400000000000000000000011151367177163600173040ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/lint' require 'rack/mock' require 'rack/null_logger' describe Rack::NullLogger do it "act as a noop logger" do app = lambda { |env| env['rack.logger'].warn "b00m" [200, { 'Content-Type' => 'text/plain' }, ["Hello, World!"]] } logger = Rack::Lint.new(Rack::NullLogger.new(app)) res = logger.call(Rack::MockRequest.env_for) res[0..1].must_equal [ 200, { 'Content-Type' => 'text/plain' } ] res[2].to_enum.to_a.must_equal ["Hello, World!"] end end rack-2.1.4/test/spec_recursive.rb000066400000000000000000000036301367177163600170060ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/lint' require 'rack/recursive' require 'rack/mock' describe Rack::Recursive do before do @app1 = lambda { |env| res = Rack::Response.new res["X-Path-Info"] = env["PATH_INFO"] res["X-Query-String"] = env["QUERY_STRING"] res.finish do |inner_res| inner_res.write "App1" end } @app2 = lambda { |env| Rack::Response.new.finish do |res| res.write "App2" _, _, body = env['rack.recursive.include'].call(env, "/app1") body.each { |b| res.write b } end } @app3 = lambda { |env| raise Rack::ForwardRequest.new("/app1") } @app4 = lambda { |env| raise Rack::ForwardRequest.new("http://example.org/app1/quux?meh") } end def recursive(map) Rack::Lint.new Rack::Recursive.new(Rack::URLMap.new(map)) end it "allow for subrequests" do res = Rack::MockRequest.new(recursive("/app1" => @app1, "/app2" => @app2)). get("/app2") res.must_be :ok? res.body.must_equal "App2App1" end it "raise error on requests not below the app" do app = Rack::URLMap.new("/app1" => @app1, "/app" => recursive("/1" => @app1, "/2" => @app2)) lambda { Rack::MockRequest.new(app).get("/app/2") }.must_raise(ArgumentError). message.must_match(/can only include below/) end it "support forwarding" do app = recursive("/app1" => @app1, "/app3" => @app3, "/app4" => @app4) res = Rack::MockRequest.new(app).get("/app3") res.must_be :ok? res.body.must_equal "App1" res = Rack::MockRequest.new(app).get("/app4") res.must_be :ok? res.body.must_equal "App1" res["X-Path-Info"].must_equal "/quux" res["X-Query-String"].must_equal "meh" end end rack-2.1.4/test/spec_request.rb000066400000000000000000001362721367177163600165000ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'stringio' require 'cgi' require 'rack/request' require 'rack/mock' require 'rack/multipart' require 'securerandom' class RackRequestTest < Minitest::Spec it "copies the env when duping" do req = make_request(Rack::MockRequest.env_for("http://example.com:8080/")) refute_same req.env, req.dup.env end it 'can check if something has been set' do req = make_request(Rack::MockRequest.env_for("http://example.com:8080/")) refute req.has_header?("FOO") end it "can get a key from the env" do req = make_request(Rack::MockRequest.env_for("http://example.com:8080/")) assert_equal "example.com", req.get_header("SERVER_NAME") end it 'can calculate the authority' do req = make_request(Rack::MockRequest.env_for("http://example.com:8080/")) assert_equal "example.com:8080", req.authority end it 'can calculate the authority without a port' do req = make_request(Rack::MockRequest.env_for("http://example.com/")) assert_equal "example.com:80", req.authority end it 'can calculate the authority without a port on ssl' do req = make_request(Rack::MockRequest.env_for("https://example.com/")) assert_equal "example.com:443", req.authority end it 'yields to the block if no value has been set' do req = make_request(Rack::MockRequest.env_for("http://example.com:8080/")) yielded = false req.fetch_header("FOO") do yielded = true req.set_header "FOO", 'bar' end assert yielded assert_equal "bar", req.get_header("FOO") end it 'can iterate over values' do req = make_request(Rack::MockRequest.env_for("http://example.com:8080/")) req.set_header 'foo', 'bar' hash = {} req.each_header do |k, v| hash[k] = v end assert_equal 'bar', hash['foo'] end it 'can set values in the env' do req = make_request(Rack::MockRequest.env_for("http://example.com:8080/")) req.set_header("FOO", "BAR") assert_equal "BAR", req.get_header("FOO") end it 'can add to multivalued headers in the env' do req = make_request(Rack::MockRequest.env_for('http://example.com:8080/')) assert_equal '1', req.add_header('FOO', '1') assert_equal '1', req.get_header('FOO') assert_equal '1,2', req.add_header('FOO', '2') assert_equal '1,2', req.get_header('FOO') assert_equal '1,2', req.add_header('FOO', nil) assert_equal '1,2', req.get_header('FOO') end it 'can delete env values' do req = make_request(Rack::MockRequest.env_for("http://example.com:8080/")) req.set_header 'foo', 'bar' assert req.has_header? 'foo' req.delete_header 'foo' refute req.has_header? 'foo' end it "wrap the rack variables" do req = make_request(Rack::MockRequest.env_for("http://example.com:8080/")) req.body.must_respond_to :gets req.scheme.must_equal "http" req.request_method.must_equal "GET" req.must_be :get? req.wont_be :post? req.wont_be :put? req.wont_be :delete? req.wont_be :head? req.wont_be :patch? req.script_name.must_equal "" req.path_info.must_equal "/" req.query_string.must_equal "" req.host.must_equal "example.com" req.port.must_equal 8080 req.content_length.must_equal "0" req.content_type.must_be_nil end it "figure out the correct host" do req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "www2.example.org") req.host.must_equal "www2.example.org" req = make_request \ Rack::MockRequest.env_for("/", "SERVER_NAME" => "example.org", "SERVER_PORT" => "9292") req.host.must_equal "example.org" req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "localhost:81", "HTTP_X_FORWARDED_HOST" => "example.org:9292") req.host.must_equal "example.org" env = Rack::MockRequest.env_for("/", "SERVER_ADDR" => "192.168.1.1", "SERVER_PORT" => "9292") env.delete("SERVER_NAME") req = make_request(env) req.host.must_equal "192.168.1.1" env = Rack::MockRequest.env_for("/") env.delete("SERVER_NAME") req = make_request(env) req.host.must_equal "" end it "figure out the correct port" do req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "www2.example.org") req.port.must_equal 80 req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "www2.example.org:81") req.port.must_equal 81 req = make_request \ Rack::MockRequest.env_for("/", "SERVER_NAME" => "example.org", "SERVER_PORT" => "9292") req.port.must_equal 9292 req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "localhost:81", "HTTP_X_FORWARDED_HOST" => "example.org:9292") req.port.must_equal 9292 req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "localhost:81", "HTTP_X_FORWARDED_HOST" => "example.org") req.port.must_equal 80 req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "localhost:81", "HTTP_X_FORWARDED_HOST" => "example.org", "HTTP_X_FORWARDED_SSL" => "on") req.port.must_equal 443 req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "localhost:81", "HTTP_X_FORWARDED_HOST" => "example.org", "HTTP_X_FORWARDED_PROTO" => "https") req.port.must_equal 443 req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "localhost:81", "HTTP_X_FORWARDED_HOST" => "example.org", "HTTP_X_FORWARDED_PORT" => "9393") req.port.must_equal 9393 req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "localhost:81", "HTTP_X_FORWARDED_HOST" => "example.org:9393", "SERVER_PORT" => "80") req.port.must_equal 9393 req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "localhost:81", "HTTP_X_FORWARDED_HOST" => "example.org", "SERVER_PORT" => "9393") req.port.must_equal 80 req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "localhost", "HTTP_X_FORWARDED_PROTO" => "https", "SERVER_PORT" => "80") req.port.must_equal 443 req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "localhost", "HTTP_X_FORWARDED_PROTO" => "https,https", "SERVER_PORT" => "80") req.port.must_equal 443 end it "figure out the correct host with port" do req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "www2.example.org") req.host_with_port.must_equal "www2.example.org" req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "localhost:81") req.host_with_port.must_equal "localhost:81" req = make_request \ Rack::MockRequest.env_for("/", "SERVER_NAME" => "example.org", "SERVER_PORT" => "9292") req.host_with_port.must_equal "example.org:9292" req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "localhost:81", "HTTP_X_FORWARDED_HOST" => "example.org:9292") req.host_with_port.must_equal "example.org:9292" req = make_request \ Rack::MockRequest.env_for("/", "HTTP_HOST" => "localhost:81", "HTTP_X_FORWARDED_HOST" => "example.org", "SERVER_PORT" => "9393") req.host_with_port.must_equal "example.org" end it "parse the query string" do req = make_request(Rack::MockRequest.env_for("/?foo=bar&quux=bla")) req.query_string.must_equal "foo=bar&quux=bla" req.GET.must_equal "foo" => "bar", "quux" => "bla" req.POST.must_be :empty? req.params.must_equal "foo" => "bar", "quux" => "bla" end it "not truncate query strings containing semi-colons #543 only in POST" do mr = Rack::MockRequest.env_for("/", "REQUEST_METHOD" => 'POST', :input => "foo=bar&quux=b;la") req = make_request mr req.query_string.must_equal "" req.GET.must_be :empty? req.POST.must_equal "foo" => "bar", "quux" => "b;la" req.params.must_equal req.GET.merge(req.POST) end it "should use the query_parser for query parsing" do c = Class.new(Rack::QueryParser::Params) do def initialize(*) super @params = Hash.new{|h, k| h[k.to_s] if k.is_a?(Symbol)} end end parser = Rack::QueryParser.new(c, 65536, 100) c = Class.new(Rack::Request) do define_method(:query_parser) do parser end end req = c.new(Rack::MockRequest.env_for("/?foo=bar&quux=bla")) req.GET[:foo].must_equal "bar" req.GET[:quux].must_equal "bla" req.params[:foo].must_equal "bar" req.params[:quux].must_equal "bla" end it "use semi-colons as separators for query strings in GET" do req = make_request(Rack::MockRequest.env_for("/?foo=bar&quux=b;la;wun=duh")) req.query_string.must_equal "foo=bar&quux=b;la;wun=duh" req.GET.must_equal "foo" => "bar", "quux" => "b", "la" => nil, "wun" => "duh" req.POST.must_be :empty? req.params.must_equal "foo" => "bar", "quux" => "b", "la" => nil, "wun" => "duh" end it "limit the keys from the GET query string" do env = Rack::MockRequest.env_for("/?foo=bar") old, Rack::Utils.key_space_limit = Rack::Utils.key_space_limit, 1 begin req = make_request(env) lambda { req.GET }.must_raise RangeError ensure Rack::Utils.key_space_limit = old end end it "limit the key size per nested params hash" do nested_query = Rack::MockRequest.env_for("/?foo%5Bbar%5D%5Bbaz%5D%5Bqux%5D=1") plain_query = Rack::MockRequest.env_for("/?foo_bar__baz__qux_=1") old, Rack::Utils.key_space_limit = Rack::Utils.key_space_limit, 3 begin exp = { "foo" => { "bar" => { "baz" => { "qux" => "1" } } } } make_request(nested_query).GET.must_equal exp lambda { make_request(plain_query).GET }.must_raise RangeError ensure Rack::Utils.key_space_limit = old end end it "not unify GET and POST when calling params" do mr = Rack::MockRequest.env_for("/?foo=quux", "REQUEST_METHOD" => 'POST', :input => "foo=bar&quux=bla" ) req = make_request mr req.params req.GET.must_equal "foo" => "quux" req.POST.must_equal "foo" => "bar", "quux" => "bla" req.params.must_equal req.GET.merge(req.POST) end it "use the query_parser's params_class for multipart params" do c = Class.new(Rack::QueryParser::Params) do def initialize(*) super @params = Hash.new{|h, k| h[k.to_s] if k.is_a?(Symbol)} end end parser = Rack::QueryParser.new(c, 65536, 100) c = Class.new(Rack::Request) do define_method(:query_parser) do parser end end mr = Rack::MockRequest.env_for("/?foo=quux", "REQUEST_METHOD" => 'POST', :input => "foo=bar&quux=bla" ) req = c.new mr req.params req.GET[:foo].must_equal "quux" req.POST[:foo].must_equal "bar" req.POST[:quux].must_equal "bla" req.params[:foo].must_equal "bar" req.params[:quux].must_equal "bla" end it "raise if input params has invalid %-encoding" do mr = Rack::MockRequest.env_for("/?foo=quux", "REQUEST_METHOD" => 'POST', :input => "a%=1" ) req = make_request mr lambda { req.POST }.must_raise(Rack::Utils::InvalidParameterError). message.must_equal "invalid %-encoding (a%)" end it "raise if rack.input is missing" do req = make_request({}) lambda { req.POST }.must_raise RuntimeError end it "parse POST data when method is POST and no Content-Type given" do req = make_request \ Rack::MockRequest.env_for("/?foo=quux", "REQUEST_METHOD" => 'POST', :input => "foo=bar&quux=bla") req.content_type.must_be_nil req.media_type.must_be_nil req.query_string.must_equal "foo=quux" req.GET.must_equal "foo" => "quux" req.POST.must_equal "foo" => "bar", "quux" => "bla" req.params.must_equal "foo" => "bar", "quux" => "bla" end it "limit the keys from the POST form data" do env = Rack::MockRequest.env_for("", "REQUEST_METHOD" => 'POST', :input => "foo=bar&quux=bla") old, Rack::Utils.key_space_limit = Rack::Utils.key_space_limit, 1 begin req = make_request(env) lambda { req.POST }.must_raise RangeError ensure Rack::Utils.key_space_limit = old end end it "parse POST data with explicit content type regardless of method" do req = make_request \ Rack::MockRequest.env_for("/", "CONTENT_TYPE" => 'application/x-www-form-urlencoded;foo=bar', :input => "foo=bar&quux=bla") req.content_type.must_equal 'application/x-www-form-urlencoded;foo=bar' req.media_type.must_equal 'application/x-www-form-urlencoded' req.media_type_params['foo'].must_equal 'bar' req.POST.must_equal "foo" => "bar", "quux" => "bla" req.params.must_equal "foo" => "bar", "quux" => "bla" end it "not parse POST data when media type is not form-data" do req = make_request \ Rack::MockRequest.env_for("/?foo=quux", "REQUEST_METHOD" => 'POST', "CONTENT_TYPE" => 'text/plain;charset=utf-8', :input => "foo=bar&quux=bla") req.content_type.must_equal 'text/plain;charset=utf-8' req.media_type.must_equal 'text/plain' req.media_type_params['charset'].must_equal 'utf-8' req.POST.must_be :empty? req.params.must_equal "foo" => "quux" req.body.read.must_equal "foo=bar&quux=bla" end it "parse POST data on PUT when media type is form-data" do req = make_request \ Rack::MockRequest.env_for("/?foo=quux", "REQUEST_METHOD" => 'PUT', "CONTENT_TYPE" => 'application/x-www-form-urlencoded', :input => "foo=bar&quux=bla") req.POST.must_equal "foo" => "bar", "quux" => "bla" req.body.read.must_equal "foo=bar&quux=bla" end it "rewind input after parsing POST data" do input = StringIO.new("foo=bar&quux=bla") req = make_request \ Rack::MockRequest.env_for("/", "CONTENT_TYPE" => 'application/x-www-form-urlencoded;foo=bar', :input => input) req.params.must_equal "foo" => "bar", "quux" => "bla" input.read.must_equal "foo=bar&quux=bla" end it "safely accepts POST requests with empty body" do mr = Rack::MockRequest.env_for("/", "REQUEST_METHOD" => "POST", "CONTENT_TYPE" => "multipart/form-data, boundary=AaB03x", "CONTENT_LENGTH" => '0', :input => nil) req = make_request mr req.query_string.must_equal "" req.GET.must_be :empty? req.POST.must_be :empty? req.params.must_equal({}) end it "clean up Safari's ajax POST body" do req = make_request \ Rack::MockRequest.env_for("/", 'REQUEST_METHOD' => 'POST', :input => "foo=bar&quux=bla\0") req.POST.must_equal "foo" => "bar", "quux" => "bla" end it "get value by key from params with #[]" do req = make_request \ Rack::MockRequest.env_for("?foo=quux") req['foo'].must_equal 'quux' req[:foo].must_equal 'quux' end it "set value to key on params with #[]=" do req = make_request \ Rack::MockRequest.env_for("?foo=duh") req['foo'].must_equal 'duh' req[:foo].must_equal 'duh' req.params.must_equal 'foo' => 'duh' if req.delegate? skip "delegate requests don't cache params, so mutations have no impact" end req['foo'] = 'bar' req.params.must_equal 'foo' => 'bar' req['foo'].must_equal 'bar' req[:foo].must_equal 'bar' req[:foo] = 'jaz' req.params.must_equal 'foo' => 'jaz' req['foo'].must_equal 'jaz' req[:foo].must_equal 'jaz' end it "return values for the keys in the order given from values_at" do req = make_request \ Rack::MockRequest.env_for("?foo=baz&wun=der&bar=ful") req.values_at('foo').must_equal ['baz'] req.values_at('foo', 'wun').must_equal ['baz', 'der'] req.values_at('bar', 'foo', 'wun').must_equal ['ful', 'baz', 'der'] end it "extract referrer correctly" do req = make_request \ Rack::MockRequest.env_for("/", "HTTP_REFERER" => "/some/path") req.referer.must_equal "/some/path" req = make_request \ Rack::MockRequest.env_for("/") req.referer.must_be_nil end it "extract user agent correctly" do req = make_request \ Rack::MockRequest.env_for("/", "HTTP_USER_AGENT" => "Mozilla/4.0 (compatible)") req.user_agent.must_equal "Mozilla/4.0 (compatible)" req = make_request \ Rack::MockRequest.env_for("/") req.user_agent.must_be_nil end it "treat missing content type as nil" do req = make_request \ Rack::MockRequest.env_for("/") req.content_type.must_be_nil end it "treat empty content type as nil" do req = make_request \ Rack::MockRequest.env_for("/", "CONTENT_TYPE" => "") req.content_type.must_be_nil end it "return nil media type for empty content type" do req = make_request \ Rack::MockRequest.env_for("/", "CONTENT_TYPE" => "") req.media_type.must_be_nil end it "cache, but invalidates the cache" do req = make_request \ Rack::MockRequest.env_for("/?foo=quux", "CONTENT_TYPE" => "application/x-www-form-urlencoded", :input => "foo=bar&quux=bla") req.GET.must_equal "foo" => "quux" req.GET.must_equal "foo" => "quux" req.set_header("QUERY_STRING", "bla=foo") req.GET.must_equal "bla" => "foo" req.GET.must_equal "bla" => "foo" req.POST.must_equal "foo" => "bar", "quux" => "bla" req.POST.must_equal "foo" => "bar", "quux" => "bla" req.set_header("rack.input", StringIO.new("foo=bla&quux=bar")) req.POST.must_equal "foo" => "bla", "quux" => "bar" req.POST.must_equal "foo" => "bla", "quux" => "bar" end it "figure out if called via XHR" do req = make_request(Rack::MockRequest.env_for("")) req.wont_be :xhr? req = make_request \ Rack::MockRequest.env_for("", "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest") req.must_be :xhr? end it "ssl detection" do request = make_request(Rack::MockRequest.env_for("/")) request.scheme.must_equal "http" request.wont_be :ssl? request = make_request(Rack::MockRequest.env_for("/", 'HTTPS' => 'on')) request.scheme.must_equal "https" request.must_be :ssl? request = make_request(Rack::MockRequest.env_for("/", 'rack.url_scheme' => 'https')) request.scheme.must_equal "https" request.must_be :ssl? request = make_request(Rack::MockRequest.env_for("/", 'HTTP_HOST' => 'www.example.org:8080')) request.scheme.must_equal "http" request.wont_be :ssl? request = make_request(Rack::MockRequest.env_for("/", 'HTTP_HOST' => 'www.example.org:8443', 'HTTPS' => 'on')) request.scheme.must_equal "https" request.must_be :ssl? request = make_request(Rack::MockRequest.env_for("/", 'HTTP_HOST' => 'www.example.org:8443', 'HTTP_X_FORWARDED_SSL' => 'on')) request.scheme.must_equal "https" request.must_be :ssl? request = make_request(Rack::MockRequest.env_for("/", 'HTTP_X_FORWARDED_SCHEME' => 'https')) request.scheme.must_equal "https" request.must_be :ssl? request = make_request(Rack::MockRequest.env_for("/", 'HTTP_X_FORWARDED_PROTO' => 'https')) request.scheme.must_equal "https" request.must_be :ssl? request = make_request(Rack::MockRequest.env_for("/", 'HTTP_X_FORWARDED_PROTO' => 'https, http, http')) request.scheme.must_equal "https" request.must_be :ssl? end it "prevents scheme abuse" do request = make_request(Rack::MockRequest.env_for("/", 'HTTP_X_FORWARDED_SCHEME' => 'a.">')) request.scheme.must_equal 'http' end it "parse cookies" do req = make_request \ Rack::MockRequest.env_for("", "HTTP_COOKIE" => "foo=bar;quux=h&m") req.cookies.must_equal "foo" => "bar", "quux" => "h&m" req.cookies.must_equal "foo" => "bar", "quux" => "h&m" req.delete_header("HTTP_COOKIE") req.cookies.must_equal({}) end it "always return the same hash object" do req = make_request \ Rack::MockRequest.env_for("", "HTTP_COOKIE" => "foo=bar;quux=h&m") hash = req.cookies req.env.delete("HTTP_COOKIE") req.cookies.must_equal hash req.env["HTTP_COOKIE"] = "zoo=m" req.cookies.must_equal hash end it "modify the cookies hash in place" do req = make_request(Rack::MockRequest.env_for("")) req.cookies.must_equal({}) req.cookies['foo'] = 'bar' req.cookies.must_equal 'foo' => 'bar' end it "not modify the params hash in place" do e = Rack::MockRequest.env_for("") req1 = make_request(e) if req1.delegate? skip "delegate requests don't cache params, so mutations have no impact" end req1.params.must_equal({}) req1.params['foo'] = 'bar' req1.params.must_equal 'foo' => 'bar' req2 = make_request(e) req2.params.must_equal({}) end it "modify params hash if param is in GET" do e = Rack::MockRequest.env_for("?foo=duh") req1 = make_request(e) req1.params.must_equal 'foo' => 'duh' req1.update_param 'foo', 'bar' req1.params.must_equal 'foo' => 'bar' req2 = make_request(e) req2.params.must_equal 'foo' => 'bar' end it "modify params hash if param is in POST" do e = Rack::MockRequest.env_for("", "REQUEST_METHOD" => 'POST', :input => 'foo=duh') req1 = make_request(e) req1.params.must_equal 'foo' => 'duh' req1.update_param 'foo', 'bar' req1.params.must_equal 'foo' => 'bar' req2 = make_request(e) req2.params.must_equal 'foo' => 'bar' end it "modify params hash, even if param didn't exist before" do e = Rack::MockRequest.env_for("") req1 = make_request(e) req1.params.must_equal({}) req1.update_param 'foo', 'bar' req1.params.must_equal 'foo' => 'bar' req2 = make_request(e) req2.params.must_equal 'foo' => 'bar' end it "modify params hash by changing only GET" do e = Rack::MockRequest.env_for("?foo=duhget") req = make_request(e) req.GET.must_equal 'foo' => 'duhget' req.POST.must_equal({}) req.update_param 'foo', 'bar' req.GET.must_equal 'foo' => 'bar' req.POST.must_equal({}) end it "modify params hash by changing only POST" do e = Rack::MockRequest.env_for("", "REQUEST_METHOD" => 'POST', :input => "foo=duhpost") req = make_request(e) req.GET.must_equal({}) req.POST.must_equal 'foo' => 'duhpost' req.update_param 'foo', 'bar' req.GET.must_equal({}) req.POST.must_equal 'foo' => 'bar' end it "modify params hash, even if param is defined in both POST and GET" do e = Rack::MockRequest.env_for("?foo=duhget", "REQUEST_METHOD" => 'POST', :input => "foo=duhpost") req1 = make_request(e) req1.GET.must_equal 'foo' => 'duhget' req1.POST.must_equal 'foo' => 'duhpost' req1.params.must_equal 'foo' => 'duhpost' req1.update_param 'foo', 'bar' req1.GET.must_equal 'foo' => 'bar' req1.POST.must_equal 'foo' => 'bar' req1.params.must_equal 'foo' => 'bar' req2 = make_request(e) req2.GET.must_equal 'foo' => 'bar' req2.POST.must_equal 'foo' => 'bar' req2.params.must_equal 'foo' => 'bar' req2.params.must_equal 'foo' => 'bar' end it "allow deleting from params hash if param is in GET" do e = Rack::MockRequest.env_for("?foo=bar") req1 = make_request(e) req1.params.must_equal 'foo' => 'bar' req1.delete_param('foo').must_equal 'bar' req1.params.must_equal({}) req2 = make_request(e) req2.params.must_equal({}) end it "allow deleting from params hash if param is in POST" do e = Rack::MockRequest.env_for("", "REQUEST_METHOD" => 'POST', :input => 'foo=bar') req1 = make_request(e) req1.params.must_equal 'foo' => 'bar' req1.delete_param('foo').must_equal 'bar' req1.params.must_equal({}) req2 = make_request(e) req2.params.must_equal({}) end it "pass through non-uri escaped cookies as-is" do req = make_request Rack::MockRequest.env_for("", "HTTP_COOKIE" => "foo=%") req.cookies["foo"].must_equal "%" end it "parse cookies according to RFC 2109" do req = make_request \ Rack::MockRequest.env_for('', 'HTTP_COOKIE' => 'foo=bar;foo=car') req.cookies.must_equal 'foo' => 'bar' end it 'parse cookies with quotes' do req = make_request Rack::MockRequest.env_for('', { 'HTTP_COOKIE' => '$Version="1"; Customer="WILE_E_COYOTE"; $Path="/acme"; Part_Number="Rocket_Launcher_0001"; $Path="/acme"' }) req.cookies.must_equal({ '$Version' => '"1"', 'Customer' => '"WILE_E_COYOTE"', '$Path' => '"/acme"', 'Part_Number' => '"Rocket_Launcher_0001"', }) end it "provide setters" do req = make_request(e = Rack::MockRequest.env_for("")) req.script_name.must_equal "" req.script_name = "/foo" req.script_name.must_equal "/foo" e["SCRIPT_NAME"].must_equal "/foo" req.path_info.must_equal "/" req.path_info = "/foo" req.path_info.must_equal "/foo" e["PATH_INFO"].must_equal "/foo" end it "provide the original env" do req = make_request(e = Rack::MockRequest.env_for("")) req.env.must_equal e end it "restore the base URL" do make_request(Rack::MockRequest.env_for("")).base_url. must_equal "http://example.org" make_request(Rack::MockRequest.env_for("", "SCRIPT_NAME" => "/foo")).base_url. must_equal "http://example.org" end it "restore the URL" do make_request(Rack::MockRequest.env_for("")).url. must_equal "http://example.org/" make_request(Rack::MockRequest.env_for("", "SCRIPT_NAME" => "/foo")).url. must_equal "http://example.org/foo/" make_request(Rack::MockRequest.env_for("/foo")).url. must_equal "http://example.org/foo" make_request(Rack::MockRequest.env_for("?foo")).url. must_equal "http://example.org/?foo" make_request(Rack::MockRequest.env_for("http://example.org:8080/")).url. must_equal "http://example.org:8080/" make_request(Rack::MockRequest.env_for("https://example.org/")).url. must_equal "https://example.org/" make_request(Rack::MockRequest.env_for("coffee://example.org/")).url. must_equal "coffee://example.org/" make_request(Rack::MockRequest.env_for("coffee://example.org:443/")).url. must_equal "coffee://example.org:443/" make_request(Rack::MockRequest.env_for("https://example.com:8080/foo?foo")).url. must_equal "https://example.com:8080/foo?foo" end it "restore the full path" do make_request(Rack::MockRequest.env_for("")).fullpath. must_equal "/" make_request(Rack::MockRequest.env_for("", "SCRIPT_NAME" => "/foo")).fullpath. must_equal "/foo/" make_request(Rack::MockRequest.env_for("/foo")).fullpath. must_equal "/foo" make_request(Rack::MockRequest.env_for("?foo")).fullpath. must_equal "/?foo" make_request(Rack::MockRequest.env_for("http://example.org:8080/")).fullpath. must_equal "/" make_request(Rack::MockRequest.env_for("https://example.org/")).fullpath. must_equal "/" make_request(Rack::MockRequest.env_for("https://example.com:8080/foo?foo")).fullpath. must_equal "/foo?foo" end it "handle multiple media type parameters" do req = make_request \ Rack::MockRequest.env_for("/", "CONTENT_TYPE" => 'text/plain; foo=BAR,baz=bizzle dizzle;BLING=bam;blong="boo";zump="zoo\"o";weird=lol"') req.wont_be :form_data? req.media_type_params.must_include 'foo' req.media_type_params['foo'].must_equal 'BAR' req.media_type_params.must_include 'baz' req.media_type_params['baz'].must_equal 'bizzle dizzle' req.media_type_params.wont_include 'BLING' req.media_type_params.must_include 'bling' req.media_type_params['bling'].must_equal 'bam' req.media_type_params['blong'].must_equal 'boo' req.media_type_params['zump'].must_equal 'zoo\"o' req.media_type_params['weird'].must_equal 'lol"' end it "parse with junk before boundary" do # Adapted from RFC 1867. input = < "multipart/form-data, boundary=AaB03x", "CONTENT_LENGTH" => input.size, :input => input) req.POST.must_include "fileupload" req.POST.must_include "reply" req.must_be :form_data? req.content_length.must_equal input.size req.media_type.must_equal 'multipart/form-data' req.media_type_params.must_include 'boundary' req.media_type_params['boundary'].must_equal 'AaB03x' req.POST["reply"].must_equal "yes" f = req.POST["fileupload"] f.must_be_kind_of Hash f[:type].must_equal "image/jpeg" f[:filename].must_equal "dj.jpg" f.must_include :tempfile f[:tempfile].size.must_equal 76 end it "not infinite loop with a malformed HTTP request" do # Adapted from RFC 1867. input = < "multipart/form-data, boundary=AaB03x", "CONTENT_LENGTH" => input.size, :input => input) lambda{req.POST}.must_raise EOFError end it "parse multipart form data" do # Adapted from RFC 1867. input = < "multipart/form-data, boundary=AaB03x", "CONTENT_LENGTH" => input.size, :input => input) req.POST.must_include "fileupload" req.POST.must_include "reply" req.must_be :form_data? req.content_length.must_equal input.size req.media_type.must_equal 'multipart/form-data' req.media_type_params.must_include 'boundary' req.media_type_params['boundary'].must_equal 'AaB03x' req.POST["reply"].must_equal "yes" f = req.POST["fileupload"] f.must_be_kind_of Hash f[:type].must_equal "image/jpeg" f[:filename].must_equal "dj.jpg" f.must_include :tempfile f[:tempfile].size.must_equal 76 end it "MultipartPartLimitError when request has too many multipart parts if limit set" do begin data = 10000.times.map { "--AaB03x\r\nContent-Type: text/plain\r\nContent-Disposition: attachment; name=#{SecureRandom.hex(10)}; filename=#{SecureRandom.hex(10)}\r\n\r\ncontents\r\n" }.join("\r\n") data += "--AaB03x--\r" options = { "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x", "CONTENT_LENGTH" => data.length.to_s, :input => StringIO.new(data) } request = make_request Rack::MockRequest.env_for("/", options) lambda { request.POST }.must_raise Rack::Multipart::MultipartPartLimitError end end it 'closes tempfiles it created in the case of too many created' do begin data = 10000.times.map { "--AaB03x\r\nContent-Type: text/plain\r\nContent-Disposition: attachment; name=#{SecureRandom.hex(10)}; filename=#{SecureRandom.hex(10)}\r\n\r\ncontents\r\n" }.join("\r\n") data += "--AaB03x--\r" files = [] options = { "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x", "CONTENT_LENGTH" => data.length.to_s, Rack::RACK_MULTIPART_TEMPFILE_FACTORY => lambda { |filename, content_type| file = Tempfile.new(["RackMultipart", ::File.extname(filename)]) files << file file }, :input => StringIO.new(data) } request = make_request Rack::MockRequest.env_for("/", options) assert_raises(Rack::Multipart::MultipartPartLimitError) do request.POST end refute_predicate files, :empty? files.each { |f| assert_predicate f, :closed? } end end it "parse big multipart form data" do input = < "multipart/form-data, boundary=AaB03x", "CONTENT_LENGTH" => input.size, :input => input) req.POST["huge"][:tempfile].size.must_equal 32768 req.POST["mean"][:tempfile].size.must_equal 10 req.POST["mean"][:tempfile].read.must_equal "--AaB03xha" end it "record tempfiles from multipart form data in env[rack.tempfiles]" do input = < "multipart/form-data, boundary=AaB03x", "CONTENT_LENGTH" => input.size, :input => input) req = make_request(env) req.params env['rack.tempfiles'].size.must_equal 2 end it "detect invalid multipart form data" do input = < "multipart/form-data, boundary=AaB03x", "CONTENT_LENGTH" => input.size, :input => input) lambda { req.POST }.must_raise EOFError input = < "multipart/form-data, boundary=AaB03x", "CONTENT_LENGTH" => input.size, :input => input) lambda { req.POST }.must_raise EOFError input = < "multipart/form-data, boundary=AaB03x", "CONTENT_LENGTH" => input.size, :input => input) lambda { req.POST }.must_raise EOFError end it "consistently raise EOFError on bad multipart form data" do input = < "multipart/form-data, boundary=AaB03x", "CONTENT_LENGTH" => input.size, :input => input) lambda { req.POST }.must_raise EOFError lambda { req.POST }.must_raise EOFError end it "correctly parse the part name from Content-Id header" do input = <\r Content-Transfer-Encoding: 7bit\r \r foo\r --AaB03x--\r EOF req = make_request Rack::MockRequest.env_for("/", "CONTENT_TYPE" => "multipart/related, boundary=AaB03x", "CONTENT_LENGTH" => input.size, :input => input) req.params.keys.must_equal [""] end it "not try to interpret binary as utf8" do input = < "multipart/form-data, boundary=AaB03x", "CONTENT_LENGTH" => input.size, :input => input) req.POST["fileupload"][:tempfile].size.must_equal 4 end it "use form_hash when form_input is a Tempfile" do input = "{foo: 'bar'}" rack_input = Tempfile.new("rackspec") rack_input.write(input) rack_input.rewind req = make_request Rack::MockRequest.env_for("/", "rack.request.form_hash" => { 'foo' => 'bar' }, "rack.request.form_input" => rack_input, :input => rack_input) req.POST.must_equal req.env['rack.request.form_hash'] end it "conform to the Rack spec" do app = lambda { |env| content = make_request(env).POST["file"].inspect size = content.bytesize [200, { "Content-Type" => "text/html", "Content-Length" => size.to_s }, [content]] } input = < "multipart/form-data, boundary=AaB03x", "CONTENT_LENGTH" => input.size.to_s, "rack.input" => StringIO.new(input) res.must_be :ok? end it "parse Accept-Encoding correctly" do parser = lambda do |x| make_request(Rack::MockRequest.env_for("", "HTTP_ACCEPT_ENCODING" => x)).accept_encoding end parser.call(nil).must_equal [] parser.call("compress, gzip").must_equal [["compress", 1.0], ["gzip", 1.0]] parser.call("").must_equal [] parser.call("*").must_equal [["*", 1.0]] parser.call("compress;q=0.5, gzip;q=1.0").must_equal [["compress", 0.5], ["gzip", 1.0]] parser.call("gzip;q=1.0, identity; q=0.5, *;q=0").must_equal [["gzip", 1.0], ["identity", 0.5], ["*", 0] ] parser.call("gzip ; q=0.9").must_equal [["gzip", 0.9]] parser.call("gzip ; deflate").must_equal [["gzip", 1.0]] end it "parse Accept-Language correctly" do parser = lambda do |x| make_request(Rack::MockRequest.env_for("", "HTTP_ACCEPT_LANGUAGE" => x)).accept_language end parser.call(nil).must_equal [] parser.call("fr, en").must_equal [["fr", 1.0], ["en", 1.0]] parser.call("").must_equal [] parser.call("*").must_equal [["*", 1.0]] parser.call("fr;q=0.5, en;q=1.0").must_equal [["fr", 0.5], ["en", 1.0]] parser.call("fr;q=1.0, en; q=0.5, *;q=0").must_equal [["fr", 1.0], ["en", 0.5], ["*", 0] ] parser.call("fr ; q=0.9").must_equal [["fr", 0.9]] parser.call("fr").must_equal [["fr", 1.0]] end def ip_app lambda { |env| request = make_request(env) response = Rack::Response.new response.write request.ip response.finish } end it 'provide ip information' do mock = Rack::MockRequest.new(Rack::Lint.new(ip_app)) res = mock.get '/', 'REMOTE_ADDR' => '1.2.3.4' res.body.must_equal '1.2.3.4' res = mock.get '/', 'REMOTE_ADDR' => 'fe80::202:b3ff:fe1e:8329' res.body.must_equal 'fe80::202:b3ff:fe1e:8329' res = mock.get '/', 'REMOTE_ADDR' => '1.2.3.4,3.4.5.6' res.body.must_equal '1.2.3.4' end it 'deals with proxies' do mock = Rack::MockRequest.new(Rack::Lint.new(ip_app)) res = mock.get '/', 'REMOTE_ADDR' => '1.2.3.4', 'HTTP_X_FORWARDED_FOR' => '3.4.5.6' res.body.must_equal '1.2.3.4' res = mock.get '/', 'REMOTE_ADDR' => '1.2.3.4', 'HTTP_X_FORWARDED_FOR' => 'unknown' res.body.must_equal '1.2.3.4' res = mock.get '/', 'REMOTE_ADDR' => '127.0.0.1', 'HTTP_X_FORWARDED_FOR' => '3.4.5.6' res.body.must_equal '3.4.5.6' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => 'unknown,3.4.5.6' res.body.must_equal '3.4.5.6' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '192.168.0.1,3.4.5.6' res.body.must_equal '3.4.5.6' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '10.0.0.1,3.4.5.6' res.body.must_equal '3.4.5.6' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '10.0.0.1, 10.0.0.1, 3.4.5.6' res.body.must_equal '3.4.5.6' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '127.0.0.1, 3.4.5.6' res.body.must_equal '3.4.5.6' # IPv6 format with optional port: "[2001:db8:cafe::17]:47011" res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '[2001:db8:cafe::17]:47011' res.body.must_equal '2001:db8:cafe::17' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '1.2.3.4, [2001:db8:cafe::17]:47011' res.body.must_equal '2001:db8:cafe::17' # IPv4 format with optional port: "192.0.2.43:47011" res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '192.0.2.43:47011' res.body.must_equal '192.0.2.43' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '1.2.3.4, 192.0.2.43:47011' res.body.must_equal '192.0.2.43' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => 'unknown,192.168.0.1' res.body.must_equal 'unknown' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => 'other,unknown,192.168.0.1' res.body.must_equal 'unknown' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => 'unknown,localhost,192.168.0.1' res.body.must_equal 'unknown' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '9.9.9.9, 3.4.5.6, 10.0.0.1, 172.31.4.4' res.body.must_equal '3.4.5.6' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '::1,2620:0:1c00:0:812c:9583:754b:ca11' res.body.must_equal '2620:0:1c00:0:812c:9583:754b:ca11' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '2620:0:1c00:0:812c:9583:754b:ca11,::1' res.body.must_equal '2620:0:1c00:0:812c:9583:754b:ca11' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => 'fd5b:982e:9130:247f:0000:0000:0000:0000,2620:0:1c00:0:812c:9583:754b:ca11' res.body.must_equal '2620:0:1c00:0:812c:9583:754b:ca11' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '2620:0:1c00:0:812c:9583:754b:ca11,fd5b:982e:9130:247f:0000:0000:0000:0000' res.body.must_equal '2620:0:1c00:0:812c:9583:754b:ca11' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '1.1.1.1, 127.0.0.1', 'HTTP_CLIENT_IP' => '1.1.1.1' res.body.must_equal '1.1.1.1' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '8.8.8.8, 9.9.9.9' res.body.must_equal '9.9.9.9' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '8.8.8.8, fe80::202:b3ff:fe1e:8329' res.body.must_equal 'fe80::202:b3ff:fe1e:8329' # Unix Sockets res = mock.get '/', 'REMOTE_ADDR' => 'unix', 'HTTP_X_FORWARDED_FOR' => '3.4.5.6' res.body.must_equal '3.4.5.6' res = mock.get '/', 'REMOTE_ADDR' => 'unix:/tmp/foo', 'HTTP_X_FORWARDED_FOR' => '3.4.5.6' res.body.must_equal '3.4.5.6' end it "not allow IP spoofing via Client-IP and X-Forwarded-For headers" do mock = Rack::MockRequest.new(Rack::Lint.new(ip_app)) # IP Spoofing attempt: # Client sends X-Forwarded-For: 6.6.6.6 # Client-IP: 6.6.6.6 # Load balancer adds X-Forwarded-For: 2.2.2.3, 192.168.0.7 # App receives: X-Forwarded-For: 6.6.6.6 # X-Forwarded-For: 2.2.2.3, 192.168.0.7 # Client-IP: 6.6.6.6 # Rack env: HTTP_X_FORWARDED_FOR: '6.6.6.6, 2.2.2.3, 192.168.0.7' # HTTP_CLIENT_IP: '6.6.6.6' res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '6.6.6.6, 2.2.2.3, 192.168.0.7', 'HTTP_CLIENT_IP' => '6.6.6.6' res.body.must_equal '2.2.2.3' end it "preserves ip for trusted proxy chain" do mock = Rack::MockRequest.new(Rack::Lint.new(ip_app)) res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '192.168.0.11, 192.168.0.7', 'HTTP_CLIENT_IP' => '127.0.0.1' res.body.must_equal '192.168.0.11' end it "uses a custom trusted proxy filter" do old_ip = Rack::Request.ip_filter Rack::Request.ip_filter = lambda { |ip| ip == 'foo' } req = make_request(Rack::MockRequest.env_for("/")) assert req.trusted_proxy?('foo') Rack::Request.ip_filter = old_ip end it "regards local addresses as proxies" do req = make_request(Rack::MockRequest.env_for("/")) req.trusted_proxy?('127.0.0.1').must_equal true req.trusted_proxy?('10.0.0.1').must_equal true req.trusted_proxy?('172.16.0.1').must_equal true req.trusted_proxy?('172.20.0.1').must_equal true req.trusted_proxy?('172.30.0.1').must_equal true req.trusted_proxy?('172.31.0.1').must_equal true req.trusted_proxy?('192.168.0.1').must_equal true req.trusted_proxy?('::1').must_equal true req.trusted_proxy?('fd00::').must_equal true req.trusted_proxy?('localhost').must_equal true req.trusted_proxy?('unix').must_equal true req.trusted_proxy?('unix:/tmp/sock').must_equal true req.trusted_proxy?("unix.example.org").must_equal false req.trusted_proxy?("example.org\n127.0.0.1").must_equal false req.trusted_proxy?("127.0.0.1\nexample.org").must_equal false req.trusted_proxy?("11.0.0.1").must_equal false req.trusted_proxy?("172.15.0.1").must_equal false req.trusted_proxy?("172.32.0.1").must_equal false req.trusted_proxy?("2001:470:1f0b:18f8::1").must_equal false end it "sets the default session to an empty hash" do req = make_request(Rack::MockRequest.env_for("http://example.com:8080/")) assert_equal Hash.new, req.session end class MyRequest < Rack::Request def params { foo: "bar" } end end it "allow subclass request to be instantiated after parent request" do env = Rack::MockRequest.env_for("/?foo=bar") req1 = make_request(env) req1.GET.must_equal "foo" => "bar" req1.params.must_equal "foo" => "bar" req2 = MyRequest.new(env) req2.GET.must_equal "foo" => "bar" req2.params.must_equal foo: "bar" end it "allow parent request to be instantiated after subclass request" do env = Rack::MockRequest.env_for("/?foo=bar") req1 = MyRequest.new(env) req1.GET.must_equal "foo" => "bar" req1.params.must_equal foo: "bar" req2 = make_request(env) req2.GET.must_equal "foo" => "bar" req2.params.must_equal "foo" => "bar" end it "raise TypeError every time if request parameters are broken" do broken_query = Rack::MockRequest.env_for("/?foo%5B%5D=0&foo%5Bbar%5D=1") req = make_request(broken_query) lambda{req.GET}.must_raise TypeError lambda{req.params}.must_raise TypeError end (0x20...0x7E).collect { |a| b = a.chr c = CGI.escape(b) it "not strip '#{a}' => '#{c}' => '#{b}' escaped character from parameters when accessed as string" do url = "/?foo=#{c}bar#{c}" env = Rack::MockRequest.env_for(url) req2 = make_request(env) req2.GET.must_equal "foo" => "#{b}bar#{b}" req2.params.must_equal "foo" => "#{b}bar#{b}" end } class NonDelegate < Rack::Request def delegate?; false; end end def make_request(env) NonDelegate.new env end class TestProxyRequest < RackRequestTest class DelegateRequest include Rack::Request::Helpers extend Forwardable def_delegators :@req, :has_header?, :get_header, :fetch_header, :each_header, :set_header, :add_header, :delete_header def_delegators :@req, :[], :[]=, :values_at def initialize(req) @req = req end def delegate?; true; end def env; @req.env.dup; end end def make_request(env) DelegateRequest.new super(env) end end end rack-2.1.4/test/spec_response.rb000066400000000000000000000410671367177163600166430ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack' require 'rack/response' require 'stringio' describe Rack::Response do it 'has cache-control methods' do response = Rack::Response.new cc = 'foo' response.cache_control = cc assert_equal cc, response.cache_control assert_equal cc, response.to_a[1]['Cache-Control'] end it 'has an etag method' do response = Rack::Response.new etag = 'foo' response.etag = etag assert_equal etag, response.etag assert_equal etag, response.to_a[1]['ETag'] end it "have sensible default values" do response = Rack::Response.new status, header, body = response.finish status.must_equal 200 header.must_equal({}) body.each { |part| part.must_equal "" } response = Rack::Response.new status, header, body = *response status.must_equal 200 header.must_equal({}) body.each { |part| part.must_equal "" } end it "can be written to" do response = Rack::Response.new _, _, body = response.finish do response.write "foo" response.write "bar" response.write "baz" end parts = [] body.each { |part| parts << part } parts.must_equal ["foo", "bar", "baz"] end it "can set and read headers" do response = Rack::Response.new response["Content-Type"].must_be_nil response["Content-Type"] = "text/plain" response["Content-Type"].must_equal "text/plain" end it "doesn't mutate given headers" do [{}, Rack::Utils::HeaderHash.new].each do |header| response = Rack::Response.new([], 200, header) response.header["Content-Type"] = "text/plain" response.header["Content-Type"].must_equal "text/plain" header.wont_include("Content-Type") end end it "can override the initial Content-Type with a different case" do response = Rack::Response.new("", 200, "content-type" => "text/plain") response["Content-Type"].must_equal "text/plain" end it "can set cookies" do response = Rack::Response.new response.set_cookie "foo", "bar" response["Set-Cookie"].must_equal "foo=bar" response.set_cookie "foo2", "bar2" response["Set-Cookie"].must_equal ["foo=bar", "foo2=bar2"].join("\n") response.set_cookie "foo3", "bar3" response["Set-Cookie"].must_equal ["foo=bar", "foo2=bar2", "foo3=bar3"].join("\n") end it "can set cookies with the same name for multiple domains" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", domain: "sample.example.com" } response.set_cookie "foo", { value: "bar", domain: ".example.com" } response["Set-Cookie"].must_equal ["foo=bar; domain=sample.example.com", "foo=bar; domain=.example.com"].join("\n") end it "formats the Cookie expiration date accordingly to RFC 6265" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", expires: Time.now + 10 } response["Set-Cookie"].must_match( /expires=..., \d\d ... \d\d\d\d \d\d:\d\d:\d\d .../) end it "can set secure cookies" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", secure: true } response["Set-Cookie"].must_equal "foo=bar; secure" end it "can set http only cookies" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", httponly: true } response["Set-Cookie"].must_equal "foo=bar; HttpOnly" end it "can set http only cookies with :http_only" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", http_only: true } response["Set-Cookie"].must_equal "foo=bar; HttpOnly" end it "can set prefers :httponly for http only cookie setting when :httponly and :http_only provided" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", httponly: false, http_only: true } response["Set-Cookie"].must_equal "foo=bar" end it "can set SameSite cookies with symbol value :none" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", same_site: :none } response["Set-Cookie"].must_equal "foo=bar; SameSite=None" end it "can set SameSite cookies with symbol value :None" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", same_site: :None } response["Set-Cookie"].must_equal "foo=bar; SameSite=None" end it "can set SameSite cookies with string value 'None'" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", same_site: "None" } response["Set-Cookie"].must_equal "foo=bar; SameSite=None" end it "can set SameSite cookies with symbol value :lax" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", same_site: :lax } response["Set-Cookie"].must_equal "foo=bar; SameSite=Lax" end it "can set SameSite cookies with symbol value :Lax" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", same_site: :lax } response["Set-Cookie"].must_equal "foo=bar; SameSite=Lax" end it "can set SameSite cookies with string value 'Lax'" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", same_site: "Lax" } response["Set-Cookie"].must_equal "foo=bar; SameSite=Lax" end it "can set SameSite cookies with boolean value true" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", same_site: true } response["Set-Cookie"].must_equal "foo=bar; SameSite=Strict" end it "can set SameSite cookies with symbol value :strict" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", same_site: :strict } response["Set-Cookie"].must_equal "foo=bar; SameSite=Strict" end it "can set SameSite cookies with symbol value :Strict" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", same_site: :Strict } response["Set-Cookie"].must_equal "foo=bar; SameSite=Strict" end it "can set SameSite cookies with string value 'Strict'" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", same_site: "Strict" } response["Set-Cookie"].must_equal "foo=bar; SameSite=Strict" end it "validates the SameSite option value" do response = Rack::Response.new lambda { response.set_cookie "foo", { value: "bar", same_site: "Foo" } }.must_raise(ArgumentError). message.must_match(/Invalid SameSite value: "Foo"/) end it "can set SameSite cookies with symbol value" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", same_site: :Strict } response["Set-Cookie"].must_equal "foo=bar; SameSite=Strict" end [ nil, false ].each do |non_truthy| it "omits SameSite attribute given a #{non_truthy.inspect} value" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", same_site: non_truthy } response["Set-Cookie"].must_equal "foo=bar" end end it "can delete cookies" do response = Rack::Response.new response.set_cookie "foo", "bar" response.set_cookie "foo2", "bar2" response.delete_cookie "foo" response["Set-Cookie"].must_equal [ "foo2=bar2", "foo=; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT" ].join("\n") end it "can delete cookies with the same name from multiple domains" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", domain: "sample.example.com" } response.set_cookie "foo", { value: "bar", domain: ".example.com" } response["Set-Cookie"].must_equal ["foo=bar; domain=sample.example.com", "foo=bar; domain=.example.com"].join("\n") response.delete_cookie "foo", domain: ".example.com" response["Set-Cookie"].must_equal ["foo=bar; domain=sample.example.com", "foo=; domain=.example.com; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT"].join("\n") response.delete_cookie "foo", domain: "sample.example.com" response["Set-Cookie"].must_equal ["foo=; domain=.example.com; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT", "foo=; domain=sample.example.com; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT"].join("\n") end it "can delete cookies with the same name with different paths" do response = Rack::Response.new response.set_cookie "foo", { value: "bar", path: "/" } response.set_cookie "foo", { value: "bar", path: "/path" } response["Set-Cookie"].must_equal ["foo=bar; path=/", "foo=bar; path=/path"].join("\n") response.delete_cookie "foo", path: "/path" response["Set-Cookie"].must_equal ["foo=bar; path=/", "foo=; path=/path; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT"].join("\n") end it "can do redirects" do response = Rack::Response.new response.redirect "/foo" status, header, body = response.finish status.must_equal 302 header["Location"].must_equal "/foo" response = Rack::Response.new response.redirect "/foo", 307 status, header, body = response.finish status.must_equal 307 end it "has a useful constructor" do r = Rack::Response.new("foo") status, header, body = r.finish str = "".dup; body.each { |part| str << part } str.must_equal "foo" r = Rack::Response.new(["foo", "bar"]) status, header, body = r.finish str = "".dup; body.each { |part| str << part } str.must_equal "foobar" object_with_each = Object.new def object_with_each.each yield "foo" yield "bar" end r = Rack::Response.new(object_with_each) r.write "foo" status, header, body = r.finish str = "".dup; body.each { |part| str << part } str.must_equal "foobarfoo" r = Rack::Response.new([], 500) r.status.must_equal 500 r = Rack::Response.new([], "200 OK") r.status.must_equal 200 end it "has a constructor that can take a block" do r = Rack::Response.new { |res| res.status = 404 res.write "foo" } status, _, body = r.finish str = "".dup; body.each { |part| str << part } str.must_equal "foo" status.must_equal 404 end it "doesn't return invalid responses" do r = Rack::Response.new(["foo", "bar"], 204) _, header, body = r.finish str = "".dup; body.each { |part| str << part } str.must_be :empty? header["Content-Type"].must_be_nil header['Content-Length'].must_be_nil lambda { Rack::Response.new(Object.new).each{} }.must_raise(NoMethodError). message.must_match(/undefined method .each. for/) end it "knows if it's empty" do r = Rack::Response.new r.must_be :empty? r.write "foo" r.wont_be :empty? r = Rack::Response.new r.must_be :empty? r.finish r.must_be :empty? r = Rack::Response.new r.must_be :empty? r.finish { } r.wont_be :empty? end it "provide access to the HTTP status" do res = Rack::Response.new res.status = 200 res.must_be :successful? res.must_be :ok? res.status = 201 res.must_be :successful? res.must_be :created? res.status = 202 res.must_be :successful? res.must_be :accepted? res.status = 204 res.must_be :successful? res.must_be :no_content? res.status = 301 res.must_be :redirect? res.must_be :moved_permanently? res.status = 302 res.must_be :redirect? res.status = 303 res.must_be :redirect? res.status = 307 res.must_be :redirect? res.status = 308 res.must_be :redirect? res.status = 400 res.wont_be :successful? res.must_be :client_error? res.must_be :bad_request? res.status = 401 res.wont_be :successful? res.must_be :client_error? res.must_be :unauthorized? res.status = 404 res.wont_be :successful? res.must_be :client_error? res.must_be :not_found? res.status = 405 res.wont_be :successful? res.must_be :client_error? res.must_be :method_not_allowed? res.status = 412 res.wont_be :successful? res.must_be :client_error? res.must_be :precondition_failed? res.status = 422 res.wont_be :successful? res.must_be :client_error? res.must_be :unprocessable? res.status = 501 res.wont_be :successful? res.must_be :server_error? end it "provide access to the HTTP headers" do res = Rack::Response.new res["Content-Type"] = "text/yaml" res.must_include "Content-Type" res.headers["Content-Type"].must_equal "text/yaml" res["Content-Type"].must_equal "text/yaml" res.content_type.must_equal "text/yaml" res.content_length.must_be_nil res.location.must_be_nil end it "does not add or change Content-Length when #finish()ing" do res = Rack::Response.new res.status = 200 res.finish res.headers["Content-Length"].must_be_nil res = Rack::Response.new res.status = 200 res.headers["Content-Length"] = "10" res.finish res.headers["Content-Length"].must_equal "10" end it "updates Content-Length when body appended to using #write" do res = Rack::Response.new res.status = 200 res.headers["Content-Length"].must_be_nil res.write "Hi" res.headers["Content-Length"].must_equal "2" res.write " there" res.headers["Content-Length"].must_equal "8" end it "does not wrap body" do body = Object.new res = Rack::Response.new(body) # It was passed through unchanged: res.finish.last.must_equal body end it "does wraps body when using #write" do body = ["Foo"] res = Rack::Response.new(body) # Write something using the response object: res.write("Bar") # The original body was not modified: body.must_equal ["Foo"] # But a new buffered body was created: res.finish.last.must_equal ["Foo", "Bar"] end it "calls close on #body" do res = Rack::Response.new res.body = StringIO.new res.close res.body.must_be :closed? end it "calls close on #body when 204 or 304" do res = Rack::Response.new res.body = StringIO.new res.finish res.body.wont_be :closed? res.status = 204 _, _, b = res.finish res.body.must_be :closed? b.wont_equal res.body res.body = StringIO.new res.status = 304 _, _, b = res.finish res.body.must_be :closed? b.wont_equal res.body end it "doesn't call close on #body when 205" do res = Rack::Response.new res.body = StringIO.new res.status = 205 _, _, b = res.finish res.body.wont_be :closed? end it "flatten doesn't cause infinite loop" do # https://github.com/rack/rack/issues/419 res = Rack::Response.new("Hello World") res.finish.flatten.must_be_kind_of(Array) end end describe Rack::Response, 'headers' do before do @response = Rack::Response.new([], 200, { 'Foo' => '1' }) end it 'has_header?' do lambda { @response.has_header? nil }.must_raise NoMethodError @response.has_header?('Foo').must_equal true @response.has_header?('foo').must_equal true end it 'get_header' do lambda { @response.get_header nil }.must_raise NoMethodError @response.get_header('Foo').must_equal '1' @response.get_header('foo').must_equal '1' end it 'set_header' do lambda { @response.set_header nil, '1' }.must_raise NoMethodError @response.set_header('Foo', '2').must_equal '2' @response.has_header?('Foo').must_equal true @response.get_header('Foo').must_equal('2') @response.set_header('Foo', nil).must_be_nil @response.has_header?('Foo').must_equal true @response.get_header('Foo').must_be_nil end it 'add_header' do lambda { @response.add_header nil, '1' }.must_raise NoMethodError # Add a value to an existing header @response.add_header('Foo', '2').must_equal '1,2' @response.get_header('Foo').must_equal '1,2' # Add nil to an existing header @response.add_header('Foo', nil).must_equal '1,2' @response.get_header('Foo').must_equal '1,2' # Add nil to a nonexistent header @response.add_header('Bar', nil).must_be_nil @response.has_header?('Bar').must_equal false @response.get_header('Bar').must_be_nil # Add a value to a nonexistent header @response.add_header('Bar', '1').must_equal '1' @response.has_header?('Bar').must_equal true @response.get_header('Bar').must_equal '1' end it 'delete_header' do lambda { @response.delete_header nil }.must_raise NoMethodError @response.delete_header('Foo').must_equal '1' (!!@response.has_header?('Foo')).must_equal false @response.delete_header('Foo').must_be_nil @response.has_header?('Foo').must_equal false @response.set_header('Foo', 1) @response.delete_header('foo').must_equal 1 @response.has_header?('Foo').must_equal false end end rack-2.1.4/test/spec_rewindable_input.rb000066400000000000000000000056331367177163600203370ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'stringio' require 'rack/rewindable_input' module RewindableTest extend Minitest::Spec::DSL def setup @rio = Rack::RewindableInput.new(@io) end class << self # HACK to get this running w/ as few changes as possible alias_method :should, :it end it "be able to handle to read()" do @rio.read.must_equal "hello world" end it "be able to handle to read(nil)" do @rio.read(nil).must_equal "hello world" end it "be able to handle to read(length)" do @rio.read(1).must_equal "h" end it "be able to handle to read(length, buffer)" do buffer = "".dup result = @rio.read(1, buffer) result.must_equal "h" result.object_id.must_equal buffer.object_id end it "be able to handle to read(nil, buffer)" do buffer = "".dup result = @rio.read(nil, buffer) result.must_equal "hello world" result.object_id.must_equal buffer.object_id end it "rewind to the beginning when #rewind is called" do @rio.read(1) @rio.rewind @rio.read.must_equal "hello world" end it "be able to handle gets" do @rio.gets.must_equal "hello world" end it "be able to handle each" do array = [] @rio.each do |data| array << data end array.must_equal ["hello world"] end it "not buffer into a Tempfile if no data has been read yet" do @rio.instance_variable_get(:@rewindable_io).must_be_nil end it "buffer into a Tempfile when data has been consumed for the first time" do @rio.read(1) tempfile = @rio.instance_variable_get(:@rewindable_io) tempfile.wont_be :nil? @rio.read(1) tempfile2 = @rio.instance_variable_get(:@rewindable_io) tempfile2.path.must_equal tempfile.path end it "close the underlying tempfile upon calling #close" do @rio.read(1) tempfile = @rio.instance_variable_get(:@rewindable_io) @rio.close tempfile.must_be :closed? end it "be possible to call #close when no data has been buffered yet" do @rio.close.must_be_nil end it "be possible to call #close multiple times" do @rio.close.must_be_nil @rio.close.must_be_nil end after do @rio.close @rio = nil end end describe Rack::RewindableInput do describe "given an IO object that is already rewindable" do def setup @io = StringIO.new("hello world".dup) super end include RewindableTest end describe "given an IO object that is not rewindable" do def setup @io = StringIO.new("hello world".dup) @io.instance_eval do undef :rewind end super end include RewindableTest end describe "given an IO object whose rewind method raises Errno::ESPIPE" do def setup @io = StringIO.new("hello world".dup) def @io.rewind raise Errno::ESPIPE, "You can't rewind this!" end super end include RewindableTest end end rack-2.1.4/test/spec_runtime.rb000066400000000000000000000031701367177163600164610ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/lint' require 'rack/mock' require 'rack/runtime' describe Rack::Runtime do def runtime_app(app, *args) Rack::Lint.new Rack::Runtime.new(app, *args) end def request Rack::MockRequest.env_for end it "sets X-Runtime is none is set" do app = lambda { |env| [200, { 'Content-Type' => 'text/plain' }, "Hello, World!"] } response = runtime_app(app).call(request) response[1]['X-Runtime'].must_match(/[\d\.]+/) end it "doesn't set the X-Runtime if it is already set" do app = lambda { |env| [200, { 'Content-Type' => 'text/plain', "X-Runtime" => "foobar" }, "Hello, World!"] } response = runtime_app(app).call(request) response[1]['X-Runtime'].must_equal "foobar" end it "allow a suffix to be set" do app = lambda { |env| [200, { 'Content-Type' => 'text/plain' }, "Hello, World!"] } response = runtime_app(app, "Test").call(request) response[1]['X-Runtime-Test'].must_match(/[\d\.]+/) end it "allow multiple timers to be set" do app = lambda { |env| sleep 0.1; [200, { 'Content-Type' => 'text/plain' }, "Hello, World!"] } runtime = runtime_app(app, "App") # wrap many times to guarantee a measurable difference 100.times do |i| runtime = Rack::Runtime.new(runtime, i.to_s) end runtime = Rack::Runtime.new(runtime, "All") response = runtime.call(request) response[1]['X-Runtime-App'].must_match(/[\d\.]+/) response[1]['X-Runtime-All'].must_match(/[\d\.]+/) Float(response[1]['X-Runtime-All']).must_be :>, Float(response[1]['X-Runtime-App']) end end rack-2.1.4/test/spec_sendfile.rb000066400000000000000000000133521367177163600165720ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'fileutils' require 'rack/lint' require 'rack/sendfile' require 'rack/mock' require 'tmpdir' describe Rack::Sendfile do def sendfile_body(filename = "rack_sendfile") FileUtils.touch File.join(Dir.tmpdir, filename) res = ['Hello World'] res.define_singleton_method(:to_path) { File.join(Dir.tmpdir, filename) } res end def simple_app(body = sendfile_body) lambda { |env| [200, { 'Content-Type' => 'text/plain' }, body] } end def sendfile_app(body, mappings = []) Rack::Lint.new Rack::Sendfile.new(simple_app(body), nil, mappings) end def request(headers = {}, body = sendfile_body, mappings = []) yield Rack::MockRequest.new(sendfile_app(body, mappings)).get('/', headers) end def open_file(path) Class.new(File) do unless method_defined?(:to_path) alias :to_path :path end end.open(path, 'wb+') end it "does nothing when no X-Sendfile-Type header present" do request do |response| response.must_be :ok? response.body.must_equal 'Hello World' response.headers.wont_include 'X-Sendfile' end end it "sets X-Sendfile response header and discards body" do request 'HTTP_X_SENDFILE_TYPE' => 'X-Sendfile' do |response| response.must_be :ok? response.body.must_be :empty? response.headers['Content-Length'].must_equal '0' response.headers['X-Sendfile'].must_equal File.join(Dir.tmpdir, "rack_sendfile") end end it "sets X-Lighttpd-Send-File response header and discards body" do request 'HTTP_X_SENDFILE_TYPE' => 'X-Lighttpd-Send-File' do |response| response.must_be :ok? response.body.must_be :empty? response.headers['Content-Length'].must_equal '0' response.headers['X-Lighttpd-Send-File'].must_equal File.join(Dir.tmpdir, "rack_sendfile") end end it "sets X-Accel-Redirect response header and discards body" do headers = { 'HTTP_X_SENDFILE_TYPE' => 'X-Accel-Redirect', 'HTTP_X_ACCEL_MAPPING' => "#{Dir.tmpdir}/=/foo/bar/" } request headers do |response| response.must_be :ok? response.body.must_be :empty? response.headers['Content-Length'].must_equal '0' response.headers['X-Accel-Redirect'].must_equal '/foo/bar/rack_sendfile' end end it "sets X-Accel-Redirect response header to percent-encoded path" do headers = { 'HTTP_X_SENDFILE_TYPE' => 'X-Accel-Redirect', 'HTTP_X_ACCEL_MAPPING' => "#{Dir.tmpdir}/=/foo/bar%/" } request headers, sendfile_body('file_with_%_?_symbol') do |response| response.must_be :ok? response.body.must_be :empty? response.headers['Content-Length'].must_equal '0' response.headers['X-Accel-Redirect'].must_equal '/foo/bar%25/file_with_%25_%3F_symbol' end end it 'writes to rack.error when no X-Accel-Mapping is specified' do request 'HTTP_X_SENDFILE_TYPE' => 'X-Accel-Redirect' do |response| response.must_be :ok? response.body.must_equal 'Hello World' response.headers.wont_include 'X-Accel-Redirect' response.errors.must_include 'X-Accel-Mapping' end end it 'does nothing when body does not respond to #to_path' do request({ 'HTTP_X_SENDFILE_TYPE' => 'X-Sendfile' }, ['Not a file...']) do |response| response.body.must_equal 'Not a file...' response.headers.wont_include 'X-Sendfile' end end it "sets X-Accel-Redirect response header and discards body when initialized with multiple mappings" do begin dir1 = Dir.mktmpdir dir2 = Dir.mktmpdir first_body = open_file(File.join(dir1, 'rack_sendfile')) first_body.puts 'hello world' second_body = open_file(File.join(dir2, 'rack_sendfile')) second_body.puts 'goodbye world' mappings = [ ["#{dir1}/", '/foo/bar/'], ["#{dir2}/", '/wibble/'] ] request({ 'HTTP_X_SENDFILE_TYPE' => 'X-Accel-Redirect' }, first_body, mappings) do |response| response.must_be :ok? response.body.must_be :empty? response.headers['Content-Length'].must_equal '0' response.headers['X-Accel-Redirect'].must_equal '/foo/bar/rack_sendfile' end request({ 'HTTP_X_SENDFILE_TYPE' => 'X-Accel-Redirect' }, second_body, mappings) do |response| response.must_be :ok? response.body.must_be :empty? response.headers['Content-Length'].must_equal '0' response.headers['X-Accel-Redirect'].must_equal '/wibble/rack_sendfile' end ensure FileUtils.remove_entry_secure dir1 FileUtils.remove_entry_secure dir2 end end it "sets X-Accel-Redirect response header and discards body when initialized with multiple mappings via header" do begin dir1 = Dir.mktmpdir dir2 = Dir.mktmpdir first_body = open_file(File.join(dir1, 'rack_sendfile')) first_body.puts 'hello world' second_body = open_file(File.join(dir2, 'rack_sendfile')) second_body.puts 'goodbye world' headers = { 'HTTP_X_SENDFILE_TYPE' => 'X-Accel-Redirect', 'HTTP_X_ACCEL_MAPPING' => "#{dir1}/=/foo/bar/, #{dir2}/=/wibble/" } request(headers, first_body) do |response| response.must_be :ok? response.body.must_be :empty? response.headers['Content-Length'].must_equal '0' response.headers['X-Accel-Redirect'].must_equal '/foo/bar/rack_sendfile' end request(headers, second_body) do |response| response.must_be :ok? response.body.must_be :empty? response.headers['Content-Length'].must_equal '0' response.headers['X-Accel-Redirect'].must_equal '/wibble/rack_sendfile' end ensure FileUtils.remove_entry_secure dir1 FileUtils.remove_entry_secure dir2 end end end rack-2.1.4/test/spec_server.rb000066400000000000000000000152121367177163600163040ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack' require 'rack/server' require 'tempfile' require 'socket' require 'open-uri' module Minitest::Spec::DSL alias :should :it end describe Rack::Server do SPEC_ARGV = [] before { SPEC_ARGV[0..-1] = [] } def app lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ['success']] } end def with_stderr old, $stderr = $stderr, StringIO.new yield $stderr ensure $stderr = old end it "overrides :config if :app is passed in" do server = Rack::Server.new(app: "FOO") server.app.must_equal "FOO" end it "prefer to use :builder when it is passed in" do server = Rack::Server.new(builder: "run lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['success']] }") server.app.class.must_equal Proc Rack::MockRequest.new(server.app).get("/").body.to_s.must_equal 'success' end it "allow subclasses to override middleware" do server = Class.new(Rack::Server).class_eval { def middleware; Hash.new [] end; self } server.middleware['deployment'].wont_equal [] server.new(app: 'foo').middleware['deployment'].must_equal [] end it "allow subclasses to override default middleware" do server = Class.new(Rack::Server).instance_eval { def default_middleware_by_environment; Hash.new [] end; self } server.middleware['deployment'].must_equal [] server.new(app: 'foo').middleware['deployment'].must_equal [] end it "only provide default middleware for development and deployment environments" do Rack::Server.default_middleware_by_environment.keys.sort.must_equal %w(deployment development) end it "always return an empty array for unknown environments" do server = Rack::Server.new(app: 'foo') server.middleware['production'].must_equal [] end it "not include Rack::Lint in deployment environment" do server = Rack::Server.new(app: 'foo') server.middleware['deployment'].flatten.wont_include Rack::Lint end it "not include Rack::ShowExceptions in deployment environment" do server = Rack::Server.new(app: 'foo') server.middleware['deployment'].flatten.wont_include Rack::ShowExceptions end it "include Rack::TempfileReaper in deployment environment" do server = Rack::Server.new(app: 'foo') server.middleware['deployment'].flatten.must_include Rack::TempfileReaper end it "support CGI" do begin o, ENV["REQUEST_METHOD"] = ENV["REQUEST_METHOD"], 'foo' server = Rack::Server.new(app: 'foo') server.server.name =~ /CGI/ Rack::Server.logging_middleware.call(server).must_be_nil ensure ENV['REQUEST_METHOD'] = o end end it "be quiet if said so" do server = Rack::Server.new(app: "FOO", quiet: true) Rack::Server.logging_middleware.call(server).must_be_nil end it "use a full path to the pidfile" do # avoids issues with daemonize chdir opts = Rack::Server.new.send(:parse_options, %w[--pid testing.pid]) opts[:pid].must_equal ::File.expand_path('testing.pid') end it "get options from ARGV" do SPEC_ARGV[0..-1] = ['--debug', '-sthin', '--env', 'production'] server = Rack::Server.new server.options[:debug].must_equal true server.options[:server].must_equal 'thin' server.options[:environment].must_equal 'production' end it "only override non-passed options from parsed .ru file" do builder_file = File.join(File.dirname(__FILE__), 'builder', 'options.ru') SPEC_ARGV[0..-1] = ['--debug', '-sthin', '--env', 'production', builder_file] server = Rack::Server.new server.app # force .ru file to be parsed server.options[:debug].must_equal true server.options[:server].must_equal 'thin' server.options[:environment].must_equal 'production' server.options[:Port].must_equal '2929' end it "run a server" do pidfile = Tempfile.open('pidfile') { |f| break f } FileUtils.rm pidfile.path server = Rack::Server.new( app: app, environment: 'none', pid: pidfile.path, Port: TCPServer.open('127.0.0.1', 0){|s| s.addr[1] }, Host: '127.0.0.1', Logger: WEBrick::Log.new(nil, WEBrick::BasicLog::WARN), AccessLog: [], daemonize: false, server: 'webrick' ) t = Thread.new { server.start { |s| Thread.current[:server] = s } } t.join(0.01) until t[:server] && t[:server].status != :Stop body = if URI.respond_to?(:open) URI.open("http://127.0.0.1:#{server.options[:Port]}/") { |f| f.read } else open("http://127.0.0.1:#{server.options[:Port]}/") { |f| f.read } end body.must_equal 'success' Process.kill(:INT, $$) t.join open(pidfile.path) { |f| f.read.must_equal $$.to_s } end it "check pid file presence and running process" do pidfile = Tempfile.open('pidfile') { |f| f.write($$); break f }.path server = Rack::Server.new(pid: pidfile) server.send(:pidfile_process_status).must_equal :running end it "check pid file presence and dead process" do dead_pid = `echo $$`.to_i pidfile = Tempfile.open('pidfile') { |f| f.write(dead_pid); break f }.path server = Rack::Server.new(pid: pidfile) server.send(:pidfile_process_status).must_equal :dead end it "check pid file presence and exited process" do pidfile = Tempfile.open('pidfile') { |f| break f }.path ::File.delete(pidfile) server = Rack::Server.new(pid: pidfile) server.send(:pidfile_process_status).must_equal :exited end it "check pid file presence and not owned process" do owns_pid_1 = (Process.kill(0, 1) rescue nil) == 1 skip "cannot test if pid 1 owner matches current process (eg. docker/lxc)" if owns_pid_1 pidfile = Tempfile.open('pidfile') { |f| f.write(1); break f }.path server = Rack::Server.new(pid: pidfile) server.send(:pidfile_process_status).must_equal :not_owned end it "not write pid file when it is created after check" do pidfile = Tempfile.open('pidfile') { |f| break f }.path ::File.delete(pidfile) server = Rack::Server.new(pid: pidfile) ::File.open(pidfile, 'w') { |f| f.write(1) } with_stderr do |err| lambda { server.send(:write_pid) }.must_raise SystemExit err.rewind output = err.read output.must_match(/already running/) output.must_include pidfile end end it "inform the user about existing pidfiles with running processes" do pidfile = Tempfile.open('pidfile') { |f| f.write(1); break f }.path server = Rack::Server.new(pid: pidfile) with_stderr do |err| lambda { server.start }.must_raise SystemExit err.rewind output = err.read output.must_match(/already running/) output.must_include pidfile end end end rack-2.1.4/test/spec_session_abstract_id.rb000066400000000000000000000013401367177163600210150ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' ### WARNING: there be hax in this file. require 'rack/session/abstract/id' describe Rack::Session::Abstract::ID do attr_reader :id def setup super @id = Rack::Session::Abstract::ID end it "use securerandom" do assert_equal ::SecureRandom, id::DEFAULT_OPTIONS[:secure_random] id = @id.new nil assert_equal ::SecureRandom, id.sid_secure end it "allow to use another securerandom provider" do secure_random = Class.new do def hex(*args) 'fake_hex' end end id = Rack::Session::Abstract::ID.new nil, secure_random: secure_random.new id.send(:generate_sid).must_equal 'fake_hex' end end rack-2.1.4/test/spec_session_abstract_session_hash.rb000066400000000000000000000023651367177163600231170ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/session/abstract/id' describe Rack::Session::Abstract::SessionHash do attr_reader :hash def setup super store = Class.new do def load_session(req) ["id", { foo: :bar, baz: :qux }] end def session_exists?(req) true end end @hash = Rack::Session::Abstract::SessionHash.new(store.new, nil) end it "returns keys" do assert_equal ["foo", "baz"], hash.keys end it "returns values" do assert_equal [:bar, :qux], hash.values end describe "#fetch" do it "returns value for a matching key" do assert_equal :bar, hash.fetch(:foo) end it "works with a default value" do assert_equal :default, hash.fetch(:unknown, :default) end it "works with a block" do assert_equal :default, hash.fetch(:unkown) { :default } end it "it raises when fetching unknown keys without defaults" do lambda { hash.fetch(:unknown) }.must_raise KeyError end end describe "#stringify_keys" do it "returns hash or session hash with keys stringified" do assert_equal({ "foo" => :bar, "baz" => :qux }, hash.send(:stringify_keys, hash).to_h) end end end rack-2.1.4/test/spec_session_cookie.rb000066400000000000000000000346661367177163600200300ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/session/cookie' require 'rack/lint' require 'rack/mock' describe Rack::Session::Cookie do incrementor = lambda do |env| env["rack.session"]["counter"] ||= 0 env["rack.session"]["counter"] += 1 hash = env["rack.session"].dup hash.delete("session_id") Rack::Response.new(hash.inspect).to_a end session_id = lambda do |env| Rack::Response.new(env["rack.session"].to_hash.inspect).to_a end session_option = lambda do |opt| lambda do |env| Rack::Response.new(env["rack.session.options"][opt].inspect).to_a end end nothing = lambda do |env| Rack::Response.new("Nothing").to_a end renewer = lambda do |env| env["rack.session.options"][:renew] = true Rack::Response.new("Nothing").to_a end only_session_id = lambda do |env| Rack::Response.new(env["rack.session"]["session_id"].to_s).to_a end bigcookie = lambda do |env| env["rack.session"]["cookie"] = "big" * 3000 Rack::Response.new(env["rack.session"].inspect).to_a end destroy_session = lambda do |env| env["rack.session"].destroy Rack::Response.new("Nothing").to_a end def response_for(options = {}) request_options = options.fetch(:request, {}) cookie = if options[:cookie].is_a?(Rack::Response) options[:cookie]["Set-Cookie"] else options[:cookie] end request_options["HTTP_COOKIE"] = cookie || "" app_with_cookie = Rack::Session::Cookie.new(*options[:app]) app_with_cookie = Rack::Lint.new(app_with_cookie) Rack::MockRequest.new(app_with_cookie).get("/", request_options) end before do @warnings = warnings = [] Rack::Session::Cookie.class_eval do define_method(:warn) { |m| warnings << m } end end after do Rack::Session::Cookie.class_eval { remove_method :warn } end describe 'Base64' do it 'uses base64 to encode' do coder = Rack::Session::Cookie::Base64.new str = 'fuuuuu' coder.encode(str).must_equal [str].pack('m0') end it 'uses base64 to decode' do coder = Rack::Session::Cookie::Base64.new str = ['fuuuuu'].pack('m0') coder.decode(str).must_equal str.unpack('m0').first end it 'handles non-strict base64 encoding' do coder = Rack::Session::Cookie::Base64.new str = ['A' * 256].pack('m') coder.decode(str).must_equal 'A' * 256 end describe 'Marshal' do it 'marshals and base64 encodes' do coder = Rack::Session::Cookie::Base64::Marshal.new str = 'fuuuuu' coder.encode(str).must_equal [::Marshal.dump(str)].pack('m0') end it 'marshals and base64 decodes' do coder = Rack::Session::Cookie::Base64::Marshal.new str = [::Marshal.dump('fuuuuu')].pack('m0') coder.decode(str).must_equal ::Marshal.load(str.unpack('m0').first) end it 'rescues failures on decode' do coder = Rack::Session::Cookie::Base64::Marshal.new coder.decode('lulz').must_be_nil end end describe 'JSON' do it 'JSON and base64 encodes' do coder = Rack::Session::Cookie::Base64::JSON.new obj = %w[fuuuuu] coder.encode(obj).must_equal [::JSON.dump(obj)].pack('m0') end it 'JSON and base64 decodes' do coder = Rack::Session::Cookie::Base64::JSON.new str = [::JSON.dump(%w[fuuuuu])].pack('m0') coder.decode(str).must_equal ::JSON.parse(str.unpack('m0').first) end it 'rescues failures on decode' do coder = Rack::Session::Cookie::Base64::JSON.new coder.decode('lulz').must_be_nil end end describe 'ZipJSON' do it 'jsons, deflates, and base64 encodes' do coder = Rack::Session::Cookie::Base64::ZipJSON.new obj = %w[fuuuuu] json = JSON.dump(obj) coder.encode(obj).must_equal [Zlib::Deflate.deflate(json)].pack('m0') end it 'base64 decodes, inflates, and decodes json' do coder = Rack::Session::Cookie::Base64::ZipJSON.new obj = %w[fuuuuu] json = JSON.dump(obj) b64 = [Zlib::Deflate.deflate(json)].pack('m0') coder.decode(b64).must_equal obj end it 'rescues failures on decode' do coder = Rack::Session::Cookie::Base64::ZipJSON.new coder.decode('lulz').must_be_nil end end end it "warns if no secret is given" do Rack::Session::Cookie.new(incrementor) @warnings.first.must_match(/no secret/i) @warnings.clear Rack::Session::Cookie.new(incrementor, secret: 'abc') @warnings.must_be :empty? end it "doesn't warn if coder is configured to handle encoding" do Rack::Session::Cookie.new( incrementor, coder: Object.new, let_coder_handle_secure_encoding: true) @warnings.must_be :empty? end it "still warns if coder is not set" do Rack::Session::Cookie.new( incrementor, let_coder_handle_secure_encoding: true) @warnings.first.must_match(/no secret/i) end it 'uses a coder' do identity = Class.new { attr_reader :calls def initialize @calls = [] end def encode(str); @calls << :encode; str; end def decode(str); @calls << :decode; str; end }.new response = response_for(app: [incrementor, { coder: identity }]) response["Set-Cookie"].must_include "rack.session=" response.body.must_equal '{"counter"=>1}' identity.calls.must_equal [:decode, :encode] end it "creates a new cookie" do response = response_for(app: incrementor) response["Set-Cookie"].must_include "rack.session=" response.body.must_equal '{"counter"=>1}' end it "loads from a cookie" do response = response_for(app: incrementor) response = response_for(app: incrementor, cookie: response) response.body.must_equal '{"counter"=>2}' response = response_for(app: incrementor, cookie: response) response.body.must_equal '{"counter"=>3}' end it "renew session id" do response = response_for(app: incrementor) cookie = response['Set-Cookie'] response = response_for(app: only_session_id, cookie: cookie) cookie = response['Set-Cookie'] if response['Set-Cookie'] response.body.wont_equal "" old_session_id = response.body response = response_for(app: renewer, cookie: cookie) cookie = response['Set-Cookie'] if response['Set-Cookie'] response = response_for(app: only_session_id, cookie: cookie) response.body.wont_equal "" response.body.wont_equal old_session_id end it "destroys session" do response = response_for(app: incrementor) response = response_for(app: only_session_id, cookie: response) response.body.wont_equal "" old_session_id = response.body response = response_for(app: destroy_session, cookie: response) response = response_for(app: only_session_id, cookie: response) response.body.wont_equal "" response.body.wont_equal old_session_id end it "survives broken cookies" do response = response_for( app: incrementor, cookie: "rack.session=blarghfasel" ) response.body.must_equal '{"counter"=>1}' response = response_for( app: [incrementor, { secret: "test" }], cookie: "rack.session=" ) response.body.must_equal '{"counter"=>1}' end it "barks on too big cookies" do lambda{ response_for(app: bigcookie, request: { fatal: true }) }.must_raise Rack::MockRequest::FatalWarning end it "loads from a cookie with integrity hash" do app = [incrementor, { secret: "test" }] response = response_for(app: app) response = response_for(app: app, cookie: response) response.body.must_equal '{"counter"=>2}' response = response_for(app: app, cookie: response) response.body.must_equal '{"counter"=>3}' app = [incrementor, { secret: "other" }] response = response_for(app: app, cookie: response) response.body.must_equal '{"counter"=>1}' end it "loads from a cookie with accept-only integrity hash for graceful key rotation" do response = response_for(app: [incrementor, { secret: "test" }]) app = [incrementor, { secret: "test2", old_secret: "test" }] response = response_for(app: app, cookie: response) response.body.must_equal '{"counter"=>2}' app = [incrementor, { secret: "test3", old_secret: "test2" }] response = response_for(app: app, cookie: response) response.body.must_equal '{"counter"=>3}' end it "ignores tampered with session cookies" do app = [incrementor, { secret: "test" }] response = response_for(app: app) response.body.must_equal '{"counter"=>1}' response = response_for(app: app, cookie: response) response.body.must_equal '{"counter"=>2}' _, digest = response["Set-Cookie"].split("--") tampered_with_cookie = "hackerman-was-here" + "--" + digest response = response_for(app: app, cookie: tampered_with_cookie) response.body.must_equal '{"counter"=>1}' end it "supports either of secret or old_secret" do app = [incrementor, { secret: "test" }] response = response_for(app: app) response.body.must_equal '{"counter"=>1}' response = response_for(app: app, cookie: response) response.body.must_equal '{"counter"=>2}' app = [incrementor, { old_secret: "test" }] response = response_for(app: app) response.body.must_equal '{"counter"=>1}' response = response_for(app: app, cookie: response) response.body.must_equal '{"counter"=>2}' end it "supports custom digest class" do app = [incrementor, { secret: "test", hmac: OpenSSL::Digest::SHA256 }] response = response_for(app: app) response = response_for(app: app, cookie: response) response.body.must_equal '{"counter"=>2}' response = response_for(app: app, cookie: response) response.body.must_equal '{"counter"=>3}' app = [incrementor, { secret: "other" }] response = response_for(app: app, cookie: response) response.body.must_equal '{"counter"=>1}' end it "can handle Rack::Lint middleware" do response = response_for(app: incrementor) lint = Rack::Lint.new(session_id) response = response_for(app: lint, cookie: response) response.body.wont_be :nil? end it "can handle middleware that inspects the env" do class TestEnvInspector def initialize(app) @app = app end def call(env) env.inspect @app.call(env) end end response = response_for(app: incrementor) inspector = TestEnvInspector.new(session_id) response = response_for(app: inspector, cookie: response) response.body.wont_be :nil? end it "returns the session id in the session hash" do response = response_for(app: incrementor) response.body.must_equal '{"counter"=>1}' response = response_for(app: session_id, cookie: response) response.body.must_match(/"session_id"=>/) response.body.must_match(/"counter"=>1/) end it "does not return a cookie if set to secure but not using ssl" do app = [incrementor, { secure: true }] response = response_for(app: app) response["Set-Cookie"].must_be_nil response = response_for(app: app, request: { "HTTPS" => "on" }) response["Set-Cookie"].wont_be :nil? response["Set-Cookie"].must_match(/secure/) end it "does not return a cookie if cookie was not read/written" do response = response_for(app: nothing) response["Set-Cookie"].must_be_nil end it "does not return a cookie if cookie was not written (only read)" do response = response_for(app: session_id) response["Set-Cookie"].must_be_nil end it "returns even if not read/written if :expire_after is set" do app = [nothing, { expire_after: 3600 }] request = { "rack.session" => { "not" => "empty" } } response = response_for(app: app, request: request) response["Set-Cookie"].wont_be :nil? end it "returns no cookie if no data was written and no session was created previously, even if :expire_after is set" do app = [nothing, { expire_after: 3600 }] response = response_for(app: app) response["Set-Cookie"].must_be_nil end it "exposes :secret in env['rack.session.option']" do response = response_for(app: [session_option[:secret], { secret: "foo" }]) response.body.must_equal '"foo"' end it "exposes :coder in env['rack.session.option']" do response = response_for(app: session_option[:coder]) response.body.must_match(/Base64::Marshal/) end it "allows passing in a hash with session data from middleware in front" do request = { 'rack.session' => { foo: 'bar' } } response = response_for(app: session_id, request: request) response.body.must_match(/foo/) end it "allows modifying session data with session data from middleware in front" do request = { 'rack.session' => { foo: 'bar' } } response = response_for(app: incrementor, request: request) response.body.must_match(/counter/) response.body.must_match(/foo/) end it "allows more than one '--' in the cookie when calculating digests" do @counter = 0 app = lambda do |env| env["rack.session"]["message"] ||= "" env["rack.session"]["message"] += "#{(@counter += 1).to_s}--" hash = env["rack.session"].dup hash.delete("session_id") Rack::Response.new(hash["message"]).to_a end # another example of an unsafe coder is Base64.urlsafe_encode64 unsafe_coder = Class.new { def encode(hash); hash.inspect end def decode(str); eval(str) if str; end }.new _app = [ app, { secret: "test", coder: unsafe_coder } ] response = response_for(app: _app) response.body.must_equal "1--" response = response_for(app: _app, cookie: response) response.body.must_equal "1--2--" end it 'allows for non-strict encoded cookie' do long_session_app = lambda do |env| env['rack.session']['value'] = 'A' * 256 env['rack.session']['counter'] = 1 hash = env["rack.session"].dup hash.delete("session_id") Rack::Response.new(hash.inspect).to_a end non_strict_coder = Class.new { def encode(str) [Marshal.dump(str)].pack('m') end def decode(str) return unless str Marshal.load(str.unpack('m').first) end }.new non_strict_response = response_for(app: [ long_session_app, { coder: non_strict_coder } ]) response = response_for(app: [ incrementor ], cookie: non_strict_response) response.body.must_match %Q["value"=>"#{'A' * 256}"] response.body.must_match '"counter"=>2' response.body.must_match(/\A{[^}]+}\z/) end end rack-2.1.4/test/spec_session_persisted_secure_secure_session_hash.rb000066400000000000000000000034671367177163600262360ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/session/abstract/id' describe Rack::Session::Abstract::PersistedSecure::SecureSessionHash do attr_reader :hash def setup super @store = Class.new do def load_session(req) [Rack::Session::SessionId.new("id"), { foo: :bar, baz: :qux }] end def session_exists?(req) true end end @hash = Rack::Session::Abstract::PersistedSecure::SecureSessionHash.new(@store.new, nil) end it "returns keys" do assert_equal ["foo", "baz"], hash.keys end it "returns values" do assert_equal [:bar, :qux], hash.values end describe "#[]" do it "returns value for a matching key" do assert_equal :bar, hash[:foo] end it "returns value for a 'session_id' key" do assert_equal "id", hash['session_id'] end it "returns nil value for missing 'session_id' key" do store = @store.new def store.load_session(req) [nil, {}] end @hash = Rack::Session::Abstract::PersistedSecure::SecureSessionHash.new(store, nil) assert_nil hash['session_id'] end end describe "#fetch" do it "returns value for a matching key" do assert_equal :bar, hash.fetch(:foo) end it "works with a default value" do assert_equal :default, hash.fetch(:unknown, :default) end it "works with a block" do assert_equal :default, hash.fetch(:unkown) { :default } end it "it raises when fetching unknown keys without defaults" do lambda { hash.fetch(:unknown) }.must_raise KeyError end end describe "#stringify_keys" do it "returns hash or session hash with keys stringified" do assert_equal({ "foo" => :bar, "baz" => :qux }, hash.send(:stringify_keys, hash).to_h) end end end rack-2.1.4/test/spec_session_pool.rb000066400000000000000000000174611367177163600175220ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'thread' require 'rack/lint' require 'rack/mock' require 'rack/session/pool' describe Rack::Session::Pool do session_key = Rack::Session::Pool::DEFAULT_OPTIONS[:key] session_match = /#{session_key}=([0-9a-fA-F]+);/ incrementor = lambda do |env| env["rack.session"]["counter"] ||= 0 env["rack.session"]["counter"] += 1 Rack::Response.new(env["rack.session"].inspect).to_a end get_session_id = Rack::Lint.new(lambda do |env| Rack::Response.new(env["rack.session"].inspect).to_a end) nothing = Rack::Lint.new(lambda do |env| Rack::Response.new("Nothing").to_a end) drop_session = Rack::Lint.new(lambda do |env| env['rack.session.options'][:drop] = true incrementor.call(env) end) renew_session = Rack::Lint.new(lambda do |env| env['rack.session.options'][:renew] = true incrementor.call(env) end) defer_session = Rack::Lint.new(lambda do |env| env['rack.session.options'][:defer] = true incrementor.call(env) end) incrementor = Rack::Lint.new(incrementor) it "creates a new cookie" do pool = Rack::Session::Pool.new(incrementor) res = Rack::MockRequest.new(pool).get("/") res["Set-Cookie"].must_match(session_match) res.body.must_equal '{"counter"=>1}' end it "determines session from a cookie" do pool = Rack::Session::Pool.new(incrementor) req = Rack::MockRequest.new(pool) cookie = req.get("/")["Set-Cookie"] req.get("/", "HTTP_COOKIE" => cookie). body.must_equal '{"counter"=>2}' req.get("/", "HTTP_COOKIE" => cookie). body.must_equal '{"counter"=>3}' end it "survives nonexistant cookies" do pool = Rack::Session::Pool.new(incrementor) res = Rack::MockRequest.new(pool). get("/", "HTTP_COOKIE" => "#{session_key}=blarghfasel") res.body.must_equal '{"counter"=>1}' end it "does not send the same session id if it did not change" do pool = Rack::Session::Pool.new(incrementor) req = Rack::MockRequest.new(pool) res0 = req.get("/") cookie = res0["Set-Cookie"][session_match] res0.body.must_equal '{"counter"=>1}' pool.pool.size.must_equal 1 res1 = req.get("/", "HTTP_COOKIE" => cookie) res1["Set-Cookie"].must_be_nil res1.body.must_equal '{"counter"=>2}' pool.pool.size.must_equal 1 res2 = req.get("/", "HTTP_COOKIE" => cookie) res2["Set-Cookie"].must_be_nil res2.body.must_equal '{"counter"=>3}' pool.pool.size.must_equal 1 end it "deletes cookies with :drop option" do pool = Rack::Session::Pool.new(incrementor) req = Rack::MockRequest.new(pool) drop = Rack::Utils::Context.new(pool, drop_session) dreq = Rack::MockRequest.new(drop) res1 = req.get("/") session = (cookie = res1["Set-Cookie"])[session_match] res1.body.must_equal '{"counter"=>1}' pool.pool.size.must_equal 1 res2 = dreq.get("/", "HTTP_COOKIE" => cookie) res2["Set-Cookie"].must_be_nil res2.body.must_equal '{"counter"=>2}' pool.pool.size.must_equal 0 res3 = req.get("/", "HTTP_COOKIE" => cookie) res3["Set-Cookie"][session_match].wont_equal session res3.body.must_equal '{"counter"=>1}' pool.pool.size.must_equal 1 end it "provides new session id with :renew option" do pool = Rack::Session::Pool.new(incrementor) req = Rack::MockRequest.new(pool) renew = Rack::Utils::Context.new(pool, renew_session) rreq = Rack::MockRequest.new(renew) res1 = req.get("/") session = (cookie = res1["Set-Cookie"])[session_match] res1.body.must_equal '{"counter"=>1}' pool.pool.size.must_equal 1 res2 = rreq.get("/", "HTTP_COOKIE" => cookie) new_cookie = res2["Set-Cookie"] new_session = new_cookie[session_match] new_session.wont_equal session res2.body.must_equal '{"counter"=>2}' pool.pool.size.must_equal 1 res3 = req.get("/", "HTTP_COOKIE" => new_cookie) res3.body.must_equal '{"counter"=>3}' pool.pool.size.must_equal 1 res4 = req.get("/", "HTTP_COOKIE" => cookie) res4.body.must_equal '{"counter"=>1}' pool.pool.size.must_equal 2 end it "omits cookie with :defer option" do pool = Rack::Session::Pool.new(incrementor) defer = Rack::Utils::Context.new(pool, defer_session) dreq = Rack::MockRequest.new(defer) res1 = dreq.get("/") res1["Set-Cookie"].must_be_nil res1.body.must_equal '{"counter"=>1}' pool.pool.size.must_equal 1 end it "can read the session with the legacy id" do pool = Rack::Session::Pool.new(incrementor) req = Rack::MockRequest.new(pool) res0 = req.get("/") cookie = res0["Set-Cookie"] session_id = Rack::Session::SessionId.new cookie[session_match, 1] ses0 = pool.pool[session_id.private_id] pool.pool[session_id.public_id] = ses0 pool.pool.delete(session_id.private_id) res1 = req.get("/", "HTTP_COOKIE" => cookie) res1["Set-Cookie"].must_be_nil res1.body.must_equal '{"counter"=>2}' pool.pool[session_id.private_id].wont_be_nil end it "drops the session in the legacy id as well" do pool = Rack::Session::Pool.new(incrementor) req = Rack::MockRequest.new(pool) drop = Rack::Utils::Context.new(pool, drop_session) dreq = Rack::MockRequest.new(drop) res0 = req.get("/") cookie = res0["Set-Cookie"] session_id = Rack::Session::SessionId.new cookie[session_match, 1] ses0 = pool.pool[session_id.private_id] pool.pool[session_id.public_id] = ses0 pool.pool.delete(session_id.private_id) res2 = dreq.get("/", "HTTP_COOKIE" => cookie) res2["Set-Cookie"].must_be_nil res2.body.must_equal '{"counter"=>2}' pool.pool[session_id.private_id].must_be_nil pool.pool[session_id.public_id].must_be_nil end # anyone know how to do this better? it "should merge sessions when multithreaded" do unless $DEBUG 1.must_equal 1 next end warn 'Running multithread tests for Session::Pool' pool = Rack::Session::Pool.new(incrementor) req = Rack::MockRequest.new(pool) res = req.get('/') res.body.must_equal '{"counter"=>1}' cookie = res["Set-Cookie"] sess_id = cookie[/#{pool.key}=([^,;]+)/, 1] delta_incrementor = lambda do |env| # emulate disconjoinment of threading env['rack.session'] = env['rack.session'].dup Thread.stop env['rack.session'][(Time.now.usec * rand).to_i] = true incrementor.call(env) end tses = Rack::Utils::Context.new pool, delta_incrementor treq = Rack::MockRequest.new(tses) tnum = rand(7).to_i + 5 r = Array.new(tnum) do Thread.new(treq) do |run| run.get('/', "HTTP_COOKIE" => cookie, 'rack.multithread' => true) end end.reverse.map{|t| t.run.join.value } r.each do |resp| resp['Set-Cookie'].must_equal cookie resp.body.must_include '"counter"=>2' end session = pool.pool[sess_id] session.size.must_equal tnum + 1 # counter session['counter'].must_equal 2 # meeeh end it "does not return a cookie if cookie was not read/written" do app = Rack::Session::Pool.new(nothing) res = Rack::MockRequest.new(app).get("/") res["Set-Cookie"].must_be_nil end it "does not return a cookie if cookie was not written (only read)" do app = Rack::Session::Pool.new(get_session_id) res = Rack::MockRequest.new(app).get("/") res["Set-Cookie"].must_be_nil end it "returns even if not read/written if :expire_after is set" do app = Rack::Session::Pool.new(nothing, expire_after: 3600) res = Rack::MockRequest.new(app).get("/", 'rack.session' => { 'not' => 'empty' }) res["Set-Cookie"].wont_be :nil? end it "returns no cookie if no data was written and no session was created previously, even if :expire_after is set" do app = Rack::Session::Pool.new(nothing, expire_after: 3600) res = Rack::MockRequest.new(app).get("/") res["Set-Cookie"].must_be_nil end end rack-2.1.4/test/spec_show_exceptions.rb000066400000000000000000000063531367177163600202250ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/show_exceptions' require 'rack/lint' require 'rack/mock' describe Rack::ShowExceptions do def show_exceptions(app) Rack::Lint.new Rack::ShowExceptions.new(app) end it "catches exceptions" do res = nil req = Rack::MockRequest.new( show_exceptions( lambda{|env| raise RuntimeError } )) res = req.get("/", "HTTP_ACCEPT" => "text/html") res.must_be :server_error? res.status.must_equal 500 assert_match(res, /RuntimeError/) assert_match(res, /ShowExceptions/) end it "works with binary data in the Rack environment" do res = nil # "\xCC" is not a valid UTF-8 string req = Rack::MockRequest.new( show_exceptions( lambda{|env| env['foo'] = "\xCC"; raise RuntimeError } )) res = req.get("/", "HTTP_ACCEPT" => "text/html") res.must_be :server_error? res.status.must_equal 500 assert_match(res, /RuntimeError/) assert_match(res, /ShowExceptions/) end it "responds with HTML only to requests accepting HTML" do res = nil req = Rack::MockRequest.new( show_exceptions( lambda{|env| raise RuntimeError, "It was never supposed to work" } )) [ # Serve text/html when the client accepts text/html ["text/html", ["/", { "HTTP_ACCEPT" => "text/html" }]], ["text/html", ["/", { "HTTP_ACCEPT" => "*/*" }]], # Serve text/plain when the client does not accept text/html ["text/plain", ["/"]], ["text/plain", ["/", { "HTTP_ACCEPT" => "application/json" }]] ].each do |exmime, rargs| res = req.get(*rargs) res.must_be :server_error? res.status.must_equal 500 res.content_type.must_equal exmime res.body.must_include "RuntimeError" res.body.must_include "It was never supposed to work" if exmime == "text/html" res.body.must_include '' else res.body.wont_include '' end end end it "handles exceptions without a backtrace" do res = nil req = Rack::MockRequest.new( show_exceptions( lambda{|env| raise RuntimeError, "", [] } ) ) res = req.get("/", "HTTP_ACCEPT" => "text/html") res.must_be :server_error? res.status.must_equal 500 assert_match(res, /RuntimeError/) assert_match(res, /ShowExceptions/) assert_match(res, /unknown location/) end it "allows subclasses to override template" do c = Class.new(Rack::ShowExceptions) do TEMPLATE = ERB.new("foo") def template TEMPLATE end end app = lambda { |env| raise RuntimeError, "", [] } req = Rack::MockRequest.new( Rack::Lint.new c.new(app) ) res = req.get("/", "HTTP_ACCEPT" => "text/html") res.must_be :server_error? res.status.must_equal 500 res.body.must_equal "foo" end it "knows to prefer plaintext for non-html" do # We don't need an app for this exc = Rack::ShowExceptions.new(nil) [ [{ "HTTP_ACCEPT" => "text/plain" }, true], [{ "HTTP_ACCEPT" => "text/foo" }, true], [{ "HTTP_ACCEPT" => "text/html" }, false] ].each do |env, expected| assert_equal(expected, exc.prefers_plaintext?(env)) end end end rack-2.1.4/test/spec_show_status.rb000066400000000000000000000054231367177163600173640ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/show_status' require 'rack/lint' require 'rack/mock' require 'rack/utils' describe Rack::ShowStatus do def show_status(app) Rack::Lint.new Rack::ShowStatus.new(app) end it "provide a default status message" do req = Rack::MockRequest.new( show_status(lambda{|env| [404, { "Content-Type" => "text/plain", "Content-Length" => "0" }, []] })) res = req.get("/", lint: true) res.must_be :not_found? res.wont_be_empty res["Content-Type"].must_equal "text/html" assert_match(res, /404/) assert_match(res, /Not Found/) end it "let the app provide additional information" do req = Rack::MockRequest.new( show_status( lambda{|env| env["rack.showstatus.detail"] = "gone too meta." [404, { "Content-Type" => "text/plain", "Content-Length" => "0" }, []] })) res = req.get("/", lint: true) res.must_be :not_found? res.wont_be_empty res["Content-Type"].must_equal "text/html" assert_match(res, /404/) assert_match(res, /Not Found/) assert_match(res, /too meta/) end it "escape error" do detail = "" req = Rack::MockRequest.new( show_status( lambda{|env| env["rack.showstatus.detail"] = detail [500, { "Content-Type" => "text/plain", "Content-Length" => "0" }, []] })) res = req.get("/", lint: true) res.wont_be_empty res["Content-Type"].must_equal "text/html" assert_match(res, /500/) res.wont_include detail res.body.must_include Rack::Utils.escape_html(detail) end it "not replace existing messages" do req = Rack::MockRequest.new( show_status( lambda{|env| [404, { "Content-Type" => "text/plain", "Content-Length" => "4" }, ["foo!"]] })) res = req.get("/", lint: true) res.must_be :not_found? res.body.must_equal "foo!" end it "pass on original headers" do headers = { "WWW-Authenticate" => "Basic blah" } req = Rack::MockRequest.new( show_status(lambda{|env| [401, headers, []] })) res = req.get("/", lint: true) res["WWW-Authenticate"].must_equal "Basic blah" end it "replace existing messages if there is detail" do req = Rack::MockRequest.new( show_status( lambda{|env| env["rack.showstatus.detail"] = "gone too meta." [404, { "Content-Type" => "text/plain", "Content-Length" => "4" }, ["foo!"]] })) res = req.get("/", lint: true) res.must_be :not_found? res.wont_be_empty res["Content-Type"].must_equal "text/html" res["Content-Length"].wont_equal "4" assert_match(res, /404/) assert_match(res, /too meta/) res.body.wont_match(/foo/) end end rack-2.1.4/test/spec_static.rb000066400000000000000000000160471367177163600162740ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/static' require 'rack/lint' require 'rack/mock' require 'zlib' require 'stringio' class DummyApp def call(env) [200, { "Content-Type" => "text/plain" }, ["Hello World"]] end end describe Rack::Static do def static(app, *args) Rack::Lint.new Rack::Static.new(app, *args) end root = File.expand_path(File.dirname(__FILE__)) OPTIONS = { urls: ["/cgi"], root: root } STATIC_OPTIONS = { urls: [""], root: "#{root}/static", index: 'index.html' } STATIC_URLS_OPTIONS = { urls: ["/static"], root: "#{root}", index: 'index.html' } HASH_OPTIONS = { urls: { "/cgi/sekret" => 'cgi/test' }, root: root } HASH_ROOT_OPTIONS = { urls: { "/" => "static/foo.html" }, root: root } GZIP_OPTIONS = { urls: ["/cgi"], root: root, gzip: true } before do @request = Rack::MockRequest.new(static(DummyApp.new, OPTIONS)) @static_request = Rack::MockRequest.new(static(DummyApp.new, STATIC_OPTIONS)) @static_urls_request = Rack::MockRequest.new(static(DummyApp.new, STATIC_URLS_OPTIONS)) @hash_request = Rack::MockRequest.new(static(DummyApp.new, HASH_OPTIONS)) @hash_root_request = Rack::MockRequest.new(static(DummyApp.new, HASH_ROOT_OPTIONS)) @gzip_request = Rack::MockRequest.new(static(DummyApp.new, GZIP_OPTIONS)) @header_request = Rack::MockRequest.new(static(DummyApp.new, HEADER_OPTIONS)) end it "serves files" do res = @request.get("/cgi/test") res.must_be :ok? res.body.must_match(/ruby/) end it "404s if url root is known but it can't find the file" do res = @request.get("/cgi/foo") res.must_be :not_found? end it "calls down the chain if url root is not known" do res = @request.get("/something/else") res.must_be :ok? res.body.must_equal "Hello World" end it "calls index file when requesting root in the given folder" do res = @static_request.get("/") res.must_be :ok? res.body.must_match(/index!/) res = @static_request.get("/other/") res.must_be :not_found? res = @static_request.get("/another/") res.must_be :ok? res.body.must_match(/another index!/) end it "does not call index file when requesting folder with unknown prefix" do res = @static_urls_request.get("/static/another/") res.must_be :ok? res.body.must_match(/index!/) res = @static_urls_request.get("/something/else/") res.must_be :ok? res.body.must_equal "Hello World" end it "doesn't call index file if :index option was omitted" do res = @request.get("/") res.body.must_equal "Hello World" end it "serves hidden files" do res = @hash_request.get("/cgi/sekret") res.must_be :ok? res.body.must_match(/ruby/) end it "calls down the chain if the URI is not specified" do res = @hash_request.get("/something/else") res.must_be :ok? res.body.must_equal "Hello World" end it "allows the root URI to be configured via hash options" do res = @hash_root_request.get("/") res.must_be :ok? res.body.must_match(/foo.html!/) end it "serves gzipped files if client accepts gzip encoding and gzip files are present" do res = @gzip_request.get("/cgi/test", 'HTTP_ACCEPT_ENCODING' => 'deflate, gzip') res.must_be :ok? res.headers['Content-Encoding'].must_equal 'gzip' res.headers['Content-Type'].must_equal 'text/plain' Zlib::GzipReader.wrap(StringIO.new(res.body), &:read).must_match(/ruby/) end it "serves regular files if client accepts gzip encoding and gzip files are not present" do res = @gzip_request.get("/cgi/rackup_stub.rb", 'HTTP_ACCEPT_ENCODING' => 'deflate, gzip') res.must_be :ok? res.headers['Content-Encoding'].must_be_nil res.headers['Content-Type'].must_equal 'text/x-script.ruby' res.body.must_match(/ruby/) end it "serves regular files if client does not accept gzip encoding" do res = @gzip_request.get("/cgi/test") res.must_be :ok? res.headers['Content-Encoding'].must_be_nil res.headers['Content-Type'].must_equal 'text/plain' res.body.must_match(/ruby/) end it "supports serving fixed cache-control (legacy option)" do opts = OPTIONS.merge(cache_control: 'public') request = Rack::MockRequest.new(static(DummyApp.new, opts)) res = request.get("/cgi/test") res.must_be :ok? res.headers['Cache-Control'].must_equal 'public' end HEADER_OPTIONS = { urls: ["/cgi"], root: root, header_rules: [ [:all, { 'Cache-Control' => 'public, max-age=100' }], [:fonts, { 'Cache-Control' => 'public, max-age=200' }], [%w(png jpg), { 'Cache-Control' => 'public, max-age=300' }], ['/cgi/assets/folder/', { 'Cache-Control' => 'public, max-age=400' }], ['cgi/assets/javascripts', { 'Cache-Control' => 'public, max-age=500' }], [/\.(css|erb)\z/, { 'Cache-Control' => 'public, max-age=600' }] ] } it "supports header rule :all" do # Headers for all files via :all shortcut res = @header_request.get('/cgi/assets/index.html') res.must_be :ok? res.headers['Cache-Control'].must_equal 'public, max-age=100' end it "supports header rule :fonts" do # Headers for web fonts via :fonts shortcut res = @header_request.get('/cgi/assets/fonts/font.eot') res.must_be :ok? res.headers['Cache-Control'].must_equal 'public, max-age=200' end it "supports file extension header rules provided as an Array" do # Headers for file extensions via array res = @header_request.get('/cgi/assets/images/image.png') res.must_be :ok? res.headers['Cache-Control'].must_equal 'public, max-age=300' end it "supports folder rules provided as a String" do # Headers for files in folder via string res = @header_request.get('/cgi/assets/folder/test.js') res.must_be :ok? res.headers['Cache-Control'].must_equal 'public, max-age=400' end it "supports folder header rules provided as a String not starting with a slash" do res = @header_request.get('/cgi/assets/javascripts/app.js') res.must_be :ok? res.headers['Cache-Control'].must_equal 'public, max-age=500' end it "supports flexible header rules provided as Regexp" do # Flexible Headers via Regexp res = @header_request.get('/cgi/assets/stylesheets/app.css') res.must_be :ok? res.headers['Cache-Control'].must_equal 'public, max-age=600' end it "prioritizes header rules over fixed cache-control setting (legacy option)" do opts = OPTIONS.merge( cache_control: 'public, max-age=24', header_rules: [ [:all, { 'Cache-Control' => 'public, max-age=42' }] ]) request = Rack::MockRequest.new(static(DummyApp.new, opts)) res = request.get("/cgi/test") res.must_be :ok? res.headers['Cache-Control'].must_equal 'public, max-age=42' end it "expands the root path upon the middleware initialization" do relative_path = STATIC_OPTIONS[:root].sub("#{Dir.pwd}/", '') opts = { urls: [""], root: relative_path, index: 'index.html' } request = Rack::MockRequest.new(static(DummyApp.new, opts)) Dir.chdir '..' do res = request.get("") res.must_be :ok? res.body.must_match(/index!/) end end end rack-2.1.4/test/spec_tempfile_reaper.rb000066400000000000000000000031751367177163600201460ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/tempfile_reaper' require 'rack/lint' require 'rack/mock' describe Rack::TempfileReaper do class MockTempfile attr_reader :closed def initialize @closed = false end def close! @closed = true end end before do @env = Rack::MockRequest.env_for end def call(app) Rack::Lint.new(Rack::TempfileReaper.new(app)).call(@env) end it 'do nothing (i.e. not bomb out) without env[rack.tempfiles]' do app = lambda { |_| [200, {}, ['Hello, World!']] } response = call(app) response[2].close response[0].must_equal 200 end it 'close env[rack.tempfiles] when body is closed' do tempfile1, tempfile2 = MockTempfile.new, MockTempfile.new @env['rack.tempfiles'] = [ tempfile1, tempfile2 ] app = lambda { |_| [200, {}, ['Hello, World!']] } call(app)[2].close tempfile1.closed.must_equal true tempfile2.closed.must_equal true end it 'initialize env[rack.tempfiles] when not already present' do tempfile = MockTempfile.new app = lambda do |env| env['rack.tempfiles'] << tempfile [200, {}, ['Hello, World!']] end call(app)[2].close tempfile.closed.must_equal true end it 'append env[rack.tempfiles] when already present' do tempfile1, tempfile2 = MockTempfile.new, MockTempfile.new @env['rack.tempfiles'] = [ tempfile1 ] app = lambda do |env| env['rack.tempfiles'] << tempfile2 [200, {}, ['Hello, World!']] end call(app)[2].close tempfile1.closed.must_equal true tempfile2.closed.must_equal true end end rack-2.1.4/test/spec_thin.rb000066400000000000000000000051301367177163600157360ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' begin require 'rack/handler/thin' require File.expand_path('../testrequest', __FILE__) require 'timeout' describe Rack::Handler::Thin do include TestRequest::Helpers before do @app = Rack::Lint.new(TestRequest.new) @server = nil Thin::Logging.silent = true @thread = Thread.new do Rack::Handler::Thin.run(@app, Host: @host = '127.0.0.1', Port: @port = 9204, tag: "tag") do |server| @server = server end end Thread.pass until @server && @server.running? end after do @server.stop! @thread.join end it "respond" do GET("/") response.wont_be :nil? end it "be a Thin" do GET("/") status.must_equal 200 response["SERVER_SOFTWARE"].must_match(/thin/) response["HTTP_VERSION"].must_equal "HTTP/1.1" response["SERVER_PROTOCOL"].must_equal "HTTP/1.1" response["SERVER_PORT"].must_equal "9204" response["SERVER_NAME"].must_equal "127.0.0.1" end it "have rack headers" do GET("/") response["rack.version"].must_equal [1, 0] response["rack.multithread"].must_equal false response["rack.multiprocess"].must_equal false response["rack.run_once"].must_equal false end it "have CGI headers on GET" do GET("/") response["REQUEST_METHOD"].must_equal "GET" response["REQUEST_PATH"].must_equal "/" response["PATH_INFO"].must_equal "/" response["QUERY_STRING"].must_equal "" response["test.postdata"].must_equal "" GET("/test/foo?quux=1") response["REQUEST_METHOD"].must_equal "GET" response["REQUEST_PATH"].must_equal "/test/foo" response["PATH_INFO"].must_equal "/test/foo" response["QUERY_STRING"].must_equal "quux=1" end it "have CGI headers on POST" do POST("/", { "rack-form-data" => "23" }, { 'X-test-header' => '42' }) status.must_equal 200 response["REQUEST_METHOD"].must_equal "POST" response["REQUEST_PATH"].must_equal "/" response["QUERY_STRING"].must_equal "" response["HTTP_X_TEST_HEADER"].must_equal "42" response["test.postdata"].must_equal "rack-form-data=23" end it "support HTTP auth" do GET("/test", { user: "ruth", passwd: "secret" }) response["HTTP_AUTHORIZATION"].must_equal "Basic cnV0aDpzZWNyZXQ=" end it "set status" do GET("/test?secret") status.must_equal 403 response["rack.url_scheme"].must_equal "http" end it "set tag for server" do @server.tag.must_equal 'tag' end end rescue LoadError $stderr.puts "Skipping Rack::Handler::Thin tests (Thin is required). `gem install thin` and try again." end rack-2.1.4/test/spec_urlmap.rb000066400000000000000000000221661367177163600163040ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/urlmap' require 'rack/mock' describe Rack::URLMap do it "dispatches paths correctly" do app = lambda { |env| [200, { 'X-ScriptName' => env['SCRIPT_NAME'], 'X-PathInfo' => env['PATH_INFO'], 'Content-Type' => 'text/plain' }, [""]] } map = Rack::Lint.new(Rack::URLMap.new({ 'http://foo.org/bar' => app, '/foo' => app, '/foo/bar' => app })) res = Rack::MockRequest.new(map).get("/") res.must_be :not_found? res = Rack::MockRequest.new(map).get("/qux") res.must_be :not_found? res = Rack::MockRequest.new(map).get("/foo") res.must_be :ok? res["X-ScriptName"].must_equal "/foo" res["X-PathInfo"].must_equal "" res = Rack::MockRequest.new(map).get("/foo/") res.must_be :ok? res["X-ScriptName"].must_equal "/foo" res["X-PathInfo"].must_equal "/" res = Rack::MockRequest.new(map).get("/foo/bar") res.must_be :ok? res["X-ScriptName"].must_equal "/foo/bar" res["X-PathInfo"].must_equal "" res = Rack::MockRequest.new(map).get("/foo/bar/") res.must_be :ok? res["X-ScriptName"].must_equal "/foo/bar" res["X-PathInfo"].must_equal "/" res = Rack::MockRequest.new(map).get("/foo///bar//quux") res.status.must_equal 200 res.must_be :ok? res["X-ScriptName"].must_equal "/foo/bar" res["X-PathInfo"].must_equal "//quux" res = Rack::MockRequest.new(map).get("/foo/quux", "SCRIPT_NAME" => "/bleh") res.must_be :ok? res["X-ScriptName"].must_equal "/bleh/foo" res["X-PathInfo"].must_equal "/quux" res = Rack::MockRequest.new(map).get("/bar", 'HTTP_HOST' => 'foo.org') res.must_be :ok? res["X-ScriptName"].must_equal "/bar" res["X-PathInfo"].must_be :empty? res = Rack::MockRequest.new(map).get("/bar/", 'HTTP_HOST' => 'foo.org') res.must_be :ok? res["X-ScriptName"].must_equal "/bar" res["X-PathInfo"].must_equal '/' end it "dispatches hosts correctly" do map = Rack::Lint.new(Rack::URLMap.new("http://foo.org/" => lambda { |env| [200, { "Content-Type" => "text/plain", "X-Position" => "foo.org", "X-Host" => env["HTTP_HOST"] || env["SERVER_NAME"], }, [""]]}, "http://subdomain.foo.org/" => lambda { |env| [200, { "Content-Type" => "text/plain", "X-Position" => "subdomain.foo.org", "X-Host" => env["HTTP_HOST"] || env["SERVER_NAME"], }, [""]]}, "http://bar.org/" => lambda { |env| [200, { "Content-Type" => "text/plain", "X-Position" => "bar.org", "X-Host" => env["HTTP_HOST"] || env["SERVER_NAME"], }, [""]]}, "/" => lambda { |env| [200, { "Content-Type" => "text/plain", "X-Position" => "default.org", "X-Host" => env["HTTP_HOST"] || env["SERVER_NAME"], }, [""]]} )) res = Rack::MockRequest.new(map).get("/") res.must_be :ok? res["X-Position"].must_equal "default.org" res = Rack::MockRequest.new(map).get("/", "HTTP_HOST" => "bar.org") res.must_be :ok? res["X-Position"].must_equal "bar.org" res = Rack::MockRequest.new(map).get("/", "HTTP_HOST" => "foo.org") res.must_be :ok? res["X-Position"].must_equal "foo.org" res = Rack::MockRequest.new(map).get("/", "HTTP_HOST" => "subdomain.foo.org", "SERVER_NAME" => "foo.org") res.must_be :ok? res["X-Position"].must_equal "subdomain.foo.org" res = Rack::MockRequest.new(map).get("http://foo.org/") res.must_be :ok? res["X-Position"].must_equal "foo.org" res = Rack::MockRequest.new(map).get("/", "HTTP_HOST" => "example.org") res.must_be :ok? res["X-Position"].must_equal "default.org" res = Rack::MockRequest.new(map).get("/", "HTTP_HOST" => "any-host.org") res.must_be :ok? res["X-Position"].must_equal "default.org" res = Rack::MockRequest.new(map).get("/", "HTTP_HOST" => "any-host.org", "HTTP_X_FORWARDED_HOST" => "any-host.org") res.must_be :ok? res["X-Position"].must_equal "default.org" res = Rack::MockRequest.new(map).get("/", "HTTP_HOST" => "example.org:9292", "SERVER_PORT" => "9292") res.must_be :ok? res["X-Position"].must_equal "default.org" end it "be nestable" do map = Rack::Lint.new(Rack::URLMap.new("/foo" => Rack::URLMap.new("/bar" => Rack::URLMap.new("/quux" => lambda { |env| [200, { "Content-Type" => "text/plain", "X-Position" => "/foo/bar/quux", "X-PathInfo" => env["PATH_INFO"], "X-ScriptName" => env["SCRIPT_NAME"], }, [""]]} )))) res = Rack::MockRequest.new(map).get("/foo/bar") res.must_be :not_found? res = Rack::MockRequest.new(map).get("/foo/bar/quux") res.must_be :ok? res["X-Position"].must_equal "/foo/bar/quux" res["X-PathInfo"].must_equal "" res["X-ScriptName"].must_equal "/foo/bar/quux" end it "route root apps correctly" do map = Rack::Lint.new(Rack::URLMap.new("/" => lambda { |env| [200, { "Content-Type" => "text/plain", "X-Position" => "root", "X-PathInfo" => env["PATH_INFO"], "X-ScriptName" => env["SCRIPT_NAME"] }, [""]]}, "/foo" => lambda { |env| [200, { "Content-Type" => "text/plain", "X-Position" => "foo", "X-PathInfo" => env["PATH_INFO"], "X-ScriptName" => env["SCRIPT_NAME"] }, [""]]} )) res = Rack::MockRequest.new(map).get("/foo/bar") res.must_be :ok? res["X-Position"].must_equal "foo" res["X-PathInfo"].must_equal "/bar" res["X-ScriptName"].must_equal "/foo" res = Rack::MockRequest.new(map).get("/foo") res.must_be :ok? res["X-Position"].must_equal "foo" res["X-PathInfo"].must_equal "" res["X-ScriptName"].must_equal "/foo" res = Rack::MockRequest.new(map).get("/bar") res.must_be :ok? res["X-Position"].must_equal "root" res["X-PathInfo"].must_equal "/bar" res["X-ScriptName"].must_equal "" res = Rack::MockRequest.new(map).get("") res.must_be :ok? res["X-Position"].must_equal "root" res["X-PathInfo"].must_equal "/" res["X-ScriptName"].must_equal "" end it "not squeeze slashes" do map = Rack::Lint.new(Rack::URLMap.new("/" => lambda { |env| [200, { "Content-Type" => "text/plain", "X-Position" => "root", "X-PathInfo" => env["PATH_INFO"], "X-ScriptName" => env["SCRIPT_NAME"] }, [""]]}, "/foo" => lambda { |env| [200, { "Content-Type" => "text/plain", "X-Position" => "foo", "X-PathInfo" => env["PATH_INFO"], "X-ScriptName" => env["SCRIPT_NAME"] }, [""]]} )) res = Rack::MockRequest.new(map).get("/http://example.org/bar") res.must_be :ok? res["X-Position"].must_equal "root" res["X-PathInfo"].must_equal "/http://example.org/bar" res["X-ScriptName"].must_equal "" end it "not be case sensitive with hosts" do map = Rack::Lint.new(Rack::URLMap.new("http://example.org/" => lambda { |env| [200, { "Content-Type" => "text/plain", "X-Position" => "root", "X-PathInfo" => env["PATH_INFO"], "X-ScriptName" => env["SCRIPT_NAME"] }, [""]]} )) res = Rack::MockRequest.new(map).get("http://example.org/") res.must_be :ok? res["X-Position"].must_equal "root" res["X-PathInfo"].must_equal "/" res["X-ScriptName"].must_equal "" res = Rack::MockRequest.new(map).get("http://EXAMPLE.ORG/") res.must_be :ok? res["X-Position"].must_equal "root" res["X-PathInfo"].must_equal "/" res["X-ScriptName"].must_equal "" end end rack-2.1.4/test/spec_utils.rb000066400000000000000000000722761367177163600161530ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/utils' require 'rack/mock' require 'timeout' describe Rack::Utils do def assert_sets exp, act exp = Set.new exp.split '&' act = Set.new act.split '&' assert_equal exp, act end def assert_query exp, act assert_sets exp, Rack::Utils.build_query(act) end def assert_nested_query exp, act assert_sets exp, Rack::Utils.build_nested_query(act) end it 'can be mixed in and used' do instance = Class.new { include Rack::Utils public :parse_nested_query public :parse_query }.new assert_equal({ "foo" => "bar" }, instance.parse_nested_query("foo=bar")) assert_equal({ "foo" => "bar" }, instance.parse_query("foo=bar")) end it "round trip binary data" do r = [218, 0].pack 'CC' z = Rack::Utils.unescape(Rack::Utils.escape(r), Encoding::BINARY) r.must_equal z end it "escape correctly" do Rack::Utils.escape("fobar").must_equal "fo%3Co%3Ebar" Rack::Utils.escape("a space").must_equal "a+space" Rack::Utils.escape("q1!2\"'w$5&7/z8)?\\"). must_equal "q1%212%22%27w%245%267%2Fz8%29%3F%5C" end it "escape correctly for multibyte characters" do matz_name = "\xE3\x81\xBE\xE3\x81\xA4\xE3\x82\x82\xE3\x81\xA8".unpack("a*")[0] # Matsumoto matz_name.force_encoding(Encoding::UTF_8) Rack::Utils.escape(matz_name).must_equal '%E3%81%BE%E3%81%A4%E3%82%82%E3%81%A8' matz_name_sep = "\xE3\x81\xBE\xE3\x81\xA4 \xE3\x82\x82\xE3\x81\xA8".unpack("a*")[0] # Matsu moto matz_name_sep.force_encoding("UTF-8") if matz_name_sep.respond_to? :force_encoding Rack::Utils.escape(matz_name_sep).must_equal '%E3%81%BE%E3%81%A4+%E3%82%82%E3%81%A8' end it "escape objects that responds to to_s" do Rack::Utils.escape(:id).must_equal "id" end it "escape non-UTF8 strings" do Rack::Utils.escape("ø".encode("ISO-8859-1")).must_equal "%F8" end it "not hang on escaping long strings that end in % (http://redmine.ruby-lang.org/issues/5149)" do Timeout.timeout(1) do lambda { URI.decode_www_form_component "A string that causes catastrophic backtracking as it gets longer %" }.must_raise ArgumentError end end it "escape path spaces with %20" do Rack::Utils.escape_path("foo bar").must_equal "foo%20bar" end it "unescape correctly" do Rack::Utils.unescape("fo%3Co%3Ebar").must_equal "fobar" Rack::Utils.unescape("a+space").must_equal "a space" Rack::Utils.unescape("a%20space").must_equal "a space" Rack::Utils.unescape("q1%212%22%27w%245%267%2Fz8%29%3F%5C"). must_equal "q1!2\"'w$5&7/z8)?\\" end it "parse query strings correctly" do Rack::Utils.parse_query("foo=bar"). must_equal "foo" => "bar" Rack::Utils.parse_query("foo=\"bar\""). must_equal "foo" => "\"bar\"" Rack::Utils.parse_query("foo=bar&foo=quux"). must_equal "foo" => ["bar", "quux"] Rack::Utils.parse_query("foo=1&bar=2"). must_equal "foo" => "1", "bar" => "2" Rack::Utils.parse_query("my+weird+field=q1%212%22%27w%245%267%2Fz8%29%3F"). must_equal "my weird field" => "q1!2\"'w$5&7/z8)?" Rack::Utils.parse_query("foo%3Dbaz=bar").must_equal "foo=baz" => "bar" Rack::Utils.parse_query("=").must_equal "" => "" Rack::Utils.parse_query("=value").must_equal "" => "value" Rack::Utils.parse_query("key=").must_equal "key" => "" Rack::Utils.parse_query("&key&").must_equal "key" => nil Rack::Utils.parse_query(";key;", ";,").must_equal "key" => nil Rack::Utils.parse_query(",key,", ";,").must_equal "key" => nil Rack::Utils.parse_query(";foo=bar,;", ";,").must_equal "foo" => "bar" Rack::Utils.parse_query(",foo=bar;,", ";,").must_equal "foo" => "bar" end it "not create infinite loops with cycle structures" do ex = { "foo" => nil } ex["foo"] = ex params = Rack::Utils::KeySpaceConstrainedParams.new(65536) params['foo'] = params params.to_params_hash.to_s.must_equal ex.to_s end it "parse nil as an empty query string" do Rack::Utils.parse_nested_query(nil).must_equal({}) end it "raise an exception if the params are too deep" do len = Rack::Utils.param_depth_limit lambda { Rack::Utils.parse_nested_query("foo#{"[a]" * len}=bar") }.must_raise(RangeError) Rack::Utils.parse_nested_query("foo#{"[a]" * (len - 1)}=bar") end it "parse nested query strings correctly" do Rack::Utils.parse_nested_query("foo"). must_equal "foo" => nil Rack::Utils.parse_nested_query("foo="). must_equal "foo" => "" Rack::Utils.parse_nested_query("foo=bar"). must_equal "foo" => "bar" Rack::Utils.parse_nested_query("foo=\"bar\""). must_equal "foo" => "\"bar\"" Rack::Utils.parse_nested_query("foo=bar&foo=quux"). must_equal "foo" => "quux" Rack::Utils.parse_nested_query("foo&foo="). must_equal "foo" => "" Rack::Utils.parse_nested_query("foo=1&bar=2"). must_equal "foo" => "1", "bar" => "2" Rack::Utils.parse_nested_query("&foo=1&&bar=2"). must_equal "foo" => "1", "bar" => "2" Rack::Utils.parse_nested_query("foo&bar="). must_equal "foo" => nil, "bar" => "" Rack::Utils.parse_nested_query("foo=bar&baz="). must_equal "foo" => "bar", "baz" => "" Rack::Utils.parse_nested_query("my+weird+field=q1%212%22%27w%245%267%2Fz8%29%3F"). must_equal "my weird field" => "q1!2\"'w$5&7/z8)?" Rack::Utils.parse_nested_query("a=b&pid%3D1234=1023"). must_equal "pid=1234" => "1023", "a" => "b" Rack::Utils.parse_nested_query("foo[]"). must_equal "foo" => [nil] Rack::Utils.parse_nested_query("foo[]="). must_equal "foo" => [""] Rack::Utils.parse_nested_query("foo[]=bar"). must_equal "foo" => ["bar"] Rack::Utils.parse_nested_query("foo[]=bar&foo"). must_equal "foo" => nil Rack::Utils.parse_nested_query("foo[]=bar&foo["). must_equal "foo" => ["bar"], "foo[" => nil Rack::Utils.parse_nested_query("foo[]=bar&foo[=baz"). must_equal "foo" => ["bar"], "foo[" => "baz" Rack::Utils.parse_nested_query("foo[]=bar&foo[]"). must_equal "foo" => ["bar", nil] Rack::Utils.parse_nested_query("foo[]=bar&foo[]="). must_equal "foo" => ["bar", ""] Rack::Utils.parse_nested_query("foo[]=1&foo[]=2"). must_equal "foo" => ["1", "2"] Rack::Utils.parse_nested_query("foo=bar&baz[]=1&baz[]=2&baz[]=3"). must_equal "foo" => "bar", "baz" => ["1", "2", "3"] Rack::Utils.parse_nested_query("foo[]=bar&baz[]=1&baz[]=2&baz[]=3"). must_equal "foo" => ["bar"], "baz" => ["1", "2", "3"] Rack::Utils.parse_nested_query("x[y][z]=1"). must_equal "x" => { "y" => { "z" => "1" } } Rack::Utils.parse_nested_query("x[y][z][]=1"). must_equal "x" => { "y" => { "z" => ["1"] } } Rack::Utils.parse_nested_query("x[y][z]=1&x[y][z]=2"). must_equal "x" => { "y" => { "z" => "2" } } Rack::Utils.parse_nested_query("x[y][z][]=1&x[y][z][]=2"). must_equal "x" => { "y" => { "z" => ["1", "2"] } } Rack::Utils.parse_nested_query("x[y][][z]=1"). must_equal "x" => { "y" => [{ "z" => "1" }] } Rack::Utils.parse_nested_query("x[y][][z][]=1"). must_equal "x" => { "y" => [{ "z" => ["1"] }] } Rack::Utils.parse_nested_query("x[y][][z]=1&x[y][][w]=2"). must_equal "x" => { "y" => [{ "z" => "1", "w" => "2" }] } Rack::Utils.parse_nested_query("x[y][][v][w]=1"). must_equal "x" => { "y" => [{ "v" => { "w" => "1" } }] } Rack::Utils.parse_nested_query("x[y][][z]=1&x[y][][v][w]=2"). must_equal "x" => { "y" => [{ "z" => "1", "v" => { "w" => "2" } }] } Rack::Utils.parse_nested_query("x[y][][z]=1&x[y][][z]=2"). must_equal "x" => { "y" => [{ "z" => "1" }, { "z" => "2" }] } Rack::Utils.parse_nested_query("x[y][][z]=1&x[y][][w]=a&x[y][][z]=2&x[y][][w]=3"). must_equal "x" => { "y" => [{ "z" => "1", "w" => "a" }, { "z" => "2", "w" => "3" }] } Rack::Utils.parse_nested_query("x[][y]=1&x[][z][w]=a&x[][y]=2&x[][z][w]=b"). must_equal "x" => [{ "y" => "1", "z" => { "w" => "a" } }, { "y" => "2", "z" => { "w" => "b" } }] Rack::Utils.parse_nested_query("x[][z][w]=a&x[][y]=1&x[][z][w]=b&x[][y]=2"). must_equal "x" => [{ "y" => "1", "z" => { "w" => "a" } }, { "y" => "2", "z" => { "w" => "b" } }] Rack::Utils.parse_nested_query("data[books][][data][page]=1&data[books][][data][page]=2"). must_equal "data" => { "books" => [{ "data" => { "page" => "1" } }, { "data" => { "page" => "2" } }] } lambda { Rack::Utils.parse_nested_query("x[y]=1&x[y]z=2") }. must_raise(Rack::Utils::ParameterTypeError). message.must_equal "expected Hash (got String) for param `y'" lambda { Rack::Utils.parse_nested_query("x[y]=1&x[]=1") }. must_raise(Rack::Utils::ParameterTypeError). message.must_match(/expected Array \(got [^)]*\) for param `x'/) lambda { Rack::Utils.parse_nested_query("x[y]=1&x[y][][w]=2") }. must_raise(Rack::Utils::ParameterTypeError). message.must_equal "expected Array (got String) for param `y'" lambda { Rack::Utils.parse_nested_query("foo%81E=1") }. must_raise(Rack::Utils::InvalidParameterError). message.must_equal "invalid byte sequence in UTF-8" end it "only moves to a new array when the full key has been seen" do Rack::Utils.parse_nested_query("x[][y][][z]=1&x[][y][][w]=2"). must_equal "x" => [{ "y" => [{ "z" => "1", "w" => "2" }] }] Rack::Utils.parse_nested_query( "x[][id]=1&x[][y][a]=5&x[][y][b]=7&x[][z][id]=3&x[][z][w]=0&x[][id]=2&x[][y][a]=6&x[][y][b]=8&x[][z][id]=4&x[][z][w]=0" ).must_equal "x" => [ { "id" => "1", "y" => { "a" => "5", "b" => "7" }, "z" => { "id" => "3", "w" => "0" } }, { "id" => "2", "y" => { "a" => "6", "b" => "8" }, "z" => { "id" => "4", "w" => "0" } }, ] end it "allow setting the params hash class to use for parsing query strings" do begin default_parser = Rack::Utils.default_query_parser param_parser_class = Class.new(Rack::QueryParser::Params) do def initialize(*) super @params = Hash.new{|h, k| h[k.to_s] if k.is_a?(Symbol)} end end Rack::Utils.default_query_parser = Rack::QueryParser.new(param_parser_class, 65536, 100) Rack::Utils.parse_query(",foo=bar;,", ";,")[:foo].must_equal "bar" Rack::Utils.parse_nested_query("x[y][][z]=1&x[y][][w]=2")[:x][:y][0][:z].must_equal "1" ensure Rack::Utils.default_query_parser = default_parser end end it "build query strings correctly" do assert_query "foo=bar", "foo" => "bar" assert_query "foo=bar&foo=quux", "foo" => ["bar", "quux"] assert_query "foo=1&bar=2", "foo" => "1", "bar" => "2" assert_query("my+weird+field=q1%212%22%27w%245%267%2Fz8%29%3F", "my weird field" => "q1!2\"'w$5&7/z8)?") end it "build nested query strings correctly" do Rack::Utils.build_nested_query("foo" => nil).must_equal "foo" Rack::Utils.build_nested_query("foo" => "").must_equal "foo=" Rack::Utils.build_nested_query("foo" => "bar").must_equal "foo=bar" assert_nested_query("foo=1&bar=2", "foo" => "1", "bar" => "2") assert_nested_query("foo=1&bar=2", "foo" => 1, "bar" => 2) assert_nested_query("my+weird+field=q1%212%22%27w%245%267%2Fz8%29%3F", "my weird field" => "q1!2\"'w$5&7/z8)?") Rack::Utils.build_nested_query("foo" => [nil]).must_equal "foo[]" Rack::Utils.build_nested_query("foo" => [""]).must_equal "foo[]=" Rack::Utils.build_nested_query("foo" => ["bar"]).must_equal "foo[]=bar" Rack::Utils.build_nested_query('foo' => []).must_equal '' Rack::Utils.build_nested_query('foo' => {}).must_equal '' Rack::Utils.build_nested_query('foo' => 'bar', 'baz' => []).must_equal 'foo=bar' Rack::Utils.build_nested_query('foo' => 'bar', 'baz' => {}).must_equal 'foo=bar' Rack::Utils.build_nested_query('foo' => nil, 'bar' => ''). must_equal 'foo&bar=' Rack::Utils.build_nested_query('foo' => 'bar', 'baz' => ''). must_equal 'foo=bar&baz=' Rack::Utils.build_nested_query('foo' => ['1', '2']). must_equal 'foo[]=1&foo[]=2' Rack::Utils.build_nested_query('foo' => 'bar', 'baz' => ['1', '2', '3']). must_equal 'foo=bar&baz[]=1&baz[]=2&baz[]=3' Rack::Utils.build_nested_query('foo' => ['bar'], 'baz' => ['1', '2', '3']). must_equal 'foo[]=bar&baz[]=1&baz[]=2&baz[]=3' Rack::Utils.build_nested_query('foo' => ['bar'], 'baz' => ['1', '2', '3']). must_equal 'foo[]=bar&baz[]=1&baz[]=2&baz[]=3' Rack::Utils.build_nested_query('x' => { 'y' => { 'z' => '1' } }). must_equal 'x[y][z]=1' Rack::Utils.build_nested_query('x' => { 'y' => { 'z' => ['1'] } }). must_equal 'x[y][z][]=1' Rack::Utils.build_nested_query('x' => { 'y' => { 'z' => ['1', '2'] } }). must_equal 'x[y][z][]=1&x[y][z][]=2' Rack::Utils.build_nested_query('x' => { 'y' => [{ 'z' => '1' }] }). must_equal 'x[y][][z]=1' Rack::Utils.build_nested_query('x' => { 'y' => [{ 'z' => ['1'] }] }). must_equal 'x[y][][z][]=1' Rack::Utils.build_nested_query('x' => { 'y' => [{ 'z' => '1', 'w' => '2' }] }). must_equal 'x[y][][z]=1&x[y][][w]=2' Rack::Utils.build_nested_query('x' => { 'y' => [{ 'v' => { 'w' => '1' } }] }). must_equal 'x[y][][v][w]=1' Rack::Utils.build_nested_query('x' => { 'y' => [{ 'z' => '1', 'v' => { 'w' => '2' } }] }). must_equal 'x[y][][z]=1&x[y][][v][w]=2' Rack::Utils.build_nested_query('x' => { 'y' => [{ 'z' => '1' }, { 'z' => '2' }] }). must_equal 'x[y][][z]=1&x[y][][z]=2' Rack::Utils.build_nested_query('x' => { 'y' => [{ 'z' => '1', 'w' => 'a' }, { 'z' => '2', 'w' => '3' }] }). must_equal 'x[y][][z]=1&x[y][][w]=a&x[y][][z]=2&x[y][][w]=3' Rack::Utils.build_nested_query({ "foo" => ["1", ["2"]] }). must_equal 'foo[]=1&foo[][]=2' lambda { Rack::Utils.build_nested_query("foo=bar") }. must_raise(ArgumentError). message.must_equal "value must be a Hash" end it 'performs the inverse function of #parse_nested_query' do [{ "foo" => nil, "bar" => "" }, { "foo" => "bar", "baz" => "" }, { "foo" => ["1", "2"] }, { "foo" => "bar", "baz" => ["1", "2", "3"] }, { "foo" => ["bar"], "baz" => ["1", "2", "3"] }, { "foo" => ["1", "2"] }, { "foo" => "bar", "baz" => ["1", "2", "3"] }, { "x" => { "y" => { "z" => "1" } } }, { "x" => { "y" => { "z" => ["1"] } } }, { "x" => { "y" => { "z" => ["1", "2"] } } }, { "x" => { "y" => [{ "z" => "1" }] } }, { "x" => { "y" => [{ "z" => ["1"] }] } }, { "x" => { "y" => [{ "z" => "1", "w" => "2" }] } }, { "x" => { "y" => [{ "v" => { "w" => "1" } }] } }, { "x" => { "y" => [{ "z" => "1", "v" => { "w" => "2" } }] } }, { "x" => { "y" => [{ "z" => "1" }, { "z" => "2" }] } }, { "x" => { "y" => [{ "z" => "1", "w" => "a" }, { "z" => "2", "w" => "3" }] } }, { "foo" => ["1", ["2"]] }, ].each { |params| qs = Rack::Utils.build_nested_query(params) Rack::Utils.parse_nested_query(qs).must_equal params } lambda { Rack::Utils.build_nested_query("foo=bar") }. must_raise(ArgumentError). message.must_equal "value must be a Hash" end it "parse query strings that have a non-existent value" do key = "post/2011/08/27/Deux-%22rat%C3%A9s%22-de-l-Universit" Rack::Utils.parse_query(key).must_equal Rack::Utils.unescape(key) => nil end it "build query strings without = with non-existent values" do key = "post/2011/08/27/Deux-%22rat%C3%A9s%22-de-l-Universit" key = Rack::Utils.unescape(key) Rack::Utils.build_query(key => nil).must_equal Rack::Utils.escape(key) end it "parse q-values" do # XXX handle accept-extension Rack::Utils.q_values("foo;q=0.5,bar,baz;q=0.9").must_equal [ [ 'foo', 0.5 ], [ 'bar', 1.0 ], [ 'baz', 0.9 ] ] end it "select best quality match" do Rack::Utils.best_q_match("text/html", %w[text/html]).must_equal "text/html" # More specific matches are preferred Rack::Utils.best_q_match("text/*;q=0.5,text/html;q=1.0", %w[text/html]).must_equal "text/html" # Higher quality matches are preferred Rack::Utils.best_q_match("text/*;q=0.5,text/plain;q=1.0", %w[text/plain text/html]).must_equal "text/plain" # Respect requested content type Rack::Utils.best_q_match("application/json", %w[application/vnd.lotus-1-2-3 application/json]).must_equal "application/json" # All else equal, the available mimes are preferred in order Rack::Utils.best_q_match("text/*", %w[text/html text/plain]).must_equal "text/html" Rack::Utils.best_q_match("text/plain,text/html", %w[text/html text/plain]).must_equal "text/html" # When there are no matches, return nil: Rack::Utils.best_q_match("application/json", %w[text/html text/plain]).must_be_nil end it "escape html entities [&><'\"/]" do Rack::Utils.escape_html("foo").must_equal "foo" Rack::Utils.escape_html("f&o").must_equal "f&o" Rack::Utils.escape_html("fo").must_equal "f>o" Rack::Utils.escape_html("f'o").must_equal "f'o" Rack::Utils.escape_html('f"o').must_equal "f"o" Rack::Utils.escape_html("f/o").must_equal "f/o" Rack::Utils.escape_html("").must_equal "<foo></foo>" end it "escape html entities even on MRI when it's bugged" do test_escape = lambda do Rack::Utils.escape_html("\300<").must_equal "\300<" end test_escape.must_raise ArgumentError end it "escape html entities in unicode strings" do # the following will cause warnings if the regex is poorly encoded: Rack::Utils.escape_html("☃").must_equal "☃" end it "figure out which encodings are acceptable" do helper = lambda do |a, b| Rack::Request.new(Rack::MockRequest.env_for("", "HTTP_ACCEPT_ENCODING" => a)) Rack::Utils.select_best_encoding(a, b) end helper.call(%w(), [["x", 1]]).must_be_nil helper.call(%w(identity), [["identity", 0.0]]).must_be_nil helper.call(%w(identity), [["*", 0.0]]).must_be_nil helper.call(%w(identity), [["compress", 1.0], ["gzip", 1.0]]).must_equal "identity" helper.call(%w(compress gzip identity), [["compress", 1.0], ["gzip", 1.0]]).must_equal "compress" helper.call(%w(compress gzip identity), [["compress", 0.5], ["gzip", 1.0]]).must_equal "gzip" helper.call(%w(foo bar identity), []).must_equal "identity" helper.call(%w(foo bar identity), [["*", 1.0]]).must_equal "foo" helper.call(%w(foo bar identity), [["*", 1.0], ["foo", 0.9]]).must_equal "bar" helper.call(%w(foo bar identity), [["foo", 0], ["bar", 0]]).must_equal "identity" helper.call(%w(foo bar baz identity), [["*", 0], ["identity", 0.1]]).must_equal "identity" end it "should perform constant time string comparison" do Rack::Utils.secure_compare('a', 'a').must_equal true Rack::Utils.secure_compare('a', 'b').must_equal false end it "return status code for integer" do Rack::Utils.status_code(200).must_equal 200 end it "return status code for string" do Rack::Utils.status_code("200").must_equal 200 end it "return status code for symbol" do Rack::Utils.status_code(:ok).must_equal 200 end it "raise an error for an invalid symbol" do assert_raises(ArgumentError, "Unrecognized status code :foobar") do Rack::Utils.status_code(:foobar) end end it "return rfc2822 format from rfc2822 helper" do Rack::Utils.rfc2822(Time.at(0).gmtime).must_equal "Thu, 01 Jan 1970 00:00:00 -0000" end it "return rfc2109 format from rfc2109 helper" do Rack::Utils.rfc2109(Time.at(0).gmtime).must_equal "Thu, 01-Jan-1970 00:00:00 GMT" end it "clean directory traversal" do Rack::Utils.clean_path_info("/cgi/../cgi/test").must_equal "/cgi/test" Rack::Utils.clean_path_info(".").must_be_empty Rack::Utils.clean_path_info("test/..").must_be_empty end it "clean unsafe directory traversal to safe path" do Rack::Utils.clean_path_info("/../README.rdoc").must_equal "/README.rdoc" Rack::Utils.clean_path_info("../test/spec_utils.rb").must_equal "test/spec_utils.rb" end it "not clean directory traversal with encoded periods" do Rack::Utils.clean_path_info("/%2E%2E/README").must_equal "/%2E%2E/README" end it "clean slash only paths" do Rack::Utils.clean_path_info("/").must_equal "/" end end describe Rack::Utils, "cookies" do it "parses cookies" do env = Rack::MockRequest.env_for("", "HTTP_COOKIE" => "zoo=m") Rack::Utils.parse_cookies(env).must_equal({ "zoo" => "m" }) env = Rack::MockRequest.env_for("", "HTTP_COOKIE" => "foo=%") Rack::Utils.parse_cookies(env).must_equal({ "foo" => "%" }) env = Rack::MockRequest.env_for("", "HTTP_COOKIE" => "foo=bar;foo=car") Rack::Utils.parse_cookies(env).must_equal({ "foo" => "bar" }) env = Rack::MockRequest.env_for("", "HTTP_COOKIE" => "foo=bar;quux=h&m") Rack::Utils.parse_cookies(env).must_equal({ "foo" => "bar", "quux" => "h&m" }) env = Rack::MockRequest.env_for("", "HTTP_COOKIE" => "foo=bar").freeze Rack::Utils.parse_cookies(env).must_equal({ "foo" => "bar" }) env = Rack::MockRequest.env_for("", "HTTP_COOKIE" => "%66oo=baz;foo=bar") cookies = Rack::Utils.parse_cookies(env) cookies.must_equal({ "%66oo" => "baz", "foo" => "bar" }) end it "adds new cookies to nil header" do Rack::Utils.add_cookie_to_header(nil, 'name', 'value').must_equal 'name=value' end it "adds new cookies to blank header" do header = '' Rack::Utils.add_cookie_to_header(header, 'name', 'value').must_equal 'name=value' header.must_equal '' end it "adds new cookies to string header" do header = 'existing-cookie' Rack::Utils.add_cookie_to_header(header, 'name', 'value').must_equal "existing-cookie\nname=value" header.must_equal 'existing-cookie' end it "adds new cookies to array header" do header = %w[ existing-cookie ] Rack::Utils.add_cookie_to_header(header, 'name', 'value').must_equal "existing-cookie\nname=value" header.must_equal %w[ existing-cookie ] end it "adds new cookies to an unrecognized header" do lambda { Rack::Utils.add_cookie_to_header(Object.new, 'name', 'value') }.must_raise ArgumentError end end describe Rack::Utils, "byte_range" do it "ignore missing or syntactically invalid byte ranges" do Rack::Utils.byte_ranges({}, 500).must_be_nil Rack::Utils.byte_ranges({ "HTTP_RANGE" => "foobar" }, 500).must_be_nil Rack::Utils.byte_ranges({ "HTTP_RANGE" => "furlongs=123-456" }, 500).must_be_nil Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=" }, 500).must_be_nil Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=-" }, 500).must_be_nil Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=123,456" }, 500).must_be_nil # A range of non-positive length is syntactically invalid and ignored: Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=456-123" }, 500).must_be_nil Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=456-455" }, 500).must_be_nil end it "parse simple byte ranges" do Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=123-456" }, 500).must_equal [(123..456)] Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=123-" }, 500).must_equal [(123..499)] Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=-100" }, 500).must_equal [(400..499)] Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=0-0" }, 500).must_equal [(0..0)] Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=499-499" }, 500).must_equal [(499..499)] end it "parse several byte ranges" do Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=500-600,601-999" }, 1000).must_equal [(500..600), (601..999)] end it "truncate byte ranges" do Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=123-999" }, 500).must_equal [(123..499)] Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=600-999" }, 500).must_equal [] Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=-999" }, 500).must_equal [(0..499)] end it "ignore unsatisfiable byte ranges" do Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=500-501" }, 500).must_equal [] Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=500-" }, 500).must_equal [] Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=999-" }, 500).must_equal [] Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=-0" }, 500).must_equal [] end it "handle byte ranges of empty files" do Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=123-456" }, 0).must_equal [] Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=0-" }, 0).must_equal [] Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=-100" }, 0).must_equal [] Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=0-0" }, 0).must_equal [] Rack::Utils.byte_ranges({ "HTTP_RANGE" => "bytes=-0" }, 0).must_equal [] end end describe Rack::Utils::HeaderHash do it "retain header case" do h = Rack::Utils::HeaderHash.new("Content-MD5" => "d5ff4e2a0 ...") h['ETag'] = 'Boo!' h.to_hash.must_equal "Content-MD5" => "d5ff4e2a0 ...", "ETag" => 'Boo!' end it "check existence of keys case insensitively" do h = Rack::Utils::HeaderHash.new("Content-MD5" => "d5ff4e2a0 ...") h.must_include 'content-md5' h.wont_include 'ETag' end it "create deep HeaderHash copy on dup" do h1 = Rack::Utils::HeaderHash.new("Content-MD5" => "d5ff4e2a0 ...") h2 = h1.dup h1.must_include 'content-md5' h2.must_include 'content-md5' h2.delete("Content-MD5") h2.wont_include 'content-md5' h1.must_include 'content-md5' end it "merge case-insensitively" do h = Rack::Utils::HeaderHash.new("ETag" => 'HELLO', "content-length" => '123') merged = h.merge("Etag" => 'WORLD', 'Content-Length' => '321', "Foo" => 'BAR') merged.must_equal "Etag" => 'WORLD', "Content-Length" => '321', "Foo" => 'BAR' end it "overwrite case insensitively and assume the new key's case" do h = Rack::Utils::HeaderHash.new("Foo-Bar" => "baz") h["foo-bar"] = "bizzle" h["FOO-BAR"].must_equal "bizzle" h.length.must_equal 1 h.to_hash.must_equal "foo-bar" => "bizzle" end it "be converted to real Hash" do h = Rack::Utils::HeaderHash.new("foo" => "bar") h.to_hash.must_be_instance_of Hash end it "convert Array values to Strings when converting to Hash" do h = Rack::Utils::HeaderHash.new("foo" => ["bar", "baz"]) h.to_hash.must_equal({ "foo" => "bar\nbaz" }) end it "replace hashes correctly" do h = Rack::Utils::HeaderHash.new("Foo-Bar" => "baz") j = { "foo" => "bar" } h.replace(j) h["foo"].must_equal "bar" end it "be able to delete the given key case-sensitively" do h = Rack::Utils::HeaderHash.new("foo" => "bar") h.delete("foo") h["foo"].must_be_nil h["FOO"].must_be_nil end it "be able to delete the given key case-insensitively" do h = Rack::Utils::HeaderHash.new("foo" => "bar") h.delete("FOO") h["foo"].must_be_nil h["FOO"].must_be_nil end it "return the deleted value when #delete is called on an existing key" do h = Rack::Utils::HeaderHash.new("foo" => "bar") h.delete("Foo").must_equal "bar" end it "return nil when #delete is called on a non-existant key" do h = Rack::Utils::HeaderHash.new("foo" => "bar") h.delete("Hello").must_be_nil end it "dups given HeaderHash" do a = Rack::Utils::HeaderHash.new("foo" => "bar") b = Rack::Utils::HeaderHash.new(a) b.object_id.wont_equal a.object_id b.must_equal a end it "convert Array values to Strings when responding to #each" do h = Rack::Utils::HeaderHash.new("foo" => ["bar", "baz"]) h.each do |k, v| k.must_equal "foo" v.must_equal "bar\nbaz" end end it "not create headers out of thin air" do h = Rack::Utils::HeaderHash.new h['foo'] h['foo'].must_be_nil h.wont_include 'foo' end end describe Rack::Utils::Context do class ContextTest attr_reader :app def initialize app; @app = app; end def call env; context env; end def context env, app = @app; app.call(env); end end test_target1 = proc{|e| e.to_s + ' world' } test_target2 = proc{|e| e.to_i + 2 } test_target3 = proc{|e| nil } test_target4 = proc{|e| [200, { 'Content-Type' => 'text/plain', 'Content-Length' => '0' }, ['']] } test_app = ContextTest.new test_target4 it "set context correctly" do test_app.app.must_equal test_target4 c1 = Rack::Utils::Context.new(test_app, test_target1) c1.for.must_equal test_app c1.app.must_equal test_target1 c2 = Rack::Utils::Context.new(test_app, test_target2) c2.for.must_equal test_app c2.app.must_equal test_target2 end it "alter app on recontexting" do c1 = Rack::Utils::Context.new(test_app, test_target1) c2 = c1.recontext(test_target2) c2.for.must_equal test_app c2.app.must_equal test_target2 c3 = c2.recontext(test_target3) c3.for.must_equal test_app c3.app.must_equal test_target3 end it "run different apps" do c1 = Rack::Utils::Context.new test_app, test_target1 c2 = c1.recontext test_target2 c3 = c2.recontext test_target3 c4 = c3.recontext test_target4 a4 = Rack::Lint.new c4 a5 = Rack::Lint.new test_app r1 = c1.call('hello') r1.must_equal 'hello world' r2 = c2.call(2) r2.must_equal 4 r3 = c3.call(:misc_symbol) r3.must_be_nil r4 = Rack::MockRequest.new(a4).get('/') r4.status.must_equal 200 r5 = Rack::MockRequest.new(a5).get('/') r5.status.must_equal 200 r4.body.must_equal r5.body end end rack-2.1.4/test/spec_version.rb000066400000000000000000000003561367177163600164660ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack' describe Rack do describe 'version' do it 'defaults to a hard-coded api version' do Rack.version.must_equal "1.3" end end end rack-2.1.4/test/spec_webrick.rb000066400000000000000000000141271367177163600164300ustar00rootroot00000000000000# frozen_string_literal: true require 'minitest/global_expectations/autorun' require 'rack/mock' require 'thread' require File.expand_path('../testrequest', __FILE__) Thread.abort_on_exception = true describe Rack::Handler::WEBrick do include TestRequest::Helpers before do @server = WEBrick::HTTPServer.new(Host: @host = '127.0.0.1', Port: @port = 9202, Logger: WEBrick::Log.new(nil, WEBrick::BasicLog::WARN), AccessLog: []) @server.mount "/test", Rack::Handler::WEBrick, Rack::Lint.new(TestRequest.new) @thread = Thread.new { @server.start } trap(:INT) { @server.shutdown } @status_thread = Thread.new do seconds = 10 wait_time = 0.1 until is_running? || seconds <= 0 seconds -= wait_time sleep wait_time end raise "Server never reached status 'Running'" unless is_running? end end def is_running? @server.status == :Running end it "respond" do GET("/test") status.must_equal 200 end it "be a WEBrick" do GET("/test") status.must_equal 200 response["SERVER_SOFTWARE"].must_match(/WEBrick/) response["HTTP_VERSION"].must_equal "HTTP/1.1" response["SERVER_PROTOCOL"].must_equal "HTTP/1.1" response["SERVER_PORT"].must_equal "9202" response["SERVER_NAME"].must_equal "127.0.0.1" end it "have rack headers" do GET("/test") response["rack.version"].must_equal [1, 3] response["rack.multithread"].must_equal true assert_equal false, response["rack.multiprocess"] assert_equal false, response["rack.run_once"] end it "have CGI headers on GET" do GET("/test") response["REQUEST_METHOD"].must_equal "GET" response["SCRIPT_NAME"].must_equal "/test" response["REQUEST_PATH"].must_equal "/test" response["PATH_INFO"].must_equal "" response["QUERY_STRING"].must_equal "" response["test.postdata"].must_equal "" GET("/test/foo?quux=1") response["REQUEST_METHOD"].must_equal "GET" response["SCRIPT_NAME"].must_equal "/test" response["REQUEST_PATH"].must_equal "/test/foo" response["PATH_INFO"].must_equal "/foo" response["QUERY_STRING"].must_equal "quux=1" GET("/test/foo%25encoding?quux=1") response["REQUEST_METHOD"].must_equal "GET" response["SCRIPT_NAME"].must_equal "/test" response["REQUEST_PATH"].must_equal "/test/foo%25encoding" response["PATH_INFO"].must_equal "/foo%25encoding" response["QUERY_STRING"].must_equal "quux=1" end it "have CGI headers on POST" do POST("/test", { "rack-form-data" => "23" }, { 'X-test-header' => '42' }) status.must_equal 200 response["REQUEST_METHOD"].must_equal "POST" response["SCRIPT_NAME"].must_equal "/test" response["REQUEST_PATH"].must_equal "/test" response["PATH_INFO"].must_equal "" response["QUERY_STRING"].must_equal "" response["HTTP_X_TEST_HEADER"].must_equal "42" response["test.postdata"].must_equal "rack-form-data=23" end it "support HTTP auth" do GET("/test", { user: "ruth", passwd: "secret" }) response["HTTP_AUTHORIZATION"].must_equal "Basic cnV0aDpzZWNyZXQ=" end it "set status" do GET("/test?secret") status.must_equal 403 response["rack.url_scheme"].must_equal "http" end it "correctly set cookies" do @server.mount "/cookie-test", Rack::Handler::WEBrick, Rack::Lint.new(lambda { |req| res = Rack::Response.new res.set_cookie "one", "1" res.set_cookie "two", "2" res.finish }) Net::HTTP.start(@host, @port) { |http| res = http.get("/cookie-test") res.code.to_i.must_equal 200 res.get_fields("set-cookie").must_equal ["one=1", "two=2"] } end it "provide a .run" do queue = Queue.new t = Thread.new do Rack::Handler::WEBrick.run(lambda {}, { Host: '127.0.0.1', Port: 9210, Logger: WEBrick::Log.new(nil, WEBrick::BasicLog::WARN), AccessLog: [] }) { |server| assert_kind_of WEBrick::HTTPServer, server queue.push(server) } end server = queue.pop # The server may not yet have started: wait for it seconds = 10 wait_time = 0.1 until server.status == :Running || seconds <= 0 seconds -= wait_time sleep wait_time end raise "Server never reached status 'Running'" unless server.status == :Running server.shutdown t.join end it "return repeated headers" do @server.mount "/headers", Rack::Handler::WEBrick, Rack::Lint.new(lambda { |req| [ 401, { "Content-Type" => "text/plain", "WWW-Authenticate" => "Bar realm=X\nBaz realm=Y" }, [""] ] }) Net::HTTP.start(@host, @port) { |http| res = http.get("/headers") res.code.to_i.must_equal 401 res["www-authenticate"].must_equal "Bar realm=X, Baz realm=Y" } end it "support Rack partial hijack" do io_lambda = lambda{ |io| 5.times do io.write "David\r\n" end io.close } @server.mount "/partial", Rack::Handler::WEBrick, Rack::Lint.new(lambda{ |req| [ 200, [ [ "rack.hijack", io_lambda ] ], [""] ] }) Net::HTTP.start(@host, @port){ |http| res = http.get("/partial") res.body.must_equal "David\r\nDavid\r\nDavid\r\nDavid\r\nDavid\r\n" } end it "produce correct HTTP semantics with and without app chunking" do @server.mount "/chunked", Rack::Handler::WEBrick, Rack::Lint.new(lambda{ |req| [ 200, { "Transfer-Encoding" => "chunked" }, ["7\r\nchunked\r\n0\r\n\r\n"] ] }) Net::HTTP.start(@host, @port){ |http| res = http.get("/chunked") res["Transfer-Encoding"].must_equal "chunked" res["Content-Length"].must_be_nil res.body.must_equal "chunked" } end after do @status_thread.join @server.shutdown @thread.join end end rack-2.1.4/test/static/000077500000000000000000000000001367177163600147255ustar00rootroot00000000000000rack-2.1.4/test/static/another/000077500000000000000000000000001367177163600163655ustar00rootroot00000000000000rack-2.1.4/test/static/another/index.html000066400000000000000000000000171367177163600203600ustar00rootroot00000000000000another index! rack-2.1.4/test/static/foo.html000066400000000000000000000000121367177163600163670ustar00rootroot00000000000000foo.html! rack-2.1.4/test/static/index.html000066400000000000000000000000071367177163600167170ustar00rootroot00000000000000index! rack-2.1.4/test/testrequest.rb000066400000000000000000000037341367177163600163620ustar00rootroot00000000000000# frozen_string_literal: true require 'yaml' require 'net/http' require 'rack/lint' class TestRequest NOSERIALIZE = [Method, Proc, Rack::Lint::InputWrapper] def call(env) status = env["QUERY_STRING"] =~ /secret/ ? 403 : 200 env["test.postdata"] = env["rack.input"].read minienv = env.dup # This may in the future want to replace with a dummy value instead. minienv.delete_if { |k, v| NOSERIALIZE.any? { |c| v.kind_of?(c) } } body = minienv.to_yaml size = body.bytesize [status, { "Content-Type" => "text/yaml", "Content-Length" => size.to_s }, [body]] end module Helpers attr_reader :status, :response ROOT = File.expand_path(File.dirname(__FILE__) + "/..") ENV["RUBYOPT"] = "-I#{ROOT}/lib -rubygems" def root ROOT end def rackup "#{ROOT}/bin/rackup" end def GET(path, header = {}) Net::HTTP.start(@host, @port) { |http| user = header.delete(:user) passwd = header.delete(:passwd) get = Net::HTTP::Get.new(path, header) get.basic_auth user, passwd if user && passwd http.request(get) { |response| @status = response.code.to_i begin @response = YAML.load(response.body) rescue TypeError, ArgumentError @response = nil end } } end def POST(path, formdata = {}, header = {}) Net::HTTP.start(@host, @port) { |http| user = header.delete(:user) passwd = header.delete(:passwd) post = Net::HTTP::Post.new(path, header) post.form_data = formdata post.basic_auth user, passwd if user && passwd http.request(post) { |response| @status = response.code.to_i @response = YAML.load(response.body) } } end end end class StreamingRequest def self.call(env) [200, { "Content-Type" => "text/plain" }, new] end def each yield "hello there!\n" sleep 5 yield "that is all.\n" end end rack-2.1.4/test/unregistered_handler/000077500000000000000000000000001367177163600176335ustar00rootroot00000000000000rack-2.1.4/test/unregistered_handler/rack/000077500000000000000000000000001367177163600205535ustar00rootroot00000000000000rack-2.1.4/test/unregistered_handler/rack/handler/000077500000000000000000000000001367177163600221705ustar00rootroot00000000000000rack-2.1.4/test/unregistered_handler/rack/handler/unregistered.rb000066400000000000000000000002531367177163600252150ustar00rootroot00000000000000# frozen_string_literal: true module Rack module Handler # this class doesn't do anything, we're just seeing if we get it. class Unregistered end end end rack-2.1.4/test/unregistered_handler/rack/handler/unregistered_long_one.rb000066400000000000000000000002621367177163600270750ustar00rootroot00000000000000# frozen_string_literal: true module Rack module Handler # this class doesn't do anything, we're just seeing if we get it. class UnregisteredLongOne end end end