kotovalexarian-likes-github/puma--puma
1
0
Fork 0
mirror of https://github.com/puma/puma.git synced 2022-11-09 13:48:40 -05:00
Code Releases Activity
puma--puma/lib/puma/client.rb

597 lines
15 KiB
Ruby
Raw Normal View History

Freeze all the strings! Reduces runtime allocation by freezing string literals by default. We could also remove a ton of manual `.freeze` calls, however the ruby supported version is 2.2 and the magic comment only targets 2.3+.
2018-09-17 11:41:14 -05:00
# frozen_string_literal: true
Work around JRuby buffering the request inside #accept
2012-08-09 16:54:55 -07:00
class IO
Cleanup the JRuby specific fix
2012-08-10 19:35:47 -07:00
# We need to use this for a jruby work around on both 1.8 and 1.9.
# So this either creates the constant (on 1.8), or harmlessly
# reopens it (on 1.9).
Work around JRuby buffering the request inside #accept
2012-08-09 16:54:55 -07:00
module WaitReadable
end
end
Cleanup the JRuby specific fix
2012-08-10 19:35:47 -07:00
require 'puma/detect'
Implement chunked request handling. Fixes #620
2016-07-24 22:02:23 -07:00
require 'tempfile'
Remove Puma::Delegation (#2000) Replace with Forwardable.
2019-10-01 18:05:46 +02:00
require 'forwardable'
Cleanup the JRuby specific fix
2012-08-10 19:35:47 -07:00
if Puma::IS_JRUBY
# We have to work around some OpenSSL buffer/io-readiness bugs
# so we pull it in regardless of if the user is binding
# to an SSL socket
require 'openssl'
end
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
module Puma
Handle all read exceptions properly. Fixes #252
2013-06-01 14:20:45 -07:00
class ConnectionError < RuntimeError; end
Merge pull request from GHSA-h99w-9q5r-gjq9 * Fix tests when run on GH Actions and repo isn't named 'puma' * Test updates for CVE * Lib Updates for CVE * cleint.rb - make validation values constants Co-authored-by: MSP-Greg <Greg.mpls@gmail.com>
2022-03-30 08:06:46 -06:00
class HttpParserError501 < IOError; end
Doc Puma::Client
2018-05-01 15:42:05 -05:00
# An instance of this class represents a unique request from a client.
English corrections in Client docs [ci skip]
2019-09-20 13:21:19 +02:00
# For example, this could be a web request from a browser or from CURL.
Doc Puma::Client
2018-05-01 15:42:05 -05:00
#
# An instance of `Puma::Client` can be used as if it were an IO object
English corrections in Client docs [ci skip]
2019-09-20 13:21:19 +02:00
# by the reactor. The reactor is expected to call `#to_io`
# on any non-IO objects it polls. For example, nio4r internally calls
Updates docs, removes refs. to IO.select() [ci skip]
2019-06-11 17:06:25 -04:00
# `IO::try_convert` (which may call `#to_io`) when a new socket is
# registered.
Doc Puma::Client
2018-05-01 15:42:05 -05:00
#
# Instances of this class are responsible for knowing if
# the header and body are fully buffered via the `try_to_finish` method.
# They can be used to "time out" a response via the `timeout_at` reader.
Merge pull request from GHSA-h99w-9q5r-gjq9 * Fix tests when run on GH Actions and repo isn't named 'puma' * Test updates for CVE * Lib Updates for CVE * cleint.rb - make validation values constants Co-authored-by: MSP-Greg <Greg.mpls@gmail.com>
2022-03-30 08:06:46 -06:00
#
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
class Client
Merge pull request from GHSA-h99w-9q5r-gjq9 * Fix tests when run on GH Actions and repo isn't named 'puma' * Test updates for CVE * Lib Updates for CVE * cleint.rb - make validation values constants Co-authored-by: MSP-Greg <Greg.mpls@gmail.com>
2022-03-30 08:06:46 -06:00
# this tests all values but the last, which must be chunked
ALLOWED_TRANSFER_ENCODING = %w[compress deflate gzip].freeze
# chunked body validation
CHUNK_SIZE_INVALID = /[^\h]/.freeze
CHUNK_VALID_ENDING = "\r\n".freeze
# Content-Length header value validation
CONTENT_LENGTH_VALUE_INVALID = /[^\d]/.freeze
TE_ERR_MSG = 'Invalid Transfer-Encoding'
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
# The object used for a request with no body. All requests with
# no body share this one object since it has no state.
EmptyBody = NullIO.new
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
include Puma::Const
Remove Puma::Delegation (#2000) Replace with Forwardable.
2019-10-01 18:05:46 +02:00
extend Forwardable
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
Add experimental tcp mode (aka lopez express mode)
2013-08-07 16:36:04 -07:00
def initialize(io, env=nil)
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
@io = io
@to_io = io.to_io
@proto_env = env
Add experimental tcp mode (aka lopez express mode)
2013-08-07 16:36:04 -07:00
if !env
@env = nil
else
@env = env.dup
end
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
@parser = HttpParser.new
@parsed_bytes = 0
@read_header = true
add support for the PROXY protocol (v1 only) (#2654) * add support for the PROXY protocol (v1 only) * slightly simplify test * address review feedback * move PROXY protocol parsing into its own method; avoid issue with short reads The HTTP parser requires that the buffer be non-empty when it's invoked, but if the entire buffer was the PROXY protocol, we may sometimes invoke it with an empty buffer. This causes the following error: Puma::HttpParserError: Requested start is after data buffer end. The fix? Any time we consume the entire buffer for the PROXY protocol, simply return `false` to indicate that we require more data.
2021-09-07 06:21:03 -07:00
@read_proxy = false
Speed up good, eager clients
2012-07-23 14:29:33 -07:00
@ready = false
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
@body = nil
small fixes - binder.rb client.rb test_integration.rb (#1784) Fixes errors/warning shown in CI
2019-04-26 22:06:48 -05:00
@body_read_start = nil
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
@buffer = nil
Be sure to unlink tempfiles after a request. Fixes #690
2015-04-21 09:48:13 -06:00
@tempfile = nil
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
@timeout_at = nil
Work around JRuby buffering the request inside #accept
2012-08-09 16:54:55 -07:00
@requests_served = 0
Add support for the rack hijack protocol
2013-02-05 22:39:16 -08:00
@hijacked = false
Add 'set_remote_address' config option
2016-01-06 10:12:09 -08:00
@peerip = nil
use the connected family to determine whether to show IPv4 or IPv6 unspec/localhost addresses
2021-07-13 14:30:55 -07:00
@peer_family = nil
Improvements to keepalive-connection shedding (#2628) * Improvements to keepalive-connection shedding * alternative still using max_fast_inline * fix
2021-05-20 09:16:02 -07:00
@listener = nil
Add 'set_remote_address' config option
2016-01-06 10:12:09 -08:00
@remote_addr_header = nil
add support for the PROXY protocol (v1 only) (#2654) * add support for the PROXY protocol (v1 only) * slightly simplify test * address review feedback * move PROXY protocol parsing into its own method; avoid issue with short reads The HTTP parser requires that the buffer be non-empty when it's invoked, but if the entire buffer was the PROXY protocol, we may sometimes invoke it with an empty buffer. This causes the following error: Puma::HttpParserError: Requested start is after data buffer end. The fix? Any time we consume the entire buffer for the PROXY protocol, simply return `false` to indicate that we require more data.
2021-09-07 06:21:03 -07:00
@expect_proxy_proto = false
Move around some code and deal with test failures
2019-02-20 08:42:33 -08:00
@body_remain = 0
Fix a bug that the last CRLF of chunked body may be used in the next request (#1812) * Fix a bug that the last CRLF of chunked body may be used in the next request The last CRLF of chunked body is checked by #1607. But it's incomplete. If a client sends the last CRLF (or just LF) after Puma processes "0\r\n" line, the last CRLF (or just LF) isn't dropped in the "0\r\n" process: https://github.com/puma/puma/blob/675344e8609509b0d767ae7680436b3b382d8394/lib/puma/client.rb#L183-L192 if line.end_with?("\r\n") len = line.strip.to_i(16) if len == 0 @body.rewind rest = io.read # rest is "" with no the last CRLF case and # "\r" with no last LF case. # rest.start_with?("\r\n") returns false for # Both of these cases. rest = rest[2..-1] if rest.start_with?("\r\n") @buffer = rest.empty? ? nil : rest set_ready return true end The unprocessed last CRLF (or LF) is used as the first data in the next request. Because Puma::Client#reset sets `@parsed_bytes` to 0. https://github.com/puma/puma/blob/675344e8609509b0d767ae7680436b3b382d8394/lib/puma/client.rb#L100-L109 def reset(fast_check=true) @parsed_bytes = 0 It means that data in `@buffer` (it's "\r" in no the last LF case) and unread data in input socket (it's "\r\n" in no the last CRLF case and "\n" in no the last LF case) are used used as the first data in the next request. This change fixes these cases by the followings: * Ensures reading the last CRLF by setting `@partial_part_left` when CRLF isn't read in processing "0\r\n" line. * Introduces a `@in_last_chunk` new state to detect whether the last CRLF is waiting or not. It's reset in Puma::Client#reset. * Remove unnecessary returns https://github.com/puma/puma/pull/1812#discussion_r307806310 is the location where this rule is made. * Add missing last CRLF for chunked request in tests
2019-08-04 07:52:09 +09:00
@in_last_chunk = false
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
end
Be sure to unlink tempfiles after a request. Fixes #690
2015-04-21 09:48:13 -06:00
attr_reader :env, :to_io, :body, :io, :timeout_at, :ready, :hijacked,
:tempfile
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
Add 'set_remote_address' config option
2016-01-06 10:12:09 -08:00
attr_writer :peerip
Improvements to keepalive-connection shedding (#2628) * Improvements to keepalive-connection shedding * alternative still using max_fast_inline * fix
2021-05-20 09:16:02 -07:00
attr_accessor :remote_addr_header, :listener
Add 'set_remote_address' config option
2016-01-06 10:12:09 -08:00
Remove Puma::Delegation (#2000) Replace with Forwardable.
2019-10-01 18:05:46 +02:00
def_delegators :@io, :closed?
Expose closed? for use by the reactor. Fixes #835
2016-02-25 13:17:47 -08:00
Add Client#io_ok?, check before Reactor#register (#2432)
2020-10-25 14:58:49 -05:00
# Test to see if io meets a bare minimum of functioning, @to_io needs to be
# used for MiniSSL::Socket
def io_ok?
@to_io.is_a?(::BasicSocket) && !closed?
end
Add more @!attribute tags [skip ci] (#2385)
2020-09-25 13:50:57 -05:00
# @!attribute [r] inspect
Work around JRuby buffering the request inside #accept
2012-08-09 16:54:55 -07:00
def inspect
"#<Puma::Client:0x#{object_id.to_s(16)} @ready=#{@ready.inspect}>"
end
Add support for the rack hijack protocol
2013-02-05 22:39:16 -08:00
# For the hijack protocol (allows us to just put the Client object
# into the env)
def call
@hijacked = true
env[HIJACK_IO] ||= @io
end
Add more @!attribute tags [skip ci] (#2385)
2020-09-25 13:50:57 -05:00
# @!attribute [r] in_data_phase
only send 408 if in the data phase.
2014-01-30 17:37:38 -05:00
def in_data_phase
add support for the PROXY protocol (v1 only) (#2654) * add support for the PROXY protocol (v1 only) * slightly simplify test * address review feedback * move PROXY protocol parsing into its own method; avoid issue with short reads The HTTP parser requires that the buffer be non-empty when it's invoked, but if the entire buffer was the PROXY protocol, we may sometimes invoke it with an empty buffer. This causes the following error: Puma::HttpParserError: Requested start is after data buffer end. The fix? Any time we consume the entire buffer for the PROXY protocol, simply return `false` to indicate that we require more data.
2021-09-07 06:21:03 -07:00
!(@read_header || @read_proxy)
only send 408 if in the data phase.
2014-01-30 17:37:38 -05:00
end
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
def set_timeout(val)
Reactor refactor (#2279) * Refactor Reactor and Client request buffering Refactor Reactor into a more generic IO-with-timeout monitor, using a Queue to simplify the implementation. Move request-buffering logic into Server#reactor_wakeup. Fixes bug in managing timeouts on clients. Move, update and rewrite documentation to match updated class structure. * Fix a few concurrency bugs - In `Reactor#shutdown`, `@selector` can be closed before the call to `#wakeup`, so catch/ignore the `IOError` that may be thrown. - `Reactor#wakeup!` can delete elements from the `@timeouts` array so calling it from an `#each` block can cause the array iteration to miss elements. Call @block directly instead. - Change `Reactor#add` to return `false` if the reactor is already shut down instead of invoking the block immediately, so a client-request currently being processed can continue, rather than re-adding to the thread-pool (which may already be shutting down and unable to accept new work). Co-authored-by: Nate Berkopec <nate.berkopec@gmail.com>
2020-10-06 06:22:53 -07:00
@timeout_at = Process.clock_gettime(Process::CLOCK_MONOTONIC) + val
end
# Number of seconds until the timeout elapses.
def timeout
[@timeout_at - Process.clock_gettime(Process::CLOCK_MONOTONIC), 0].max
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
end
If trying to stop running, don't do the fast check
2012-09-09 19:51:36 -07:00
def reset(fast_check=true)
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
@parser.reset
@read_header = true
add support for the PROXY protocol (v1 only) (#2654) * add support for the PROXY protocol (v1 only) * slightly simplify test * address review feedback * move PROXY protocol parsing into its own method; avoid issue with short reads The HTTP parser requires that the buffer be non-empty when it's invoked, but if the entire buffer was the PROXY protocol, we may sometimes invoke it with an empty buffer. This causes the following error: Puma::HttpParserError: Requested start is after data buffer end. The fix? Any time we consume the entire buffer for the PROXY protocol, simply return `false` to indicate that we require more data.
2021-09-07 06:21:03 -07:00
@read_proxy = !!@expect_proxy_proto
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
@env = @proto_env.dup
@body = nil
Be sure to unlink tempfiles after a request. Fixes #690
2015-04-21 09:48:13 -06:00
@tempfile = nil
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
@parsed_bytes = 0
Speed up good, eager clients
2012-07-23 14:29:33 -07:00
@ready = false
Move around some code and deal with test failures
2019-02-20 08:42:33 -08:00
@body_remain = 0
reset peerip only if remote_addr_header is set (#2609)
2021-04-26 22:38:48 +08:00
@peerip = nil if @remote_addr_header
Fix a bug that the last CRLF of chunked body may be used in the next request (#1812) * Fix a bug that the last CRLF of chunked body may be used in the next request The last CRLF of chunked body is checked by #1607. But it's incomplete. If a client sends the last CRLF (or just LF) after Puma processes "0\r\n" line, the last CRLF (or just LF) isn't dropped in the "0\r\n" process: https://github.com/puma/puma/blob/675344e8609509b0d767ae7680436b3b382d8394/lib/puma/client.rb#L183-L192 if line.end_with?("\r\n") len = line.strip.to_i(16) if len == 0 @body.rewind rest = io.read # rest is "" with no the last CRLF case and # "\r" with no last LF case. # rest.start_with?("\r\n") returns false for # Both of these cases. rest = rest[2..-1] if rest.start_with?("\r\n") @buffer = rest.empty? ? nil : rest set_ready return true end The unprocessed last CRLF (or LF) is used as the first data in the next request. Because Puma::Client#reset sets `@parsed_bytes` to 0. https://github.com/puma/puma/blob/675344e8609509b0d767ae7680436b3b382d8394/lib/puma/client.rb#L100-L109 def reset(fast_check=true) @parsed_bytes = 0 It means that data in `@buffer` (it's "\r" in no the last LF case) and unread data in input socket (it's "\r\n" in no the last CRLF case and "\n" in no the last LF case) are used used as the first data in the next request. This change fixes these cases by the followings: * Ensures reading the last CRLF by setting `@partial_part_left` when CRLF isn't read in processing "0\r\n" line. * Introduces a `@in_last_chunk` new state to detect whether the last CRLF is waiting or not. It's reset in Puma::Client#reset. * Remove unnecessary returns https://github.com/puma/puma/pull/1812#discussion_r307806310 is the location where this rule is made. * Add missing last CRLF for chunked request in tests
2019-08-04 07:52:09 +09:00
@in_last_chunk = false
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
if @buffer
add support for the PROXY protocol (v1 only) (#2654) * add support for the PROXY protocol (v1 only) * slightly simplify test * address review feedback * move PROXY protocol parsing into its own method; avoid issue with short reads The HTTP parser requires that the buffer be non-empty when it's invoked, but if the entire buffer was the PROXY protocol, we may sometimes invoke it with an empty buffer. This causes the following error: Puma::HttpParserError: Requested start is after data buffer end. The fix? Any time we consume the entire buffer for the PROXY protocol, simply return `false` to indicate that we require more data.
2021-09-07 06:21:03 -07:00
return false unless try_to_parse_proxy_protocol
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
@parsed_bytes = @parser.execute(@env, @buffer, @parsed_bytes)
if @parser.finished?
return setup_body
elsif @parsed_bytes >= MAX_HEADER
raise HttpParserError,
"HEADER is longer than allowed, aborting client early."
end
return false
Move around some code and deal with test failures
2019-02-20 08:42:33 -08:00
else
begin
Replace IO.select with IO#wait_* when checking a single IO (#2666) * Replace IO.select with IO#wait_* when checking a single IO * helpers/integration.rb - fix Darwin UNIXSocket errors
2021-07-25 14:27:20 -05:00
if fast_check && @to_io.wait_readable(FAST_TRACK_KA_TIMEOUT)
Move around some code and deal with test failures
2019-02-20 08:42:33 -08:00
return try_to_finish
end
rescue IOError
# swallow it
end
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
end
end
def close
Ignore sockets that are already closed
2012-07-24 17:24:44 -07:00
begin
@io.close
Rescue `Errno::EBADF` in `Client#close` (#2748) Spotted happening in CI: https://github.com/puma/puma/runs/4095295281?check_suite_focus=true 2021-11-03 16:34:54 +0000 Exception handling servers: #<Errno::EBADF: Bad file descriptor>/Users/runner/work/puma/puma/lib/puma/client.rb:163:in `close': Bad file descriptor (Errno::EBADF) TestRackServer#test_large_post_body = from /Users/runner/work/puma/puma/lib/puma/client.rb:163:in `close'
2021-11-06 12:13:44 +01:00
rescue IOError, Errno::EBADF
Extract calls to purge_interrupt_queue (#2716) * Extract calls to purge_interrupt_queue Move calls to Thread#purge_interrupt_queue to a module function. This means if/when this pattern needs to change it can change in one place instead of a dozen or more places. * Update comment on purge_interrupt_queue [ci skip]
2021-10-01 15:11:15 -05:00
Puma::Util.purge_interrupt_queue
Ignore sockets that are already closed
2012-07-24 17:24:44 -07:00
end
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
end
add support for the PROXY protocol (v1 only) (#2654) * add support for the PROXY protocol (v1 only) * slightly simplify test * address review feedback * move PROXY protocol parsing into its own method; avoid issue with short reads The HTTP parser requires that the buffer be non-empty when it's invoked, but if the entire buffer was the PROXY protocol, we may sometimes invoke it with an empty buffer. This causes the following error: Puma::HttpParserError: Requested start is after data buffer end. The fix? Any time we consume the entire buffer for the PROXY protocol, simply return `false` to indicate that we require more data.
2021-09-07 06:21:03 -07:00
# If necessary, read the PROXY protocol from the buffer. Returns
# false if more data is needed.
def try_to_parse_proxy_protocol
if @read_proxy
if @expect_proxy_proto == :v1
if @buffer.include? "\r\n"
if md = PROXY_PROTOCOL_V1_REGEX.match(@buffer)
if md[1]
@peerip = md[1].split(" ")[0]
end
@buffer = md.post_match
end
# if the buffer has a \r\n but doesn't have a PROXY protocol
# request, this is just HTTP from a non-PROXY client; move on
@read_proxy = false
return @buffer.size > 0
else
return false
end
end
end
true
end
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
def try_to_finish
add support for the PROXY protocol (v1 only) (#2654) * add support for the PROXY protocol (v1 only) * slightly simplify test * address review feedback * move PROXY protocol parsing into its own method; avoid issue with short reads The HTTP parser requires that the buffer be non-empty when it's invoked, but if the entire buffer was the PROXY protocol, we may sometimes invoke it with an empty buffer. This causes the following error: Puma::HttpParserError: Requested start is after data buffer end. The fix? Any time we consume the entire buffer for the PROXY protocol, simply return `false` to indicate that we require more data.
2021-09-07 06:21:03 -07:00
return read_body if in_data_phase
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
Handle SSL eof and nonblocking
2012-08-22 22:34:10 -07:00
begin
data = @io.read_nonblock(CHUNK_SIZE)
Rescue IO::WaitReadable instead of EAGAIN for blocking read (#2121) * Add test for waiting with an open client connection * Rescue IO::WaitReadable instead of EAGAIN for blocking read On Windows, `read_nonblock` raises `Errno::EWOULDBLOCK` if a blocking read would occur, which is a different value from `Errno::EAGAIN`. Both of these errors are extended by `IO::WaitReadable` which is Ruby's recommended exception class for retrying `read_nonblock`.
2020-02-21 08:26:38 -08:00
rescue IO::WaitReadable
Handle SSL eof and nonblocking
2012-08-22 22:34:10 -07:00
return false
[close #2371] Do not log EOFError (#2384) * Failing test for #2371 The EOF can be triggered by opening a connection, not writing to it, then closing the connection. When this happens we can detect if an error was logged or not by inspecting the stderr string. This test fails * [close #2371] Do not log EOFError This is a continuation from #2382. One of the ways that an EOFError can be triggered is by opening a connection, not writing to it, then closing it (there may be others). This should be an expected and non-exceptional activity. When it happens we should not log it. This commit gets the test in the prior commit to pass. The change to client.rb makes sense to me as this is the initial place where we're reading from the socket and then finding out the stream has been closed. Im not quite sure why the code in server.rb is needed. I think this comes from when the server is shutting down and trying to finish out connections. I don't think this is the 100% right way to do things. I'm guessing that if we get an EOFError on a connection we should somehow consider it "dead" and never try to read from it again. I don't know if there's a better way to signify this in the `try_to_finish` method of client.rb
2020-09-27 11:29:28 -05:00
rescue EOFError
# Swallow error, don't log
rescue SystemCallError, IOError
Handle all read exceptions properly. Fixes #252
2013-06-01 14:20:45 -07:00
raise ConnectionError, "Connection error detected during read"
Handle SSL eof and nonblocking
2012-08-22 22:34:10 -07:00
end
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
Deal with read_nonblock returning nil early
2018-01-19 08:58:31 -08:00
# No data means a closed socket
unless data
@buffer = nil
Request body read time metric Measure the time spent reading the HTTP request body and expose it to the Rack app as `env['puma.request_body_wait']`. This can be combined with a timestamp from a upstream proxy to get an indication of how long a request was waiting for a Puma thread to become available. Fixes https://github.com/puma/puma/issues/1541
2018-04-24 15:54:51 -03:00
set_ready
Deal with read_nonblock returning nil early
2018-01-19 08:58:31 -08:00
raise EOFError
end
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
if @buffer
@buffer << data
else
@buffer = data
end
add support for the PROXY protocol (v1 only) (#2654) * add support for the PROXY protocol (v1 only) * slightly simplify test * address review feedback * move PROXY protocol parsing into its own method; avoid issue with short reads The HTTP parser requires that the buffer be non-empty when it's invoked, but if the entire buffer was the PROXY protocol, we may sometimes invoke it with an empty buffer. This causes the following error: Puma::HttpParserError: Requested start is after data buffer end. The fix? Any time we consume the entire buffer for the PROXY protocol, simply return `false` to indicate that we require more data.
2021-09-07 06:21:03 -07:00
return false unless try_to_parse_proxy_protocol
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
@parsed_bytes = @parser.execute(@env, @buffer, @parsed_bytes)
if @parser.finished?
return setup_body
elsif @parsed_bytes >= MAX_HEADER
raise HttpParserError,
"HEADER is longer than allowed, aborting client early."
end
Remove support for 1.8.7 and 1.9.2.
2016-09-01 23:57:38 +02:00
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
false
end
client.rb - remove JRuby specific 'finish' code (#2412) Remove JRuby specific methods: #jruby_start_try_to_finish #eagerly_finish
2020-10-06 08:12:41 -05:00
def eagerly_finish
return true if @ready
Replace IO.select with IO#wait_* when checking a single IO (#2666) * Replace IO.select with IO#wait_* when checking a single IO * helpers/integration.rb - fix Darwin UNIXSocket errors
2021-07-25 14:27:20 -05:00
return false unless @to_io.wait_readable(0)
client.rb - remove JRuby specific 'finish' code (#2412) Remove JRuby specific methods: #jruby_start_try_to_finish #eagerly_finish
2020-10-06 08:12:41 -05:00
try_to_finish
end
Speed up good, eager clients
2012-07-23 14:29:33 -07:00
Send 408 request timeout even when queue requests is disabled (#2119)
2020-02-20 04:36:34 -08:00
def finish(timeout)
Reactor refactor (#2279) * Refactor Reactor and Client request buffering Refactor Reactor into a more generic IO-with-timeout monitor, using a Queue to simplify the implementation. Move request-buffering logic into Server#reactor_wakeup. Fixes bug in managing timeouts on clients. Move, update and rewrite documentation to match updated class structure. * Fix a few concurrency bugs - In `Reactor#shutdown`, `@selector` can be closed before the call to `#wakeup`, so catch/ignore the `IOError` that may be thrown. - `Reactor#wakeup!` can delete elements from the `@timeouts` array so calling it from an `#each` block can cause the array iteration to miss elements. Call @block directly instead. - Change `Reactor#add` to return `false` if the reactor is already shut down instead of invoking the block immediately, so a client-request currently being processed can continue, rather than re-adding to the thread-pool (which may already be shutting down and unable to accept new work). Co-authored-by: Nate Berkopec <nate.berkopec@gmail.com>
2020-10-06 06:22:53 -07:00
return if @ready
Replace IO.select with IO#wait_* when checking a single IO (#2666) * Replace IO.select with IO#wait_* when checking a single IO * helpers/integration.rb - fix Darwin UNIXSocket errors
2021-07-25 14:27:20 -05:00
@to_io.wait_readable(timeout) || timeout! until try_to_finish
Reactor refactor (#2279) * Refactor Reactor and Client request buffering Refactor Reactor into a more generic IO-with-timeout monitor, using a Queue to simplify the implementation. Move request-buffering logic into Server#reactor_wakeup. Fixes bug in managing timeouts on clients. Move, update and rewrite documentation to match updated class structure. * Fix a few concurrency bugs - In `Reactor#shutdown`, `@selector` can be closed before the call to `#wakeup`, so catch/ignore the `IOError` that may be thrown. - `Reactor#wakeup!` can delete elements from the `@timeouts` array so calling it from an `#each` block can cause the array iteration to miss elements. Call @block directly instead. - Change `Reactor#add` to return `false` if the reactor is already shut down instead of invoking the block immediately, so a client-request currently being processed can continue, rather than re-adding to the thread-pool (which may already be shutting down and unable to accept new work). Co-authored-by: Nate Berkopec <nate.berkopec@gmail.com>
2020-10-06 06:22:53 -07:00
end
def timeout!
write_error(408) if in_data_phase
raise ConnectionError
Add a configuration option that prevents puma from queueing requests. With queue_requests set to true (the default), workers accept all requests and queue them before passing them to the handlers. With it set to false, each worker process accepts exactly as many requests as it is configured to simultaneously handle. In combination with threads 1, 1 this ensures that requests are balanced across workers in a single threaded application. This can avoid deadlocks when a single threaded app sends a request to itself. (For example, to generate a PDF.)
2015-01-20 13:20:39 +01:00
end
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
Client: refactor error response
2019-09-20 13:41:58 +02:00
def write_error(status_code)
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
begin
Client: refactor error response
2019-09-20 13:41:58 +02:00
@io << ERROR_RESPONSE[status_code]
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
rescue StandardError
end
end
def peerip
return @peerip if @peerip
if @remote_addr_header
when using remote_addr_header, default to the physical peeraddr instead of LOCALHOST; when the client disconects unexpectedly, default to the unspecified source IP instead of localhost
2021-06-30 12:58:20 -07:00
hdr = (@env[@remote_addr_header] || @io.peeraddr.last).split(/[\s,]/).first
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
@peerip = hdr
return hdr
end
@peerip ||= @io.peeraddr.last
end
use the connected family to determine whether to show IPv4 or IPv6 unspec/localhost addresses
2021-07-13 14:30:55 -07:00
def peer_family
return @peer_family if @peer_family
@peer_family ||= begin
@io.local_address.afamily
rescue
Socket::AF_INET
end
end
Pass queued requests to thread pool on server shutdown (#2122) * Pass queued requests to thread pool on server shutdown * handle ThreadPool::ForceShutdown when waiting for client request * Add extra shutdown-request test cases Cover various scenario combinations related to timeout settings, queue_requests configuration, and post/get request type. * Rename #idle? to #can_close? Update method documentation based on feedback.
2020-04-10 00:04:27 -07:00
# Returns true if the persistent connection can be closed immediately
# without waiting for the configured idle/shutdown timeout.
Documentation - add version info, misc fixes [ci skip] (#2368)
2020-09-17 10:15:19 -05:00
# @version 5.0.0
#
Pass queued requests to thread pool on server shutdown (#2122) * Pass queued requests to thread pool on server shutdown * handle ThreadPool::ForceShutdown when waiting for client request * Add extra shutdown-request test cases Cover various scenario combinations related to timeout settings, queue_requests configuration, and post/get request type. * Rename #idle? to #can_close? Update method documentation based on feedback.
2020-04-10 00:04:27 -07:00
def can_close?
Close idle connections immediately on shutdown (#2460)
2020-10-27 06:51:26 -07:00
# Allow connection to close if we're not in the middle of parsing a request.
@parsed_bytes == 0
Pass queued requests to thread pool on server shutdown (#2122) * Pass queued requests to thread pool on server shutdown * handle ThreadPool::ForceShutdown when waiting for client request * Add extra shutdown-request test cases Cover various scenario combinations related to timeout settings, queue_requests configuration, and post/get request type. * Rename #idle? to #can_close? Update method documentation based on feedback.
2020-04-10 00:04:27 -07:00
end
add support for the PROXY protocol (v1 only) (#2654) * add support for the PROXY protocol (v1 only) * slightly simplify test * address review feedback * move PROXY protocol parsing into its own method; avoid issue with short reads The HTTP parser requires that the buffer be non-empty when it's invoked, but if the entire buffer was the PROXY protocol, we may sometimes invoke it with an empty buffer. This causes the following error: Puma::HttpParserError: Requested start is after data buffer end. The fix? Any time we consume the entire buffer for the PROXY protocol, simply return `false` to indicate that we require more data.
2021-09-07 06:21:03 -07:00
def expect_proxy_proto=(val)
if val
if @read_header
@read_proxy = true
end
else
@read_proxy = false
end
@expect_proxy_proto = val
end
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
private
def setup_body
@body_read_start = Process.clock_gettime(Process::CLOCK_MONOTONIC, :millisecond)
if @env[HTTP_EXPECT] == CONTINUE
# TODO allow a hook here to check the headers before
# going forward
@io << HTTP_11_100
@io.flush
end
@read_header = false
body = @parser.body
te = @env[TRANSFER_ENCODING2]
Better handle client input
2020-05-18 16:01:53 -07:00
if te
Merge pull request from GHSA-h99w-9q5r-gjq9 * Fix tests when run on GH Actions and repo isn't named 'puma' * Test updates for CVE * Lib Updates for CVE * cleint.rb - make validation values constants Co-authored-by: MSP-Greg <Greg.mpls@gmail.com>
2022-03-30 08:06:46 -06:00
te_lwr = te.downcase
if te.include? ','
te_ary = te_lwr.split ','
te_count = te_ary.count CHUNKED
te_valid = te_ary[0..-2].all? { |e| ALLOWED_TRANSFER_ENCODING.include? e }
if te_ary.last == CHUNKED && te_count == 1 && te_valid
@env.delete TRANSFER_ENCODING2
return setup_chunked_body body
elsif te_count >= 1
raise HttpParserError , "#{TE_ERR_MSG}, multiple chunked: '#{te}'"
elsif !te_valid
raise HttpParserError501, "#{TE_ERR_MSG}, unknown value: '#{te}'"
Better handle client input
2020-05-18 16:01:53 -07:00
end
Merge pull request from GHSA-h99w-9q5r-gjq9 * Fix tests when run on GH Actions and repo isn't named 'puma' * Test updates for CVE * Lib Updates for CVE * cleint.rb - make validation values constants Co-authored-by: MSP-Greg <Greg.mpls@gmail.com>
2022-03-30 08:06:46 -06:00
elsif te_lwr == CHUNKED
@env.delete TRANSFER_ENCODING2
return setup_chunked_body body
elsif ALLOWED_TRANSFER_ENCODING.include? te_lwr
raise HttpParserError , "#{TE_ERR_MSG}, single value must be chunked: '#{te}'"
else
raise HttpParserError501 , "#{TE_ERR_MSG}, unknown value: '#{te}'"
Better handle client input
2020-05-18 16:01:53 -07:00
end
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
end
@chunked_body = false
cl = @env[CONTENT_LENGTH]
Merge pull request from GHSA-h99w-9q5r-gjq9 * Fix tests when run on GH Actions and repo isn't named 'puma' * Test updates for CVE * Lib Updates for CVE * cleint.rb - make validation values constants Co-authored-by: MSP-Greg <Greg.mpls@gmail.com>
2022-03-30 08:06:46 -06:00
if cl
# cannot contain characters that are not \d
if cl =~ CONTENT_LENGTH_VALUE_INVALID
raise HttpParserError, "Invalid Content-Length: #{cl.inspect}"
end
else
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
@buffer = body.empty? ? nil : body
@body = EmptyBody
set_ready
return true
end
remain = cl.to_i - body.bytesize
if remain <= 0
@body = StringIO.new(body)
@buffer = nil
set_ready
return true
end
if remain > MAX_BODY
@body = Tempfile.new(Const::PUMA_TMP_BASE)
Immediately unlink temporary files (#2613) Puma has a limit (`Puma::Const::MAX_BODY` - around 110 KiB) over which it will write request bodies to disk for handing off to the application. When it does this, the request body can be left on disk if the Puma process receives SIGKILL. Consider an extremely minimal `config.ru`: run(proc { [204, {}, []] }) If we then: 1. Start `puma`, noting the process ID. 2. Start a slow file transfer, using `curl --limit-rate 100k` (for example) and `-T $PATH_TO_LARGE_FILE`. 3. Watch `$TMPDIR/puma*`. We will see Puma start to write this temporary file. If we then send SIGKILL to Puma, the file won't be cleaned up. With this patch, it will - at least on POSIX systems. On Windows it may still be available. This is suggested in the Ruby Tempfile documentation, and even uses this specific example: https://ruby-doc.org/stdlib-2.7.2/libdoc/tempfile/rdoc/Tempfile.html#class-Tempfile-label-Unlink+after+creation > On POSIX systems, it's possible to unlink a file right after creating > it, and before closing it. This removes the filesystem entry without > closing the file handle, so it ensures that only the processes that > already had the file handle open can access the file’s contents. It's > strongly recommended that you do this if you do not want any other > processes to be able to read from or write to the Tempfile, and you do > not need to know the Tempfile's filename either. > > For example, a practical use case for unlink-after-creation would be > this: you need a large byte buffer that's too large to comfortably fit > in RAM, e.g. when you're writing a web server and you want to buffer > the client's file upload data.
2021-04-27 15:35:42 +01:00
@body.unlink
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
@body.binmode
@tempfile = @body
else
# The body[0,0] trick is to get an empty string in the same
# encoding as body.
@body = StringIO.new body[0,0]
end
@body.write body
@body_remain = remain
Add Rubocop for redundant returns
2021-06-10 12:28:35 -06:00
false
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
end
Add a configuration option that prevents puma from queueing requests. With queue_requests set to true (the default), workers accept all requests and queue them before passing them to the handlers. With it set to false, each worker process accepts exactly as many requests as it is configured to simultaneously handle. In combination with threads 1, 1 this ensures that requests are balanced across workers in a single threaded application. This can avoid deadlocks when a single threaded app sends a request to itself. (For example, to generate a PDF.)
2015-01-20 13:20:39 +01:00
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
def read_body
Implement chunked request handling. Fixes #620
2016-07-24 22:02:23 -07:00
if @chunked_body
return read_chunked_body
end
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
# Read an odd sized chunk so we can read even sized ones
# after this
remain = @body_remain
if remain > CHUNK_SIZE
want = CHUNK_SIZE
else
want = remain
end
Handle SSL eof and nonblocking
2012-08-22 22:34:10 -07:00
begin
chunk = @io.read_nonblock(want)
Rescue IO::WaitReadable instead of EAGAIN for blocking read (#2121) * Add test for waiting with an open client connection * Rescue IO::WaitReadable instead of EAGAIN for blocking read On Windows, `read_nonblock` raises `Errno::EWOULDBLOCK` if a blocking read would occur, which is a different value from `Errno::EAGAIN`. Both of these errors are extended by `IO::WaitReadable` which is Ruby's recommended exception class for retrying `read_nonblock`.
2020-02-21 08:26:38 -08:00
rescue IO::WaitReadable
Handle SSL eof and nonblocking
2012-08-22 22:34:10 -07:00
return false
Handle all read exceptions properly. Fixes #252
2013-06-01 14:20:45 -07:00
rescue SystemCallError, IOError
raise ConnectionError, "Connection error detected during read"
Handle SSL eof and nonblocking
2012-08-22 22:34:10 -07:00
end
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
# No chunk means a closed socket
unless chunk
@body.close
Don't accidentally replay requests over and over Client#reset uses the presence of @buffer to detect if there is a partial next request available. Thusly we have to be sure to nil it out after we use @buffer otherwise we'll accidentally replay the request over and over again.
2012-07-24 10:59:04 -07:00
@buffer = nil
Request body read time metric Measure the time spent reading the HTTP request body and expose it to the Rack app as `env['puma.request_body_wait']`. This can be combined with a timestamp from a upstream proxy to get an indication of how long a request was waiting for a Puma thread to become available. Fixes https://github.com/puma/puma/issues/1541
2018-04-24 15:54:51 -03:00
set_ready
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
raise EOFError
end
remain -= @body.write(chunk)
if remain <= 0
@body.rewind
Don't accidentally replay requests over and over Client#reset uses the presence of @buffer to detect if there is a partial next request available. Thusly we have to be sure to nil it out after we use @buffer otherwise we'll accidentally replay the request over and over again.
2012-07-24 10:59:04 -07:00
@buffer = nil
Request body read time metric Measure the time spent reading the HTTP request body and expose it to the Rack app as `env['puma.request_body_wait']`. This can be combined with a timestamp from a upstream proxy to get an indication of how long a request was waiting for a Puma thread to become available. Fixes https://github.com/puma/puma/issues/1541
2018-04-24 15:54:51 -03:00
set_ready
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
return true
end
@body_remain = remain
false
end
Write 400 on HTTP parse error. Fixes #142
2012-09-05 22:09:42 -07:00
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
def read_chunked_body
while true
begin
chunk = @io.read_nonblock(4096)
rescue IO::WaitReadable
return false
rescue SystemCallError, IOError
raise ConnectionError, "Connection error detected during read"
end
# No chunk means a closed socket
unless chunk
@body.close
@buffer = nil
set_ready
raise EOFError
end
Set CONTENT_LENGTH for chunked requests Chunked requests don't contain a Content-Length header, but Puma buffers the entire request body upfront, which means it can determine the length before dispatching to the application. The Rack spec doesn't mandate the presence of the CONTENT_LENGTH header, but it does refer to it as a "CGI key" and draws a distinction between it and the HTTP Content-Length header: https://github.com/rack/rack/blob/v2.2.2/SPEC.rdoc > The environment must not contain the keys HTTP_CONTENT_TYPE or > HTTP_CONTENT_LENGTH (use the versions without HTTP_). The CGI keys > (named without a period) must have String values. RFC 3875, which defines the CGI protocol including CONTENT_LENGTH, says: https://tools.ietf.org/html/rfc3875#section-4.1.2 > The server MUST set this meta-variable if and only if the request is > accompanied by a message-body entity. The CONTENT_LENGTH value must > reflect the length of the message-body after the server has removed > any transfer-codings or content-codings. "Removing a transfer-coding" is precisely what Puma is doing when it parses a chunked request. RFC 7230, the most recent specification of HTTP 1.1, includes a pseudo- code algorithm for decoding chunked requests that roughly matches the behaviour implemented here: https://tools.ietf.org/html/rfc7230#section-4.1.3
2020-05-29 01:35:10 +01:00
if decode_chunk(chunk)
Set @env[CONTENT_LENGTH] value as string. (#2549) * Set @env[CONTENT_LENGTH] value as string. * Update tests. Update tests to reflect that CONTENT_LENGTH is now a string. Add change to History.md. * Update History.md Co-authored-by: Patrik Ragnarsson <patrik@starkast.net> Co-authored-by: Patrik Ragnarsson <patrik@starkast.net>
2021-02-04 14:59:39 +01:00
@env[CONTENT_LENGTH] = @chunked_content_length.to_s
Set CONTENT_LENGTH for chunked requests Chunked requests don't contain a Content-Length header, but Puma buffers the entire request body upfront, which means it can determine the length before dispatching to the application. The Rack spec doesn't mandate the presence of the CONTENT_LENGTH header, but it does refer to it as a "CGI key" and draws a distinction between it and the HTTP Content-Length header: https://github.com/rack/rack/blob/v2.2.2/SPEC.rdoc > The environment must not contain the keys HTTP_CONTENT_TYPE or > HTTP_CONTENT_LENGTH (use the versions without HTTP_). The CGI keys > (named without a period) must have String values. RFC 3875, which defines the CGI protocol including CONTENT_LENGTH, says: https://tools.ietf.org/html/rfc3875#section-4.1.2 > The server MUST set this meta-variable if and only if the request is > accompanied by a message-body entity. The CONTENT_LENGTH value must > reflect the length of the message-body after the server has removed > any transfer-codings or content-codings. "Removing a transfer-coding" is precisely what Puma is doing when it parses a chunked request. RFC 7230, the most recent specification of HTTP 1.1, includes a pseudo- code algorithm for decoding chunked requests that roughly matches the behaviour implemented here: https://tools.ietf.org/html/rfc7230#section-4.1.3
2020-05-29 01:35:10 +01:00
return true
end
Request body read time metric Measure the time spent reading the HTTP request body and expose it to the Rack app as `env['puma.request_body_wait']`. This can be combined with a timestamp from a upstream proxy to get an indication of how long a request was waiting for a Puma thread to become available. Fixes https://github.com/puma/puma/issues/1541
2018-04-24 15:54:51 -03:00
end
end
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
def setup_chunked_body(body)
@chunked_body = true
@partial_part_left = 0
@prev_chunk = ""
@body = Tempfile.new(Const::PUMA_TMP_BASE)
Immediately unlink temporary files (#2613) Puma has a limit (`Puma::Const::MAX_BODY` - around 110 KiB) over which it will write request bodies to disk for handing off to the application. When it does this, the request body can be left on disk if the Puma process receives SIGKILL. Consider an extremely minimal `config.ru`: run(proc { [204, {}, []] }) If we then: 1. Start `puma`, noting the process ID. 2. Start a slow file transfer, using `curl --limit-rate 100k` (for example) and `-T $PATH_TO_LARGE_FILE`. 3. Watch `$TMPDIR/puma*`. We will see Puma start to write this temporary file. If we then send SIGKILL to Puma, the file won't be cleaned up. With this patch, it will - at least on POSIX systems. On Windows it may still be available. This is suggested in the Ruby Tempfile documentation, and even uses this specific example: https://ruby-doc.org/stdlib-2.7.2/libdoc/tempfile/rdoc/Tempfile.html#class-Tempfile-label-Unlink+after+creation > On POSIX systems, it's possible to unlink a file right after creating > it, and before closing it. This removes the filesystem entry without > closing the file handle, so it ensures that only the processes that > already had the file handle open can access the file’s contents. It's > strongly recommended that you do this if you do not want any other > processes to be able to read from or write to the Tempfile, and you do > not need to know the Tempfile's filename either. > > For example, a practical use case for unlink-after-creation would be > this: you need a large byte buffer that's too large to comfortably fit > in RAM, e.g. when you're writing a web server and you want to buffer > the client's file upload data.
2021-04-27 15:35:42 +01:00
@body.unlink
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
@body.binmode
@tempfile = @body
Set CONTENT_LENGTH for chunked requests Chunked requests don't contain a Content-Length header, but Puma buffers the entire request body upfront, which means it can determine the length before dispatching to the application. The Rack spec doesn't mandate the presence of the CONTENT_LENGTH header, but it does refer to it as a "CGI key" and draws a distinction between it and the HTTP Content-Length header: https://github.com/rack/rack/blob/v2.2.2/SPEC.rdoc > The environment must not contain the keys HTTP_CONTENT_TYPE or > HTTP_CONTENT_LENGTH (use the versions without HTTP_). The CGI keys > (named without a period) must have String values. RFC 3875, which defines the CGI protocol including CONTENT_LENGTH, says: https://tools.ietf.org/html/rfc3875#section-4.1.2 > The server MUST set this meta-variable if and only if the request is > accompanied by a message-body entity. The CONTENT_LENGTH value must > reflect the length of the message-body after the server has removed > any transfer-codings or content-codings. "Removing a transfer-coding" is precisely what Puma is doing when it parses a chunked request. RFC 7230, the most recent specification of HTTP 1.1, includes a pseudo- code algorithm for decoding chunked requests that roughly matches the behaviour implemented here: https://tools.ietf.org/html/rfc7230#section-4.1.3
2020-05-29 01:35:10 +01:00
@chunked_content_length = 0
if decode_chunk(body)
Set @env[CONTENT_LENGTH] value as string. (#2549) * Set @env[CONTENT_LENGTH] value as string. * Update tests. Update tests to reflect that CONTENT_LENGTH is now a string. Add change to History.md. * Update History.md Co-authored-by: Patrik Ragnarsson <patrik@starkast.net> Co-authored-by: Patrik Ragnarsson <patrik@starkast.net>
2021-02-04 14:59:39 +01:00
@env[CONTENT_LENGTH] = @chunked_content_length.to_s
Set CONTENT_LENGTH for chunked requests Chunked requests don't contain a Content-Length header, but Puma buffers the entire request body upfront, which means it can determine the length before dispatching to the application. The Rack spec doesn't mandate the presence of the CONTENT_LENGTH header, but it does refer to it as a "CGI key" and draws a distinction between it and the HTTP Content-Length header: https://github.com/rack/rack/blob/v2.2.2/SPEC.rdoc > The environment must not contain the keys HTTP_CONTENT_TYPE or > HTTP_CONTENT_LENGTH (use the versions without HTTP_). The CGI keys > (named without a period) must have String values. RFC 3875, which defines the CGI protocol including CONTENT_LENGTH, says: https://tools.ietf.org/html/rfc3875#section-4.1.2 > The server MUST set this meta-variable if and only if the request is > accompanied by a message-body entity. The CONTENT_LENGTH value must > reflect the length of the message-body after the server has removed > any transfer-codings or content-codings. "Removing a transfer-coding" is precisely what Puma is doing when it parses a chunked request. RFC 7230, the most recent specification of HTTP 1.1, includes a pseudo- code algorithm for decoding chunked requests that roughly matches the behaviour implemented here: https://tools.ietf.org/html/rfc7230#section-4.1.3
2020-05-29 01:35:10 +01:00
return true
end
end
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
Documentation - add version info, misc fixes [ci skip] (#2368)
2020-09-17 10:15:19 -05:00
# @version 5.0.0
Set CONTENT_LENGTH for chunked requests Chunked requests don't contain a Content-Length header, but Puma buffers the entire request body upfront, which means it can determine the length before dispatching to the application. The Rack spec doesn't mandate the presence of the CONTENT_LENGTH header, but it does refer to it as a "CGI key" and draws a distinction between it and the HTTP Content-Length header: https://github.com/rack/rack/blob/v2.2.2/SPEC.rdoc > The environment must not contain the keys HTTP_CONTENT_TYPE or > HTTP_CONTENT_LENGTH (use the versions without HTTP_). The CGI keys > (named without a period) must have String values. RFC 3875, which defines the CGI protocol including CONTENT_LENGTH, says: https://tools.ietf.org/html/rfc3875#section-4.1.2 > The server MUST set this meta-variable if and only if the request is > accompanied by a message-body entity. The CONTENT_LENGTH value must > reflect the length of the message-body after the server has removed > any transfer-codings or content-codings. "Removing a transfer-coding" is precisely what Puma is doing when it parses a chunked request. RFC 7230, the most recent specification of HTTP 1.1, includes a pseudo- code algorithm for decoding chunked requests that roughly matches the behaviour implemented here: https://tools.ietf.org/html/rfc7230#section-4.1.3
2020-05-29 01:35:10 +01:00
def write_chunk(str)
@chunked_content_length += @body.write(str)
Write 400 on HTTP parse error. Fixes #142
2012-09-05 22:09:42 -07:00
end
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
def decode_chunk(chunk)
if @partial_part_left > 0
if @partial_part_left <= chunk.size
if @partial_part_left > 2
Set CONTENT_LENGTH for chunked requests Chunked requests don't contain a Content-Length header, but Puma buffers the entire request body upfront, which means it can determine the length before dispatching to the application. The Rack spec doesn't mandate the presence of the CONTENT_LENGTH header, but it does refer to it as a "CGI key" and draws a distinction between it and the HTTP Content-Length header: https://github.com/rack/rack/blob/v2.2.2/SPEC.rdoc > The environment must not contain the keys HTTP_CONTENT_TYPE or > HTTP_CONTENT_LENGTH (use the versions without HTTP_). The CGI keys > (named without a period) must have String values. RFC 3875, which defines the CGI protocol including CONTENT_LENGTH, says: https://tools.ietf.org/html/rfc3875#section-4.1.2 > The server MUST set this meta-variable if and only if the request is > accompanied by a message-body entity. The CONTENT_LENGTH value must > reflect the length of the message-body after the server has removed > any transfer-codings or content-codings. "Removing a transfer-coding" is precisely what Puma is doing when it parses a chunked request. RFC 7230, the most recent specification of HTTP 1.1, includes a pseudo- code algorithm for decoding chunked requests that roughly matches the behaviour implemented here: https://tools.ietf.org/html/rfc7230#section-4.1.3
2020-05-29 01:35:10 +01:00
write_chunk(chunk[0..(@partial_part_left-3)]) # skip the \r\n
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
end
chunk = chunk[@partial_part_left..-1]
@partial_part_left = 0
else
Fix decoding the chunked body.
2020-07-30 16:07:55 +02:00
if @partial_part_left > 2
if @partial_part_left == chunk.size + 1
# Don't include the last \r
write_chunk(chunk[0..(@partial_part_left-3)])
else
# don't include the last \r\n
write_chunk(chunk)
end
end
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
@partial_part_left -= chunk.size
return false
end
added 408 status on timeout.
2014-01-30 13:23:01 -05:00
end
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
if @prev_chunk.empty?
io = StringIO.new(chunk)
else
io = StringIO.new(@prev_chunk+chunk)
@prev_chunk = ""
Write 400 on HTTP parse error. Fixes #142
2012-09-05 22:09:42 -07:00
end
Add 'set_remote_address' config option
2016-01-06 10:12:09 -08:00
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
while !io.eof?
line = io.gets
if line.end_with?("\r\n")
Merge pull request from GHSA-h99w-9q5r-gjq9 * Fix tests when run on GH Actions and repo isn't named 'puma' * Test updates for CVE * Lib Updates for CVE * cleint.rb - make validation values constants Co-authored-by: MSP-Greg <Greg.mpls@gmail.com>
2022-03-30 08:06:46 -06:00
# Puma doesn't process chunk extensions, but should parse if they're
# present, which is the reason for the semicolon regex
chunk_hex = line.strip[/\A[^;]+/]
if chunk_hex =~ CHUNK_SIZE_INVALID
raise HttpParserError, "Invalid chunk size: '#{chunk_hex}'"
end
len = chunk_hex.to_i(16)
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
if len == 0
@in_last_chunk = true
@body.rewind
rest = io.read
last_crlf_size = "\r\n".bytesize
if rest.bytesize < last_crlf_size
@buffer = nil
@partial_part_left = last_crlf_size - rest.bytesize
return false
else
@buffer = rest[last_crlf_size..-1]
@buffer = nil if @buffer.empty?
set_ready
return true
end
end
Add 'set_remote_address' config option
2016-01-06 10:12:09 -08:00
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
len += 2
part = io.read(len)
unless part
@partial_part_left = len
next
end
got = part.size
case
when got == len
Merge pull request from GHSA-h99w-9q5r-gjq9 * Fix tests when run on GH Actions and repo isn't named 'puma' * Test updates for CVE * Lib Updates for CVE * cleint.rb - make validation values constants Co-authored-by: MSP-Greg <Greg.mpls@gmail.com>
2022-03-30 08:06:46 -06:00
# proper chunked segment must end with "\r\n"
if part.end_with? CHUNK_VALID_ENDING
write_chunk(part[0..-3]) # to skip the ending \r\n
else
raise HttpParserError, "Chunk size mismatch"
end
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
when got <= len - 2
Set CONTENT_LENGTH for chunked requests Chunked requests don't contain a Content-Length header, but Puma buffers the entire request body upfront, which means it can determine the length before dispatching to the application. The Rack spec doesn't mandate the presence of the CONTENT_LENGTH header, but it does refer to it as a "CGI key" and draws a distinction between it and the HTTP Content-Length header: https://github.com/rack/rack/blob/v2.2.2/SPEC.rdoc > The environment must not contain the keys HTTP_CONTENT_TYPE or > HTTP_CONTENT_LENGTH (use the versions without HTTP_). The CGI keys > (named without a period) must have String values. RFC 3875, which defines the CGI protocol including CONTENT_LENGTH, says: https://tools.ietf.org/html/rfc3875#section-4.1.2 > The server MUST set this meta-variable if and only if the request is > accompanied by a message-body entity. The CONTENT_LENGTH value must > reflect the length of the message-body after the server has removed > any transfer-codings or content-codings. "Removing a transfer-coding" is precisely what Puma is doing when it parses a chunked request. RFC 7230, the most recent specification of HTTP 1.1, includes a pseudo- code algorithm for decoding chunked requests that roughly matches the behaviour implemented here: https://tools.ietf.org/html/rfc7230#section-4.1.3
2020-05-29 01:35:10 +01:00
write_chunk(part)
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
@partial_part_left = len - part.size
when got == len - 1 # edge where we get just \r but not \n
Set CONTENT_LENGTH for chunked requests Chunked requests don't contain a Content-Length header, but Puma buffers the entire request body upfront, which means it can determine the length before dispatching to the application. The Rack spec doesn't mandate the presence of the CONTENT_LENGTH header, but it does refer to it as a "CGI key" and draws a distinction between it and the HTTP Content-Length header: https://github.com/rack/rack/blob/v2.2.2/SPEC.rdoc > The environment must not contain the keys HTTP_CONTENT_TYPE or > HTTP_CONTENT_LENGTH (use the versions without HTTP_). The CGI keys > (named without a period) must have String values. RFC 3875, which defines the CGI protocol including CONTENT_LENGTH, says: https://tools.ietf.org/html/rfc3875#section-4.1.2 > The server MUST set this meta-variable if and only if the request is > accompanied by a message-body entity. The CONTENT_LENGTH value must > reflect the length of the message-body after the server has removed > any transfer-codings or content-codings. "Removing a transfer-coding" is precisely what Puma is doing when it parses a chunked request. RFC 7230, the most recent specification of HTTP 1.1, includes a pseudo- code algorithm for decoding chunked requests that roughly matches the behaviour implemented here: https://tools.ietf.org/html/rfc7230#section-4.1.3
2020-05-29 01:35:10 +01:00
write_chunk(part[0..-2])
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
@partial_part_left = len - part.size
end
else
@prev_chunk = line
return false
end
Add 'set_remote_address' config option
2016-01-06 10:12:09 -08:00
end
Define Puma::Client's public interface
2019-09-20 13:30:22 +02:00
if @in_last_chunk
set_ready
true
else
false
end
end
def set_ready
if @body_read_start
@env['puma.request_body_wait'] = Process.clock_gettime(Process::CLOCK_MONOTONIC, :millisecond) - @body_read_start
end
@requests_served += 1
@ready = true
Add 'set_remote_address' config option
2016-01-06 10:12:09 -08:00
end
Add separate IO reactor to defeat slow clients Previously, the app thread would be in charge of reading the request directly from the client. This resulted in a set of slow clients being able to completely starve the app thread pool and prevent any further connections from being handled. This new organization uses a seperate reactor thread that is in charge of responding when a client has more data, buffering the data and attempting to parse the data. When the data represents a fully realized request, only then is it handed to the app thread pool. This means we trust apps to not starve the pool, but don't trust clients.
2012-07-23 10:26:52 -07:00
end
end
Copy permalink