2008-06-01 18:25:11 +00:00
|
|
|
require 'action_controller/cgi_ext'
|
|
|
|
|
require 'action_controller/session/cookie_store'
|
|
|
|
|
|
|
|
|
|
module ActionController #:nodoc:
|
|
|
|
|
class RackRequest < AbstractRequest #:nodoc:
|
2008-08-08 06:34:36 +00:00
|
|
|
attr_accessor :session_options
|
2008-06-03 02:02:26 +00:00
|
|
|
attr_reader :cgi
|
2008-06-01 18:25:11 +00:00
|
|
|
|
|
|
|
|
class SessionFixationAttempt < StandardError #:nodoc:
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
DEFAULT_SESSION_OPTIONS = {
|
|
|
|
|
:database_manager => CGI::Session::CookieStore, # store data in cookie
|
|
|
|
|
:prefix => "ruby_sess.", # prefix session file names
|
|
|
|
|
:session_path => "/", # available to all paths in app
|
|
|
|
|
:session_key => "_session_id",
|
|
|
|
|
:cookie_only => true
|
2008-08-08 06:34:36 +00:00
|
|
|
}
|
2008-06-01 18:25:11 +00:00
|
|
|
|
|
|
|
|
def initialize(env, session_options = DEFAULT_SESSION_OPTIONS)
|
|
|
|
|
@session_options = session_options
|
|
|
|
|
@env = env
|
|
|
|
|
@cgi = CGIWrapper.new(self)
|
|
|
|
|
super()
|
|
|
|
|
end
|
|
|
|
|
|
2008-07-16 02:18:09 +00:00
|
|
|
%w[ AUTH_TYPE GATEWAY_INTERFACE PATH_INFO
|
2008-07-02 02:52:28 +00:00
|
|
|
PATH_TRANSLATED QUERY_STRING REMOTE_HOST
|
|
|
|
|
REMOTE_IDENT REMOTE_USER SCRIPT_NAME
|
|
|
|
|
SERVER_NAME SERVER_PROTOCOL
|
|
|
|
|
|
|
|
|
|
HTTP_ACCEPT HTTP_ACCEPT_CHARSET HTTP_ACCEPT_ENCODING
|
2008-08-08 09:29:37 +00:00
|
|
|
HTTP_ACCEPT_LANGUAGE HTTP_CACHE_CONTROL HTTP_FROM
|
2008-07-02 02:52:28 +00:00
|
|
|
HTTP_NEGOTIATE HTTP_PRAGMA HTTP_REFERER HTTP_USER_AGENT ].each do |env|
|
|
|
|
|
define_method(env.sub(/^HTTP_/n, '').downcase) do
|
|
|
|
|
@env[env]
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2008-08-08 06:34:36 +00:00
|
|
|
def body_stream #:nodoc:
|
|
|
|
|
@env['rack.input']
|
2008-06-01 18:25:11 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def key?(key)
|
2008-07-02 02:52:28 +00:00
|
|
|
@env.key?(key)
|
2008-06-01 18:25:11 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def cookies
|
|
|
|
|
return {} unless @env["HTTP_COOKIE"]
|
|
|
|
|
|
2008-06-05 03:32:09 +00:00
|
|
|
unless @env["rack.request.cookie_string"] == @env["HTTP_COOKIE"]
|
2008-06-01 18:25:11 +00:00
|
|
|
@env["rack.request.cookie_string"] = @env["HTTP_COOKIE"]
|
2008-06-05 03:32:09 +00:00
|
|
|
@env["rack.request.cookie_hash"] = CGI::Cookie::parse(@env["rack.request.cookie_string"])
|
2008-06-01 18:25:11 +00:00
|
|
|
end
|
2008-06-05 03:32:09 +00:00
|
|
|
|
|
|
|
|
@env["rack.request.cookie_hash"]
|
2008-06-01 18:25:11 +00:00
|
|
|
end
|
|
|
|
|
|
2008-07-02 02:52:28 +00:00
|
|
|
def server_port
|
|
|
|
|
@env['SERVER_PORT'].to_i
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def server_software
|
|
|
|
|
@env['SERVER_SOFTWARE'].split("/").first
|
|
|
|
|
end
|
|
|
|
|
|
2008-06-01 18:25:11 +00:00
|
|
|
def session
|
|
|
|
|
unless defined?(@session)
|
|
|
|
|
if @session_options == false
|
|
|
|
|
@session = Hash.new
|
|
|
|
|
else
|
|
|
|
|
stale_session_check! do
|
|
|
|
|
if cookie_only? && query_parameters[session_options_with_string_keys['session_key']]
|
|
|
|
|
raise SessionFixationAttempt
|
|
|
|
|
end
|
|
|
|
|
case value = session_options_with_string_keys['new_session']
|
|
|
|
|
when true
|
|
|
|
|
@session = new_session
|
|
|
|
|
when false
|
|
|
|
|
begin
|
|
|
|
|
@session = CGI::Session.new(@cgi, session_options_with_string_keys)
|
|
|
|
|
# CGI::Session raises ArgumentError if 'new_session' == false
|
|
|
|
|
# and no session cookie or query param is present.
|
|
|
|
|
rescue ArgumentError
|
|
|
|
|
@session = Hash.new
|
|
|
|
|
end
|
|
|
|
|
when nil
|
|
|
|
|
@session = CGI::Session.new(@cgi, session_options_with_string_keys)
|
|
|
|
|
else
|
|
|
|
|
raise ArgumentError, "Invalid new_session option: #{value}"
|
|
|
|
|
end
|
|
|
|
|
@session['__valid_session']
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
@session
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def reset_session
|
|
|
|
|
@session.delete if defined?(@session) && @session.is_a?(CGI::Session)
|
|
|
|
|
@session = new_session
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
private
|
|
|
|
|
# Delete an old session if it exists then create a new one.
|
|
|
|
|
def new_session
|
|
|
|
|
if @session_options == false
|
|
|
|
|
Hash.new
|
|
|
|
|
else
|
|
|
|
|
CGI::Session.new(@cgi, session_options_with_string_keys.merge("new_session" => false)).delete rescue nil
|
|
|
|
|
CGI::Session.new(@cgi, session_options_with_string_keys.merge("new_session" => true))
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def cookie_only?
|
|
|
|
|
session_options_with_string_keys['cookie_only']
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def stale_session_check!
|
|
|
|
|
yield
|
|
|
|
|
rescue ArgumentError => argument_error
|
|
|
|
|
if argument_error.message =~ %r{undefined class/module ([\w:]*\w)}
|
|
|
|
|
begin
|
|
|
|
|
# Note that the regexp does not allow $1 to end with a ':'
|
|
|
|
|
$1.constantize
|
|
|
|
|
rescue LoadError, NameError => const_error
|
|
|
|
|
raise ActionController::SessionRestoreError, <<-end_msg
|
|
|
|
|
Session contains objects whose class definition isn\'t available.
|
|
|
|
|
Remember to require the classes for all objects kept in the session.
|
|
|
|
|
(Original exception: #{const_error.message} [#{const_error.class}])
|
|
|
|
|
end_msg
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
retry
|
|
|
|
|
else
|
|
|
|
|
raise
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def session_options_with_string_keys
|
|
|
|
|
@session_options_with_string_keys ||= DEFAULT_SESSION_OPTIONS.merge(@session_options).stringify_keys
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
class RackResponse < AbstractResponse #:nodoc:
|
|
|
|
|
attr_accessor :status
|
|
|
|
|
|
2008-06-03 02:02:26 +00:00
|
|
|
def initialize(request)
|
|
|
|
|
@request = request
|
2008-06-01 18:25:11 +00:00
|
|
|
@writer = lambda { |x| @body << x }
|
|
|
|
|
@block = nil
|
|
|
|
|
super()
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def out(output = $stdout, &block)
|
|
|
|
|
@block = block
|
|
|
|
|
normalize_headers(@headers)
|
|
|
|
|
if [204, 304].include?(@status.to_i)
|
|
|
|
|
@headers.delete "Content-Type"
|
2008-07-02 02:52:28 +00:00
|
|
|
[status, @headers.to_hash, []]
|
2008-06-01 18:25:11 +00:00
|
|
|
else
|
2008-07-02 02:52:28 +00:00
|
|
|
[status, @headers.to_hash, self]
|
2008-06-01 18:25:11 +00:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
alias to_a out
|
|
|
|
|
|
|
|
|
|
def each(&callback)
|
|
|
|
|
if @body.respond_to?(:call)
|
|
|
|
|
@writer = lambda { |x| callback.call(x) }
|
|
|
|
|
@body.call(self, self)
|
2008-06-07 05:02:23 +00:00
|
|
|
elsif @body.is_a?(String)
|
|
|
|
|
@body.each_line(&callback)
|
2008-06-01 18:25:11 +00:00
|
|
|
else
|
|
|
|
|
@body.each(&callback)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
@writer = callback
|
|
|
|
|
@block.call(self) if @block
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def write(str)
|
|
|
|
|
@writer.call str.to_s
|
|
|
|
|
str
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def close
|
|
|
|
|
@body.close if @body.respond_to?(:close)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def empty?
|
|
|
|
|
@block == nil && @body.empty?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
private
|
|
|
|
|
def normalize_headers(options = "text/html")
|
|
|
|
|
if options.is_a?(String)
|
|
|
|
|
headers['Content-Type'] = options unless headers['Content-Type']
|
|
|
|
|
else
|
|
|
|
|
headers['Content-Length'] = options.delete('Content-Length').to_s if options['Content-Length']
|
|
|
|
|
|
|
|
|
|
headers['Content-Type'] = options.delete('type') || "text/html"
|
|
|
|
|
headers['Content-Type'] += "; charset=" + options.delete('charset') if options['charset']
|
|
|
|
|
|
|
|
|
|
headers['Content-Language'] = options.delete('language') if options['language']
|
|
|
|
|
headers['Expires'] = options.delete('expires') if options['expires']
|
|
|
|
|
|
2008-07-16 03:17:28 +00:00
|
|
|
@status = options.delete('Status') || "200 OK"
|
2008-07-02 02:52:28 +00:00
|
|
|
|
2008-06-01 18:25:11 +00:00
|
|
|
# Convert 'cookie' header to 'Set-Cookie' headers.
|
|
|
|
|
# Because Set-Cookie header can appear more the once in the response body,
|
2008-07-16 12:00:36 +00:00
|
|
|
# we store it in a line break separated string that will be translated to
|
2008-06-01 18:25:11 +00:00
|
|
|
# multiple Set-Cookie header by the handler.
|
|
|
|
|
if cookie = options.delete('cookie')
|
|
|
|
|
cookies = []
|
|
|
|
|
|
|
|
|
|
case cookie
|
|
|
|
|
when Array then cookie.each { |c| cookies << c.to_s }
|
|
|
|
|
when Hash then cookie.each { |_, c| cookies << c.to_s }
|
|
|
|
|
else cookies << cookie.to_s
|
|
|
|
|
end
|
|
|
|
|
|
2008-06-03 02:02:26 +00:00
|
|
|
@request.cgi.output_cookies.each { |c| cookies << c.to_s } if @request.cgi.output_cookies
|
2008-06-01 18:25:11 +00:00
|
|
|
|
2008-06-03 02:02:26 +00:00
|
|
|
headers['Set-Cookie'] = [headers['Set-Cookie'], cookies].flatten.compact
|
2008-06-01 18:25:11 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
options.each { |k,v| headers[k] = v }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
""
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
class CGIWrapper < ::CGI
|
2008-06-03 02:02:26 +00:00
|
|
|
attr_reader :output_cookies
|
|
|
|
|
|
2008-06-01 18:25:11 +00:00
|
|
|
def initialize(request, *args)
|
|
|
|
|
@request = request
|
|
|
|
|
@args = *args
|
|
|
|
|
@input = request.body
|
|
|
|
|
|
|
|
|
|
super *args
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def params
|
|
|
|
|
@params ||= @request.params
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def cookies
|
|
|
|
|
@request.cookies
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def query_string
|
|
|
|
|
@request.query_string
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Used to wrap the normal args variable used inside CGI.
|
|
|
|
|
def args
|
|
|
|
|
@args
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Used to wrap the normal env_table variable used inside CGI.
|
|
|
|
|
def env_table
|
|
|
|
|
@request.env
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Used to wrap the normal stdinput variable used inside CGI.
|
|
|
|
|
def stdinput
|
|
|
|
|
@input
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
