Permalink
Browse files

Boot out CGI Processor.

* Add ActionController::CGIHandler as a backwards compatible CGI wrapper around Rack.
* Also pull failsafe responder into ActionController::Failsafe middleware.
  • Loading branch information...
josh committed Dec 5, 2008
1 parent 27ebfd7 commit 9c9da6c892d715ca22c3cf51f50deb1d80029c66
@@ -46,10 +46,9 @@ def self.load_all!
autoload :Base, 'action_controller/base'
autoload :Benchmarking, 'action_controller/benchmarking'
autoload :Caching, 'action_controller/caching'
- autoload :CgiRequest, 'action_controller/cgi_process'
- autoload :CgiResponse, 'action_controller/cgi_process'
autoload :Cookies, 'action_controller/cookies'
autoload :Dispatcher, 'action_controller/dispatcher'
+ autoload :Failsafe, 'action_controller/failsafe'
autoload :Filters, 'action_controller/filters'
autoload :Flash, 'action_controller/flash'
autoload :Helpers, 'action_controller/helpers'
@@ -89,6 +88,11 @@ module Assertions
module Http
autoload :Headers, 'action_controller/headers'
end
+
+ # DEPRECATE: Remove CGI support
+ autoload :CgiRequest, 'action_controller/cgi_process'
+ autoload :CgiResponse, 'action_controller/cgi_process'
+ autoload :CGIHandler, 'action_controller/cgi_process'
end
class CGI
@@ -1,184 +1,72 @@
require 'action_controller/cgi_ext'
module ActionController #:nodoc:
- class Base
- # Process a request extracted from a CGI object and return a response. Pass false as <tt>session_options</tt> to disable
- # sessions (large performance increase if sessions are not needed). The <tt>session_options</tt> are the same as for CGI::Session:
- #
- # * <tt>:database_manager</tt> - standard options are CGI::Session::FileStore, CGI::Session::MemoryStore, and CGI::Session::PStore
- # (default). Additionally, there is CGI::Session::DRbStore and CGI::Session::ActiveRecordStore. Read more about these in
- # lib/action_controller/session.
- # * <tt>:session_key</tt> - the parameter name used for the session id. Defaults to '_session_id'.
- # * <tt>:session_id</tt> - the session id to use. If not provided, then it is retrieved from the +session_key+ cookie, or
- # automatically generated for a new session.
- # * <tt>:new_session</tt> - if true, force creation of a new session. If not set, a new session is only created if none currently
- # exists. If false, a new session is never created, and if none currently exists and the +session_id+ option is not set,
- # an ArgumentError is raised.
- # * <tt>:session_expires</tt> - the time the current session expires, as a Time object. If not set, the session will continue
- # indefinitely.
- # * <tt>:session_domain</tt> - the hostname domain for which this session is valid. If not set, defaults to the hostname of the
- # server.
- # * <tt>:session_secure</tt> - if +true+, this session will only work over HTTPS.
- # * <tt>:session_path</tt> - the path for which this session applies. Defaults to the directory of the CGI script.
- # * <tt>:cookie_only</tt> - if +true+ (the default), session IDs will only be accepted from cookies and not from
- # the query string or POST parameters. This protects against session fixation attacks.
- def self.process_cgi(cgi = CGI.new, session_options = {})
- new.process_cgi(cgi, session_options)
- end
-
- def process_cgi(cgi, session_options = {}) #:nodoc:
- process(CgiRequest.new(cgi, session_options), CgiResponse.new(cgi)).out
- end
- end
-
- class CgiRequest < AbstractRequest #:nodoc:
- attr_accessor :cgi, :session_options
- class SessionFixationAttempt < StandardError #:nodoc:
- end
-
- DEFAULT_SESSION_OPTIONS = {
- :database_manager => CGI::Session::CookieStore, # store data in cookie
- :prefix => "ruby_sess.", # prefix session file names
- :session_path => "/", # available to all paths in app
- :session_key => "_session_id",
- :cookie_only => true,
- :session_http_only=> true
- }
-
- def initialize(cgi, session_options = {})
- @cgi = cgi
- @session_options = session_options
- @env = @cgi.__send__(:env_table)
- super()
- end
-
- def query_string
- qs = @cgi.query_string if @cgi.respond_to?(:query_string)
- if !qs.blank?
- qs
- else
- super
- end
- end
-
- def body_stream #:nodoc:
- @cgi.stdinput
- end
-
- def cookies
- @cgi.cookies.freeze
- end
-
- def session
- unless defined?(@session)
- if @session_options == false
- @session = Hash.new
- else
- stale_session_check! do
- if cookie_only? && query_parameters[session_options_with_string_keys['session_key']]
- raise SessionFixationAttempt
- end
- case value = session_options_with_string_keys['new_session']
- when true
- @session = new_session
- when false
- begin
- @session = CGI::Session.new(@cgi, session_options_with_string_keys)
- # CGI::Session raises ArgumentError if 'new_session' == false
- # and no session cookie or query param is present.
- rescue ArgumentError
- @session = Hash.new
- end
- when nil
- @session = CGI::Session.new(@cgi, session_options_with_string_keys)
- else
- raise ArgumentError, "Invalid new_session option: #{value}"
- end
- @session['__valid_session']
- end
+ class CGIHandler
+ module ProperStream
+ def each
+ while line = gets
+ yield line
end
end
- @session
- end
- def reset_session
- @session.delete if defined?(@session) && @session.is_a?(CGI::Session)
- @session = new_session
- end
-
- def method_missing(method_id, *arguments)
- @cgi.__send__(method_id, *arguments) rescue super
- end
-
- private
- # Delete an old session if it exists then create a new one.
- def new_session
- if @session_options == false
- Hash.new
+ def read(*args)
+ if args.empty?
+ super || ""
else
- CGI::Session.new(@cgi, session_options_with_string_keys.merge("new_session" => false)).delete rescue nil
- CGI::Session.new(@cgi, session_options_with_string_keys.merge("new_session" => true))
+ super
end
end
+ end
- def cookie_only?
- session_options_with_string_keys['cookie_only']
- end
+ def self.dispatch_cgi(app, cgi, out = $stdout)
+ env = cgi.__send__(:env_table)
+ env.delete "HTTP_CONTENT_LENGTH"
- def stale_session_check!
- yield
- rescue ArgumentError => argument_error
- if argument_error.message =~ %r{undefined class/module ([\w:]*\w)}
- begin
- # Note that the regexp does not allow $1 to end with a ':'
- $1.constantize
- rescue LoadError, NameError => const_error
- raise ActionController::SessionRestoreError, <<-end_msg
-Session contains objects whose class definition isn\'t available.
-Remember to require the classes for all objects kept in the session.
-(Original exception: #{const_error.message} [#{const_error.class}])
-end_msg
- end
+ cgi.stdinput.extend ProperStream
- retry
- else
- raise
- end
- end
+ env["SCRIPT_NAME"] = "" if env["SCRIPT_NAME"] == "/"
- def session_options_with_string_keys
- @session_options_with_string_keys ||= DEFAULT_SESSION_OPTIONS.merge(@session_options).stringify_keys
- end
- end
+ env.update({
+ "rack.version" => [0,1],
+ "rack.input" => cgi.stdinput,
+ "rack.errors" => $stderr,
+ "rack.multithread" => false,
+ "rack.multiprocess" => true,
+ "rack.run_once" => false,
+ "rack.url_scheme" => ["yes", "on", "1"].include?(env["HTTPS"]) ? "https" : "http"
+ })
- class CgiResponse < AbstractResponse #:nodoc:
- def initialize(cgi)
- @cgi = cgi
- super()
- end
-
- def out(output = $stdout)
- output.binmode if output.respond_to?(:binmode)
- output.sync = false if output.respond_to?(:sync=)
+ env["QUERY_STRING"] ||= ""
+ env["HTTP_VERSION"] ||= env["SERVER_PROTOCOL"]
+ env["REQUEST_PATH"] ||= "/"
+ env.delete "PATH_INFO" if env["PATH_INFO"] == ""
+ status, headers, body = app.call(env)
begin
- output.write(@cgi.header(@headers))
-
- if @cgi.__send__(:env_table)['REQUEST_METHOD'] == 'HEAD'
- return
- elsif @body.respond_to?(:call)
- # Flush the output now in case the @body Proc uses
- # #syswrite.
- output.flush if output.respond_to?(:flush)
- @body.call(self, output)
- else
- output.write(@body)
- end
-
- output.flush if output.respond_to?(:flush)
- rescue Errno::EPIPE, Errno::ECONNRESET
- # lost connection to parent process, ignore output
+ out.binmode if out.respond_to?(:binmode)
+ out.sync = false if out.respond_to?(:sync=)
+
+ headers['Status'] = status.to_s
+ out.write(cgi.header(headers))
+
+ body.each { |part|
+ out.write part
+ out.flush if out.respond_to?(:flush)
+ }
+ ensure
+ body.close if body.respond_to?(:close)
end
end
end
+
+ class CgiRequest #:nodoc:
+ DEFAULT_SESSION_OPTIONS = {
+ :database_manager => CGI::Session::CookieStore,
+ :prefix => "ruby_sess.",
+ :session_path => "/",
+ :session_key => "_session_id",
+ :cookie_only => true,
+ :session_http_only => true
+ }
+ end
end
@@ -24,8 +24,7 @@ def define_dispatcher_callbacks(cache_classes)
end
end
- # Backward-compatible class method takes CGI-specific args. Deprecated
- # in favor of Dispatcher.new(output, request, response).dispatch.
+ # DEPRECATE: Remove CGI support
def dispatch(cgi = nil, session_options = CgiRequest::DEFAULT_SESSION_OPTIONS, output = $stdout)
new(output).dispatch_cgi(cgi, session_options)
end
@@ -43,57 +42,16 @@ def to_prepare(identifier = nil, &block)
callback = ActiveSupport::Callbacks::Callback.new(:prepare_dispatch, block, :identifier => identifier)
@prepare_dispatch_callbacks.replace_or_append!(callback)
end
-
- # If the block raises, send status code as a last-ditch response.
- def failsafe_response(fallback_output, status, originating_exception = nil)
- yield
- rescue Exception => exception
- begin
- log_failsafe_exception(status, originating_exception || exception)
- body = failsafe_response_body(status)
- fallback_output.write "Status: #{status}\r\nContent-Type: text/html\r\n\r\n#{body}"
- nil
- rescue Exception => failsafe_error # Logger or IO errors
- $stderr.puts "Error during failsafe response: #{failsafe_error}"
- $stderr.puts "(originally #{originating_exception})" if originating_exception
- end
- end
-
- private
- def failsafe_response_body(status)
- error_path = "#{error_file_path}/#{status.to_s[0..2]}.html"
-
- if File.exist?(error_path)
- File.read(error_path)
- else
- "<html><body><h1>#{status}</h1></body></html>"
- end
- end
-
- def log_failsafe_exception(status, exception)
- message = "/!\\ FAILSAFE /!\\ #{Time.now}\n Status: #{status}\n"
- message << " #{exception}\n #{exception.backtrace.join("\n ")}" if exception
- failsafe_logger.fatal message
- end
-
- def failsafe_logger
- if defined?(::RAILS_DEFAULT_LOGGER) && !::RAILS_DEFAULT_LOGGER.nil?
- ::RAILS_DEFAULT_LOGGER
- else
- Logger.new($stderr)
- end
- end
end
cattr_accessor :middleware
self.middleware = MiddlewareStack.new
-
- cattr_accessor :error_file_path
- self.error_file_path = Rails.public_path if defined?(Rails.public_path)
+ self.middleware.use "ActionController::Failsafe"
include ActiveSupport::Callbacks
define_callbacks :prepare_dispatch, :before_dispatch, :after_dispatch
+ # DEPRECATE: Remove arguments
def initialize(output = $stdout, request = nil, response = nil)
@output, @request, @response = output, request, response
@app = @@middleware.build(lambda { |env| self.dup._call(env) })
@@ -120,14 +78,9 @@ def dispatch
end
end
+ # DEPRECATE: Remove CGI support
def dispatch_cgi(cgi, session_options)
- if cgi ||= self.class.failsafe_response(@output, '400 Bad Request') { CGI.new }
- @request = CgiRequest.new(cgi, session_options)
- @response = CgiResponse.new(cgi)
- dispatch
- end
- rescue Exception => exception
- failsafe_rescue exception
+ CGIHandler.dispatch_cgi(self, cgi, @output)
end
def call(env)
@@ -160,40 +113,22 @@ def flush_logger
Base.logger.flush
end
- def mark_as_test_request!
- @test_request = true
- self
- end
-
- def test_request?
- @test_request
- end
-
def checkin_connections
# Don't return connection (and peform implicit rollback) if this request is a part of integration test
- return if test_request?
+ # TODO: This callback should have direct access to env
+ return if @request.key?("action_controller.test")
ActiveRecord::Base.clear_active_connections!
end
protected
def handle_request
@controller = Routing::Routes.recognize(@request)
- @controller.process(@request, @response).out(@output)
+ @controller.process(@request, @response).out
end
def failsafe_rescue(exception)
- if @test_request
- process_with_exception(exception)
- else
- self.class.failsafe_response(@output, '500 Internal Server Error', exception) do
- process_with_exception(exception)
- end
- end
- end
-
- def process_with_exception(exception)
if @controller ||= (::ApplicationController rescue Base)
- @controller.process_with_exception(@request, @response, exception).out(@output)
+ @controller.process_with_exception(@request, @response, exception).out
else
raise exception
end
Oops, something went wrong.

4 comments on commit 9c9da6c

@clemens

This comment has been minimized.

Show comment
Hide comment
@clemens

clemens Dec 5, 2008

Contributor

Finally …

Contributor

clemens replied Dec 5, 2008

Finally …

@boblmartens

This comment has been minimized.

Show comment
Hide comment
@boblmartens

boblmartens Dec 5, 2008

Excellent. Leaner and meaner!

Excellent. Leaner and meaner!

@raggi

This comment has been minimized.

Show comment
Hide comment
@raggi

raggi Dec 5, 2008

Contributor

it’s not finished yet, but:

http://github.com/raggi/rails/commit/935d49846de3b194e61b049cd220e54fd11002cf

I’ll have to merge this one :-/

Contributor

raggi replied Dec 5, 2008

it’s not finished yet, but:

http://github.com/raggi/rails/commit/935d49846de3b194e61b049cd220e54fd11002cf

I’ll have to merge this one :-/

@josh

This comment has been minimized.

Show comment
Hide comment
@josh

josh Dec 5, 2008

Member

@raggi we need to get in touch. I don’t want to start hacking on some of that stuff if you’ve already done the hard work.

Please email me, josh at joshpeek dot com

Member

josh replied Dec 5, 2008

@raggi we need to get in touch. I don’t want to start hacking on some of that stuff if you’ve already done the hard work.

Please email me, josh at joshpeek dot com

Please sign in to comment.