Skip to content

Commit

Permalink
Boot out CGI Processor.
Browse files Browse the repository at this point in the history 
* Add ActionController::CGIHandler as a backwards compatible CGI wrapper around Rack.
* Also pull failsafe responder into ActionController::Failsafe middleware.
  • Loading branch information
@josh
josh committed Dec 5, 2008
1 parent 27ebfd7 commit 9c9da6c
Show file tree
Hide file tree
Showing 10 changed files with 147 additions and 533 deletions.
8 changes: 6 additions & 2 deletions actionpack/lib/action_controller.rb
View file
Expand Up @@ -46,10 +46,9 @@ def self.load_all!
autoload :Base, 'action_controller/base'
autoload :Benchmarking, 'action_controller/benchmarking'
autoload :Caching, 'action_controller/caching'
autoload :CgiRequest, 'action_controller/cgi_process'
autoload :CgiResponse, 'action_controller/cgi_process'
autoload :Cookies, 'action_controller/cookies'
autoload :Dispatcher, 'action_controller/dispatcher'
autoload :Failsafe, 'action_controller/failsafe'
autoload :Filters, 'action_controller/filters'
autoload :Flash, 'action_controller/flash'
autoload :Helpers, 'action_controller/helpers'
Expand Down Expand Up @@ -89,6 +88,11 @@ module Assertions
module Http
autoload :Headers, 'action_controller/headers'
end

# DEPRECATE: Remove CGI support
autoload :CgiRequest, 'action_controller/cgi_process'
autoload :CgiResponse, 'action_controller/cgi_process'
autoload :CGIHandler, 'action_controller/cgi_process'
end

class CGI
Expand Down
216 changes: 52 additions & 164 deletions actionpack/lib/action_controller/cgi_process.rb
View file
@@ -1,184 +1,72 @@
require 'action_controller/cgi_ext'

module ActionController #:nodoc:
class Base
# Process a request extracted from a CGI object and return a response. Pass false as <tt>session_options</tt> to disable
# sessions (large performance increase if sessions are not needed). The <tt>session_options</tt> are the same as for CGI::Session:
#
# * <tt>:database_manager</tt> - standard options are CGI::Session::FileStore, CGI::Session::MemoryStore, and CGI::Session::PStore
# (default). Additionally, there is CGI::Session::DRbStore and CGI::Session::ActiveRecordStore. Read more about these in
# lib/action_controller/session.
# * <tt>:session_key</tt> - the parameter name used for the session id. Defaults to '_session_id'.
# * <tt>:session_id</tt> - the session id to use. If not provided, then it is retrieved from the +session_key+ cookie, or
# automatically generated for a new session.
# * <tt>:new_session</tt> - if true, force creation of a new session. If not set, a new session is only created if none currently
# exists. If false, a new session is never created, and if none currently exists and the +session_id+ option is not set,
# an ArgumentError is raised.
# * <tt>:session_expires</tt> - the time the current session expires, as a Time object. If not set, the session will continue
# indefinitely.
# * <tt>:session_domain</tt> - the hostname domain for which this session is valid. If not set, defaults to the hostname of the
# server.
# * <tt>:session_secure</tt> - if +true+, this session will only work over HTTPS.
# * <tt>:session_path</tt> - the path for which this session applies. Defaults to the directory of the CGI script.
# * <tt>:cookie_only</tt> - if +true+ (the default), session IDs will only be accepted from cookies and not from
# the query string or POST parameters. This protects against session fixation attacks.
def self.process_cgi(cgi = CGI.new, session_options = {})
new.process_cgi(cgi, session_options)
end

def process_cgi(cgi, session_options = {}) #:nodoc:
process(CgiRequest.new(cgi, session_options), CgiResponse.new(cgi)).out
end
end

class CgiRequest < AbstractRequest #:nodoc:
attr_accessor :cgi, :session_options
class SessionFixationAttempt < StandardError #:nodoc:
end

DEFAULT_SESSION_OPTIONS = {
:database_manager => CGI::Session::CookieStore, # store data in cookie
:prefix => "ruby_sess.", # prefix session file names
:session_path => "/", # available to all paths in app
:session_key => "_session_id",
:cookie_only => true,
:session_http_only=> true
}

def initialize(cgi, session_options = {})
@cgi = cgi
@session_options = session_options
@env = @cgi.__send__(:env_table)
super()
end

def query_string
qs = @cgi.query_string if @cgi.respond_to?(:query_string)
if !qs.blank?
qs
else
super
end
end

def body_stream #:nodoc:
@cgi.stdinput
end

def cookies
@cgi.cookies.freeze
end

def session
unless defined?(@session)
if @session_options == false
@session = Hash.new
else
stale_session_check! do
if cookie_only? && query_parameters[session_options_with_string_keys['session_key']]
raise SessionFixationAttempt
end
case value = session_options_with_string_keys['new_session']
when true
@session = new_session
when false
begin
@session = CGI::Session.new(@cgi, session_options_with_string_keys)
# CGI::Session raises ArgumentError if 'new_session' == false
# and no session cookie or query param is present.
rescue ArgumentError
@session = Hash.new
end
when nil
@session = CGI::Session.new(@cgi, session_options_with_string_keys)
else
raise ArgumentError, "Invalid new_session option: #{value}"
end
@session['__valid_session']
end
class CGIHandler
module ProperStream
def each
while line = gets
yield line
end
end
@session
end

def reset_session
@session.delete if defined?(@session) && @session.is_a?(CGI::Session)
@session = new_session
end

def method_missing(method_id, *arguments)
@cgi.__send__(method_id, *arguments) rescue super
end

private
# Delete an old session if it exists then create a new one.
def new_session
if @session_options == false
Hash.new
def read(*args)
if args.empty?
super || ""
else
CGI::Session.new(@cgi, session_options_with_string_keys.merge("new_session" => false)).delete rescue nil
CGI::Session.new(@cgi, session_options_with_string_keys.merge("new_session" => true))
super
end
end
end

def cookie_only?
session_options_with_string_keys['cookie_only']
end
def self.dispatch_cgi(app, cgi, out = $stdout)
env = cgi.__send__(:env_table)
env.delete "HTTP_CONTENT_LENGTH"

def stale_session_check!
yield
rescue ArgumentError => argument_error
if argument_error.message =~ %r{undefined class/module ([\w:]*\w)}
begin
# Note that the regexp does not allow $1 to end with a ':'
$1.constantize
rescue LoadError, NameError => const_error
raise ActionController::SessionRestoreError, <<-end_msg
Session contains objects whose class definition isn\'t available.
Remember to require the classes for all objects kept in the session.
(Original exception: #{const_error.message} [#{const_error.class}])
end_msg
end
cgi.stdinput.extend ProperStream

retry
else
raise
end
end
env["SCRIPT_NAME"] = "" if env["SCRIPT_NAME"] == "/"

def session_options_with_string_keys
@session_options_with_string_keys ||= DEFAULT_SESSION_OPTIONS.merge(@session_options).stringify_keys
end
end
env.update({
"rack.version" => [0,1],
"rack.input" => cgi.stdinput,
"rack.errors" => $stderr,
"rack.multithread" => false,
"rack.multiprocess" => true,
"rack.run_once" => false,
"rack.url_scheme" => ["yes", "on", "1"].include?(env["HTTPS"]) ? "https" : "http"
})

class CgiResponse < AbstractResponse #:nodoc:
def initialize(cgi)
@cgi = cgi
super()
end

def out(output = $stdout)
output.binmode if output.respond_to?(:binmode)
output.sync = false if output.respond_to?(:sync=)
env["QUERY_STRING"] ||= ""
env["HTTP_VERSION"] ||= env["SERVER_PROTOCOL"]
env["REQUEST_PATH"] ||= "/"
env.delete "PATH_INFO" if env["PATH_INFO"] == ""

status, headers, body = app.call(env)
begin
output.write(@cgi.header(@headers))

if @cgi.__send__(:env_table)['REQUEST_METHOD'] == 'HEAD'
return
elsif @body.respond_to?(:call)
# Flush the output now in case the @body Proc uses
# #syswrite.
output.flush if output.respond_to?(:flush)
@body.call(self, output)
else
output.write(@body)
end

output.flush if output.respond_to?(:flush)
rescue Errno::EPIPE, Errno::ECONNRESET
# lost connection to parent process, ignore output
out.binmode if out.respond_to?(:binmode)
out.sync = false if out.respond_to?(:sync=)

headers['Status'] = status.to_s
out.write(cgi.header(headers))

body.each { |part|
out.write part
out.flush if out.respond_to?(:flush)
}
ensure
body.close if body.respond_to?(:close)
end
end
end

class CgiRequest #:nodoc:
DEFAULT_SESSION_OPTIONS = {
:database_manager => CGI::Session::CookieStore,
:prefix => "ruby_sess.",
:session_path => "/",
:session_key => "_session_id",
:cookie_only => true,
:session_http_only => true
}
end
end
83 changes: 9 additions & 74 deletions actionpack/lib/action_controller/dispatcher.rb
View file
Expand Up @@ -24,8 +24,7 @@ def define_dispatcher_callbacks(cache_classes)
end
end

# Backward-compatible class method takes CGI-specific args. Deprecated
# in favor of Dispatcher.new(output, request, response).dispatch.
# DEPRECATE: Remove CGI support
def dispatch(cgi = nil, session_options = CgiRequest::DEFAULT_SESSION_OPTIONS, output = $stdout)
new(output).dispatch_cgi(cgi, session_options)
end
Expand All @@ -43,57 +42,16 @@ def to_prepare(identifier = nil, &block)
callback = ActiveSupport::Callbacks::Callback.new(:prepare_dispatch, block, :identifier => identifier)
@prepare_dispatch_callbacks.replace_or_append!(callback)
end

# If the block raises, send status code as a last-ditch response.
def failsafe_response(fallback_output, status, originating_exception = nil)
yield
rescue Exception => exception
begin
log_failsafe_exception(status, originating_exception || exception)
body = failsafe_response_body(status)
fallback_output.write "Status: #{status}\r\nContent-Type: text/html\r\n\r\n#{body}"
nil
rescue Exception => failsafe_error # Logger or IO errors
$stderr.puts "Error during failsafe response: #{failsafe_error}"
$stderr.puts "(originally #{originating_exception})" if originating_exception
end
end

private
def failsafe_response_body(status)
error_path = "#{error_file_path}/#{status.to_s[0..2]}.html"

if File.exist?(error_path)
File.read(error_path)
else
"<html><body><h1>#{status}</h1></body></html>"
end
end

def log_failsafe_exception(status, exception)
message = "/!\\ FAILSAFE /!\\ #{Time.now}\n Status: #{status}\n"
message << " #{exception}\n #{exception.backtrace.join("\n ")}" if exception
failsafe_logger.fatal message
end

def failsafe_logger
if defined?(::RAILS_DEFAULT_LOGGER) && !::RAILS_DEFAULT_LOGGER.nil?
::RAILS_DEFAULT_LOGGER
else
Logger.new($stderr)
end
end
end

cattr_accessor :middleware
self.middleware = MiddlewareStack.new

cattr_accessor :error_file_path
self.error_file_path = Rails.public_path if defined?(Rails.public_path)
self.middleware.use "ActionController::Failsafe"

include ActiveSupport::Callbacks
define_callbacks :prepare_dispatch, :before_dispatch, :after_dispatch

# DEPRECATE: Remove arguments
def initialize(output = $stdout, request = nil, response = nil)
@output, @request, @response = output, request, response
@app = @@middleware.build(lambda { |env| self.dup._call(env) })
Expand All @@ -120,14 +78,9 @@ def dispatch
end
end

# DEPRECATE: Remove CGI support
def dispatch_cgi(cgi, session_options)
if cgi ||= self.class.failsafe_response(@output, '400 Bad Request') { CGI.new }
@request = CgiRequest.new(cgi, session_options)
@response = CgiResponse.new(cgi)
dispatch
end
rescue Exception => exception
failsafe_rescue exception
CGIHandler.dispatch_cgi(self, cgi, @output)
end

def call(env)
Expand Down Expand Up @@ -160,40 +113,22 @@ def flush_logger
Base.logger.flush
end

def mark_as_test_request!
@test_request = true
self
end

def test_request?
@test_request
end

def checkin_connections
# Don't return connection (and peform implicit rollback) if this request is a part of integration test
return if test_request?
# TODO: This callback should have direct access to env
return if @request.key?("action_controller.test")
ActiveRecord::Base.clear_active_connections!
end

protected
def handle_request
@controller = Routing::Routes.recognize(@request)
@controller.process(@request, @response).out(@output)
@controller.process(@request, @response).out
end

def failsafe_rescue(exception)
if @test_request
process_with_exception(exception)
else
self.class.failsafe_response(@output, '500 Internal Server Error', exception) do
process_with_exception(exception)
end
end
end

def process_with_exception(exception)
if @controller ||= (::ApplicationController rescue Base)
@controller.process_with_exception(@request, @response, exception).out(@output)
@controller.process_with_exception(@request, @response, exception).out
else
raise exception
end
Expand Down

4 comments on commit 9c9da6c

@clemens
Copy link
Contributor

@clemens clemens commented on 9c9da6c Dec 5, 2008

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Finally …

@boblmartens
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent. Leaner and meaner!

@raggi
Copy link
Contributor

@raggi raggi commented on 9c9da6c Dec 5, 2008

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it’s not finished yet, but:

http://github.com/raggi/rails/commit/935d49846de3b194e61b049cd220e54fd11002cf

I’ll have to merge this one :-/

@josh
Copy link
Contributor Author

@josh josh commented on 9c9da6c Dec 5, 2008

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@raggi we need to get in touch. I don’t want to start hacking on some of that stuff if you’ve already done the hard work.

Please email me, josh at joshpeek dot com

Please sign in to comment.