def check_env(env)
# == The Environment
def check_env(env)
## The environment must be an unfrozen instance of Hash that includes
## CGI-like headers. The application is free to modify the
## environment.
raise LintError, "env #{env.inspect} is not a Hash, but #{env.class}" unless env.kind_of? Hash
raise LintError, "env should not be frozen, but is" if env.frozen?
##
## The environment is required to include these variables
## (adopted from PEP333), except when they'd be empty, but see
## below.
## <tt>REQUEST_METHOD</tt>:: The HTTP request method, such as
## "GET" or "POST". This cannot ever
## be an empty string, and so is
## always required.
## <tt>SCRIPT_NAME</tt>:: The initial portion of the request
## URL's "path" that corresponds to the
## application object, so that the
## application knows its virtual
## "location". This may be an empty
## string, if the application corresponds
## to the "root" of the server.
## <tt>PATH_INFO</tt>:: The remainder of the request URL's
## "path", designating the virtual
## "location" of the request's target
## within the application. This may be an
## empty string, if the request URL targets
## the application root and does not have a
## trailing slash. This value may be
## percent-encoded when originating from
## a URL.
## <tt>QUERY_STRING</tt>:: The portion of the request URL that
## follows the <tt>?</tt>, if any. May be
## empty, but is always required!
## <tt>SERVER_NAME</tt>:: When combined with <tt>SCRIPT_NAME</tt> and
## <tt>PATH_INFO</tt>, these variables can be
## used to complete the URL. Note, however,
## that <tt>HTTP_HOST</tt>, if present,
## should be used in preference to
## <tt>SERVER_NAME</tt> for reconstructing
## the request URL.
## <tt>SERVER_NAME</tt> can never be an empty
## string, and so is always required.
## <tt>SERVER_PORT</tt>:: An optional +Integer+ which is the port the
## server is running on. Should be specified if
## the server is running on a non-standard port.
## <tt>HTTP_</tt> Variables:: Variables corresponding to the
## client-supplied HTTP request
## headers (i.e., variables whose
## names begin with <tt>HTTP_</tt>). The
## presence or absence of these
## variables should correspond with
## the presence or absence of the
## appropriate HTTP header in the
## request. See
## {RFC3875 section 4.1.18}[https://tools.ietf.org/html/rfc3875#section-4.1.18]
## for specific behavior.
## In addition to this, the Rack environment must include these
## Rack-specific variables:
## <tt>rack.version</tt>:: The Array representing this version of Rack
## See Rack::VERSION, that corresponds to
## the version of this SPEC.
## <tt>rack.url_scheme</tt>:: +http+ or +https+, depending on the
## request URL.
## <tt>rack.input</tt>:: See below, the input stream.
## <tt>rack.errors</tt>:: See below, the error stream.
## <tt>rack.multithread</tt>:: true if the application object may be
## simultaneously invoked by another thread
## in the same process, false otherwise.
## <tt>rack.multiprocess</tt>:: true if an equivalent application object
## may be simultaneously invoked by another
## process, false otherwise.
## <tt>rack.run_once</tt>:: true if the server expects
## (but does not guarantee!) that the
## application will only be invoked this one
## time during the life of its containing
## process. Normally, this will only be true
## for a server based on CGI
## (or something similar).
## <tt>rack.hijack?</tt>:: present and true if the server supports
## connection hijacking. See below, hijacking.
## <tt>rack.hijack</tt>:: an object responding to #call that must be
## called at least once before using
## rack.hijack_io.
## It is recommended #call return rack.hijack_io
## as well as setting it in env if necessary.
## <tt>rack.hijack_io</tt>:: if rack.hijack? is true, and rack.hijack
## has received #call, this will contain
## an object resembling an IO. See hijacking.
## Additional environment specifications have approved to
## standardized middleware APIs. None of these are required to
## be implemented by the server.
## <tt>rack.session</tt>:: A hash like interface for storing
## request session data.
## The store must implement:
if session = env[RACK_SESSION]
## store(key, value) (aliased as []=);
unless session.respond_to?(:store) && session.respond_to?(:[]=)
raise LintError, "session #{session.inspect} must respond to store and []="
end
## fetch(key, default = nil) (aliased as []);
unless session.respond_to?(:fetch) && session.respond_to?(:[])
raise LintError, "session #{session.inspect} must respond to fetch and []"
end
## delete(key);
unless session.respond_to?(:delete)
raise LintError, "session #{session.inspect} must respond to delete"
end
## clear;
unless session.respond_to?(:clear)
raise LintError, "session #{session.inspect} must respond to clear"
end
## to_hash (returning unfrozen Hash instance);
unless session.respond_to?(:to_hash) && session.to_hash.kind_of?(Hash) && !session.to_hash.frozen?
raise LintError, "session #{session.inspect} must respond to to_hash and return unfrozen Hash instance"
end
end
## <tt>rack.logger</tt>:: A common object interface for logging messages.
## The object must implement:
if logger = env[RACK_LOGGER]
## info(message, &block)
unless logger.respond_to?(:info)
raise LintError, "logger #{logger.inspect} must respond to info"
end
## debug(message, &block)
unless logger.respond_to?(:debug)
raise LintError, "logger #{logger.inspect} must respond to debug"
end
## warn(message, &block)
unless logger.respond_to?(:warn)
raise LintError, "logger #{logger.inspect} must respond to warn"
end
## error(message, &block)
unless logger.respond_to?(:error)
raise LintError, "logger #{logger.inspect} must respond to error"
end
## fatal(message, &block)
unless logger.respond_to?(:fatal)
raise LintError, "logger #{logger.inspect} must respond to fatal"
end
end
## <tt>rack.multipart.buffer_size</tt>:: An Integer hint to the multipart parser as to what chunk size to use for reads and writes.
if bufsize = env[RACK_MULTIPART_BUFFER_SIZE]
unless bufsize.is_a?(Integer) && bufsize > 0
raise LintError, "rack.multipart.buffer_size must be an Integer > 0 if specified"
end
end
## <tt>rack.multipart.tempfile_factory</tt>:: An object responding to #call with two arguments, the filename and content_type given for the multipart form field, and returning an IO-like object that responds to #<< and optionally #rewind. This factory will be used to instantiate the tempfile for each multipart form file upload field, rather than the default class of Tempfile.
if tempfile_factory = env[RACK_MULTIPART_TEMPFILE_FACTORY]
raise LintError, "rack.multipart.tempfile_factory must respond to #call" unless tempfile_factory.respond_to?(:call)
env[RACK_MULTIPART_TEMPFILE_FACTORY] = lambda do |filename, content_type|
io = tempfile_factory.call(filename, content_type)
raise LintError, "rack.multipart.tempfile_factory return value must respond to #<<" unless io.respond_to?(:<<)
io
end
end
## The server or the application can store their own data in the
## environment, too. The keys must contain at least one dot,
## and should be prefixed uniquely. The prefix <tt>rack.</tt>
## is reserved for use with the Rack core distribution and other
## accepted specifications and must not be used otherwise.
##
%w[REQUEST_METHOD SERVER_NAME QUERY_STRING
rack.version rack.input rack.errors
rack.multithread rack.multiprocess rack.run_once].each { |header|
raise LintError, "env missing required key #{header}" unless env.include? header
}
## The <tt>SERVER_PORT</tt> must be an Integer if set.
server_port = env["SERVER_PORT"]
unless server_port.nil? || (Integer(server_port) rescue false)
raise LintError, "env[SERVER_PORT] is not an Integer"
end
## The <tt>SERVER_NAME</tt> must be a valid authority as defined by RFC7540.
unless (URI.parse("http://#{env[SERVER_NAME]}/") rescue false)
raise LintError, "#{env[SERVER_NAME]} must be a valid authority"
end
## The <tt>HTTP_HOST</tt> must be a valid authority as defined by RFC7540.
unless (URI.parse("http://#{env[HTTP_HOST]}/") rescue false)
raise LintError, "#{env[HTTP_HOST]} must be a valid authority"
end
## The environment must not contain the keys
## <tt>HTTP_CONTENT_TYPE</tt> or <tt>HTTP_CONTENT_LENGTH</tt>
## (use the versions without <tt>HTTP_</tt>).
%w[HTTP_CONTENT_TYPE HTTP_CONTENT_LENGTH].each { |header|
if env.include? header
raise LintError, "env contains #{header}, must use #{header[5, -1]}"
end
}
## The CGI keys (named without a period) must have String values.
## If the string values for CGI keys contain non-ASCII characters,
## they should use ASCII-8BIT encoding.
env.each { |key, value|
next if key.include? "." # Skip extensions
unless value.kind_of? String
raise LintError, "env variable #{key} has non-string value #{value.inspect}"
end
next if value.encoding == Encoding::ASCII_8BIT
unless value.b !~ /[\x80-\xff]/n
raise LintError, "env variable #{key} has value containing non-ASCII characters and has non-ASCII-8BIT encoding #{value.inspect} encoding: #{value.encoding}"
end
}
## There are the following restrictions:
## * <tt>rack.version</tt> must be an array of Integers.
unless env[RACK_VERSION].kind_of? Array
raise LintError, "rack.version must be an Array, was #{env[RACK_VERSION].class}"
end
## * <tt>rack.url_scheme</tt> must either be +http+ or +https+.
unless %w[http https].include?(env[RACK_URL_SCHEME])
raise LintError, "rack.url_scheme unknown: #{env[RACK_URL_SCHEME].inspect}"
end
## * There must be a valid input stream in <tt>rack.input</tt>.
check_input env[RACK_INPUT]
## * There must be a valid error stream in <tt>rack.errors</tt>.
check_error env[RACK_ERRORS]
## * There may be a valid hijack stream in <tt>rack.hijack_io</tt>
check_hijack env
## * The <tt>REQUEST_METHOD</tt> must be a valid token.
unless env[REQUEST_METHOD] =~ /\A[0-9A-Za-z!\#$%&'*+.^_`|~-]+\z/
raise LintError, "REQUEST_METHOD unknown: #{env[REQUEST_METHOD].dump}"
end
## * The <tt>SCRIPT_NAME</tt>, if non-empty, must start with <tt>/</tt>
if env.include?(SCRIPT_NAME) && env[SCRIPT_NAME] != "" && env[SCRIPT_NAME] !~ /\A\//
raise LintError, "SCRIPT_NAME must start with /"
end
## * The <tt>PATH_INFO</tt>, if non-empty, must start with <tt>/</tt>
if env.include?(PATH_INFO) && env[PATH_INFO] != "" && env[PATH_INFO] !~ /\A\//
raise LintError, "PATH_INFO must start with /"
end
## * The <tt>CONTENT_LENGTH</tt>, if given, must consist of digits only.
if env.include?("CONTENT_LENGTH") && env["CONTENT_LENGTH"] !~ /\A\d+\z/
raise LintError, "Invalid CONTENT_LENGTH: #{env["CONTENT_LENGTH"]}"
end
## * One of <tt>SCRIPT_NAME</tt> or <tt>PATH_INFO</tt> must be
## set. <tt>PATH_INFO</tt> should be <tt>/</tt> if
## <tt>SCRIPT_NAME</tt> is empty.
unless env[SCRIPT_NAME] || env[PATH_INFO]
raise LintError, "One of SCRIPT_NAME or PATH_INFO must be set (make PATH_INFO '/' if SCRIPT_NAME is empty)"
end
## <tt>SCRIPT_NAME</tt> never should be <tt>/</tt>, but instead be empty.
unless env[SCRIPT_NAME] != "/"
raise LintError, "SCRIPT_NAME cannot be '/', make it '' and PATH_INFO '/'"
end
end