a few examples for testing purposes; basic unicode validation for paths (less 500s on invalid unicode spam)

2025-01-25 01:16:56 +00:00 · 2025-01-25 01:16:56 +00:00 · d098f239a1
parent 8284c58509
commit d098f239a1
7 changed files with 84 additions and 17 deletions
--- a/examples/fileserving.ru
+++ b/examples/fileserving.ru
@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require 'landline'
+
+class App < Landline::App
+  path "/outer" do
+    path "/inner" do
+      get "/oucher" do
+        "Hello world"
+      end
+      remap __dir__
+      serve "*"
+    end
+  end
+end
+
+run App.new
--- a/examples/uploader/files/.bashrc
+++ b/examples/uploader/files/.bashrc
@ -1,10 +0,0 @@
-#
-# ~/.bashrc
-#
-
-# If not running interactively, don't do anything
-[[ $- != *i* ]] && return
-
-# alias ls='ls --color=auto'
-# alias grep='grep --color=auto'
-# PS1='[\u@\h \W]\$ '
--- a/examples/uploader/form.ru
+++ b/examples/uploader/form.ru
@ -3,8 +3,10 @@
 $LOAD_PATH.unshift("#{File.dirname(__FILE__)}/lib")
 require 'landline'

+ROOT=__dir__
+
 app = Landline::Server.new do
-  root ENV["PWD"]
+  root ROOT
  index ["index.html"]
  post "/" do
    formdata = form if form?
@ -12,7 +14,7 @@ app = Landline::Server.new do
    if formdata
      formdata["form_files"].each do |file|
        filename = file.filename.split("/").last
-        `mv #{file.tempfile.path} $PWD/files/#{filename}`
+        `mv #{file.tempfile.path} #{ROOT}/files/#{filename}`
        files[file.filename] = "<a href=\"files/#{filename}\">#{filename}</a>"
      end
    end
--- a/examples/uploader/index.rhtml
+++ b/examples/uploader/index.rhtml
@ -1,4 +1,4 @@
-<!DOCTYPE>
+<!DOCTYPE html>
 <html>
    <head>
        <title>Form upload test</title>
@ -7,6 +7,42 @@
        </style>
    </head>
    <body>
+        <script>
+function postFile() {
+  let progress = document.getElementById('progress')
+  
+  progress.style.display = 'block';
+
+  let formdata = new FormData();
+  
+  let files = document.getElementById('form_files').files;
+
+  for (const file of files) 
+  {
+    formdata.append('form_files[]', file);
+  }
+
+  let request = new XMLHttpRequest();
+  let filesize = 0;
+  for (const file of files) {
+    filesize = filesize + file.size;
+  }
+  console.log(filesize);
+
+  request.upload.addEventListener("progress", function(e) {
+    console.log(e.loaded);
+    if (e.loaded <= filesize) {
+      let percent = Math.round(e.loaded / filesize * 100);
+      progress.innerHTML = `${e.loaded} / ${filesize}`;
+    } else {
+      progress.innerHTML = 'Upload finished!';
+    }
+  });
+
+  request.open('post', '/');
+  request.send(formdata);
+}
+        </script>
        <h1>File uploader</h1>
        <hr/>
        <p> Add files here: <p>
@ -15,8 +51,11 @@
              enctype="multipart/form-data">
            <input id="form_files" type="file" name="form_files[]" multiple>
            <label for="form_files">Attach file</label>
-            <input type="submit" value="Send form">
+            <button type="button" onclick="postFile();">"Send form"</button>
        </form>
+        <p id="progress" style="display: none;">
+        Loading
+        </p>
        <% if (defined? formdata) and formdata %>
        <hr>
        <ul>
--- a/landline.gemspec
+++ b/landline.gemspec
@ -2,7 +2,7 @@

 Gem::Specification.new do |spec|
  spec.name                  = "landline"
-  spec.version               = "0.13.0"
+  spec.version               = "0.13.1"
  spec.summary               = "Elegant HTTP DSL"
  spec.description           = <<~DESC
    Landline is a no-hard-dependencies HTTP routing DSL that was made entirely for fun.
@ -15,5 +15,5 @@ Gem::Specification.new do |spec|
  spec.homepage              = "https://adastra7.net/git/Yessiest/landline"
  spec.files                 = Dir["lib/**/*"]
  spec.extra_rdoc_files      = Dir["*.md"]
-  spec.required_ruby_version = ">= 3.0.6"
+  spec.required_ruby_version = ">= 3.0.0"
 end
--- a/lib/landline.rb
+++ b/lib/landline.rb
@ -12,7 +12,7 @@ require_relative 'landline/app'
 # Landline is a backend framework born as a by-product of experimentation
 module Landline
  # Landline version
-  VERSION = '0.13.0 "Realign" (pre-alpha)'
+  VERSION = '0.13.1 "EDM Death Machine" (pre-alpha)'

  # Landline branding and version
  VLINE = "Landline/#{Landline::VERSION} (Ruby/#{RUBY_VERSION}/#{RUBY_RELEASE_DATE})\n".freeze
--- a/lib/landline/server.rb
+++ b/lib/landline/server.rb
@ -27,6 +27,9 @@ module Landline
    def call(env)
      request = Landline::Request.new(env)

+      failed_msg = check_unicode(request)
+      return failed_msg.finalize if failed_msg
+
      response = handle_jumps(request)
      request.run_postprocessors(response)
      resp = response.finalize
@ -54,6 +57,22 @@ module Landline
      response
    end

+    # Check that all important parameters are actually valid unicode
+    def check_unicode(request)
+      return false if request.path.valid_encoding? &&
+                      request.query.query.valid_encoding? &&
+                      request.server_name.valid_encoding?
+
+      response = Landline::Response.convert(
+        @properties["handle.default"].call(
+          400,
+          backtrace: ["Invalid unicode string"]
+        )
+      )
+      response.status = 400
+      response
+    end
+
    # Inititalization block for property setup
    def setup_properties(*_args, **_opts)
      {