X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FResponse.pm;h=19be6c6ab9c5deba3ceb264dbe6b965c11852dc0;hb=refs%2Fheads%2Fredirection-security-retry;hp=cb73a34631d878160435c8245faeff4fabfadf6e;hpb=7e7437987dd389a99e16356af7c63cf672fde67d;p=catagits%2FCatalyst-Runtime.git diff --git a/lib/Catalyst/Response.pm b/lib/Catalyst/Response.pm index cb73a34..19be6c6 100644 --- a/lib/Catalyst/Response.pm +++ b/lib/Catalyst/Response.pm @@ -2,23 +2,75 @@ package Catalyst::Response; use Moose; use HTTP::Headers; +use Moose::Util::TypeConstraints; +use namespace::autoclean; with 'MooseX::Emulate::Class::Accessor::Fast'; -has cookies => (is => 'rw', default => sub { {} }); -has body => (is => 'rw', default => '', lazy => 1, predicate => 'has_body', - clearer => '_clear_body' +has _response_cb => ( + is => 'ro', + isa => 'CodeRef', + writer => '_set_response_cb', + clearer => '_clear_response_cb', + predicate => '_has_response_cb', ); -after 'body' => sub { # If someone assigned undef, clear the body so we get '' - if (scalar(@_) == 2 && !defined($_[1])) { - $_[0]->_clear_body; - } -}; -has location => (is => 'rw'); + +subtype 'Catalyst::Engine::Types::Writer', + as duck_type([qw(write close)]); + +has _writer => ( + is => 'ro', + isa => 'Catalyst::Engine::Types::Writer', #Pointless since we control how this is built + #writer => '_set_writer', Now that its lazy I think this is safe to remove + clearer => '_clear_writer', + predicate => '_has_writer', + lazy => 1, + builder => '_build_writer', +); + +sub _build_writer { + my $self = shift; + + ## These two lines are probably crap now... + $self->_context->finalize_headers unless + $self->finalized_headers; + + my @headers; + $self->headers->scan(sub { push @headers, @_ }); + + my $writer = $self->_response_cb->([ $self->status, \@headers ]); + $self->_clear_response_cb; + + return $writer; +} + +has write_fh => ( + is=>'ro', + predicate=>'_has_write_fh', + lazy=>1, + builder=>'_build_write_fh', +); + +sub _build_write_fh { shift ->_writer } + +sub DEMOLISH { + my $self = shift; + return if $self->_has_write_fh; + if($self->_has_writer) { + $self->_writer->close + } +} + +has cookies => (is => 'rw', default => sub { {} }); +has body => (is => 'rw', default => undef); +sub has_body { defined($_[0]->body) } + +has location => (is => 'rw', writer => '_set_location'); has status => (is => 'rw', default => 200); has finalized_headers => (is => 'rw', default => 0); has headers => ( is => 'rw', + isa => 'HTTP::Headers', handles => [qw(content_encoding content_length content_type header)], default => sub { HTTP::Headers->new() }, required => 1, @@ -27,15 +79,64 @@ has headers => ( has _context => ( is => 'rw', weak_ref => 1, - handles => ['write'], clearer => '_clear_context', ); +before [qw(status headers content_encoding content_length content_type header)] => sub { + my $self = shift; + + $self->_context->log->warn( + "Useless setting a header value after finalize_headers called." . + " Not what you want." ) + if ( $self->finalized_headers && @_ ); +}; + sub output { shift->body(@_) } sub code { shift->status(@_) } -no Moose; +sub write { + my ( $self, $buffer ) = @_; + + # Finalize headers if someone manually writes output + $self->_context->finalize_headers unless $self->finalized_headers; + + $buffer = q[] unless defined $buffer; + + my $len = length($buffer); + $self->_writer->write($buffer); + + return $len; +} + +sub finalize_headers { + my ($self) = @_; + return; +} + +sub from_psgi_response { + my ($self, $psgi_res) = @_; + if(ref $psgi_res eq 'ARRAY') { + my ($status, $headers, $body) = @$psgi_res; + $self->status($status); + $self->headers(HTTP::Headers->new(@$headers)); + $self->body($body); + } elsif(ref $psgi_res eq 'CODE') { + $psgi_res->(sub { + my $response = shift; + my ($status, $headers, $maybe_body) = @$response; + $self->status($status); + $self->headers(HTTP::Headers->new(@$headers)); + if(defined $maybe_body) { + $self->body($maybe_body); + } else { + return $self->write_fh; + } + }); + } else { + die "You can't set a Catalyst response from that, expect a valid PSGI response"; + } +} =head1 NAME @@ -65,7 +166,7 @@ will turn the Catalyst::Response into a HTTP Response and return it to the clien =head1 METHODS -=head2 $res->body(<$text|$fh|$iohandle_object) +=head2 $res->body( $text | $fh | $iohandle_object ) $c->response->body('Catalyst rocks!'); @@ -74,6 +175,14 @@ you might want to use a L type of object (Something that implements in the same fashion), or a filehandle GLOB. Catalyst will write it piece by piece into the response. +When using a L type of object and no content length has been +already set in the response headers Catalyst will make a reasonable attempt +to determine the size of the Handle. Depending on the implementation of your +handle object, setting the content length may fail. If it is at all possible +for you to determine the content length of your handle object, +it is recommended that you set the content length in the response headers +yourself, which will be respected and sent by Catalyst in the response. + =head2 $res->has_body Predicate which returns true when a body has been set. @@ -150,9 +259,15 @@ C<302>. This is a convenience method that sets the Location header to the redirect destination, and then sets the response status. You will -want to C< return; > or C< $c->detach() > to interrupt the normal +want to C< return > or C<< $c->detach() >> to interrupt the normal processing flow if you want the redirect to occur straight away. +B do not give a relative URL as $url, i.e: one that is not fully +qualified (= C, etc.) or that starts with a slash +(= C). While it may work, it is not guaranteed to do the right +thing and is not a standard behaviour. You may opt to use uri_for() or +uri_for_action() instead. + =cut sub redirect { @@ -169,6 +284,23 @@ sub redirect { return $self->location; } +around '_set_location' => sub { + my $orig = shift; + my $self = shift; + + if (@_) { + my $location = shift; + + if ( $location =~ m/[\n\r]/ ) { # check for header injection + die "blocking header injection"; + } else { + $self->$orig($location); + } + } else { + $self->$orig(); + } +}; + =head2 $res->location Sets or returns the HTTP 'Location'. @@ -185,15 +317,85 @@ $res->code is an alias for this, to match HTTP::Response->code. Writes $data to the output stream. -=head2 meta +=head2 $res->write_fh -Provided by Moose +Returns a PSGI $writer object that has two methods, write and close. You can +close over this object for asynchronous and nonblocking applications. For +example (assuming you are using a supporting server, like L + + package AsyncExample::Controller::Root; + + use Moose; + + BEGIN { extends 'Catalyst::Controller' } + + sub prepare_cb { + my $write_fh = pop; + return sub { + my $message = shift; + $write_fh->write("Finishing: $message\n"); + $write_fh->close; + }; + } + + sub anyevent :Local :Args(0) { + my ($self, $c) = @_; + my $cb = $self->prepare_cb($c->res->write_fh); + + my $watcher; + $watcher = AnyEvent->timer( + after => 5, + cb => sub { + $cb->(scalar localtime); + undef $watcher; # cancel circular-ref + }); + } =head2 $res->print( @data ) Prints @data to the output stream, separated by $,. This lets you pass the response object to functions that want to write to an L. +=head2 $self->finalize_headers($c) + +Writes headers to response if not already written + +=head2 from_psgi_response + +Given a PSGI response (either three element ARRAY reference OR coderef expecting +a $responder) set the response from it. + +Properly supports streaming and delayed response and / or async IO if running +under an expected event loop. + +Example: + + package MyApp::Web::Controller::Test; + + use base 'Catalyst::Controller'; + use Plack::App::Directory; + + + my $app = Plack::App::Directory->new({ root => "/path/to/htdocs" }) + ->to_app; + + sub myaction :Local Args { + my ($self, $c) = @_; + $c->res->from_psgi_response($app->($c->req->env)); + } + +Please note this does not attempt to map or nest your PSGI application under +the Controller and Action namespace or path. + +=head2 DEMOLISH + +Ensures that the response is flushed and closed at the end of the +request. + +=head2 meta + +Provided by Moose + =cut sub print { @@ -206,6 +408,7 @@ sub print { defined $self->write($,) or return; defined $self->write($_) or return; } + defined $self->write($\) or return; return 1; }