use Moose::Meta::Class ();
extends 'Catalyst::Component';
use Moose::Util qw/find_meta/;
-use bytes;
use B::Hooks::EndOfScope ();
use Catalyst::Exception;
use Catalyst::Exception::Detach;
# Remember to update this in Catalyst::Runtime as well!
-our $VERSION = '5.80012';
+our $VERSION = '5.80014_02';
{
my $dev_version = $VERSION =~ /_\d{2}$/;
your code like this:
$c->forward('foo') || return;
+
+Another note is that C<< $c->forward >> always returns a scalar because it
+actually returns $c->state which operates in a scalar context.
+Thus, something like:
+
+ return @array;
+
+in an action that is forwarded to is going to return a scalar,
+i.e. how many items are in that array, which is probably not what you want.
+If you need to return an array then return a reference to it,
+or stash it like so:
+
+ $c->stash->{array} = \@array;
+
+and access it from the stash.
=cut
=head2 $c->state
-Contains the return value of the last executed action.
+Contains the return value of the last executed action.
+Note that << $c->state >> operates in a scalar context which means that all
+values it returns are scalar.
=head2 $c->clear_errors
# if we were given a regexp to search against, we're done.
return if ref $name;
+ # skip regexp fallback if configured
+ return
+ if $appclass->config->{disable_component_resolution_regex_fallback};
+
# regexp fallback
$query = qr/$name/i;
@result = grep { $eligible{ $_ } =~ m{$query} } keys %eligible;
(join '", "', @result) . "'. Relying on regexp fallback behavior for " .
"component resolution is unreliable and unsafe.";
my $short = $result[0];
- $short =~ s/.*?Model:://;
+ # remove the component namespace prefix
+ $short =~ s/.*?(Model|Controller|View):://;
my $shortmess = Carp::shortmess('');
if ($shortmess =~ m#Catalyst/Plugin#) {
$msg .= " You probably need to set '$short' instead of '${name}' in this " .
$msg .= " You probably need to set '$short' instead of '${name}' in this " .
"component's config";
} else {
- $msg .= " You probably meant \$c->${warn_for}('$short') instead of \$c->${warn_for}({'${name}'}), " .
+ $msg .= " You probably meant \$c->${warn_for}('$short') instead of \$c->${warn_for}('${name}'), " .
"but if you really wanted to search, pass in a regexp as the argument " .
"like so: \$c->${warn_for}(qr/${name}/)";
}
If C<$name> is a regexp, a list of components matched against the full
component name will be returned.
+If Catalyst can't find a component by name, it will fallback to regex
+matching by default. To disable this behaviour set
+disable_component_resolution_regex_fallback to a true value.
+
+ __PACKAGE__->config( disable_component_resolution_regex_fallback => 1 );
+
=cut
sub component {
my $name = $class->config->{name} || 'Application';
$class->log->info("$name powered by Catalyst $Catalyst::VERSION");
}
- $class->log->_flush() if $class->log->can('_flush');
# Make sure that the application class becomes immutable at this point,
B::Hooks::EndOfScope::on_scope_end {
) unless $meta->is_immutable;
};
+ if ($class->config->{case_sensitive}) {
+ $class->log->warn($class . "->config->{case_sensitive} is set.");
+ $class->log->warn("This setting is deprecated and planned to be removed in Catalyst 5.81.");
+ }
+
$class->setup_finalize;
+ # Should be the last thing we do so that user things hooking
+ # setup_finalize can log..
+ $class->log->_flush() if $class->log->can('_flush');
+ return 1; # Explicit return true as people have __PACKAGE__->setup as the last thing in their class. HATE.
}
$class->setup_finished(1);
}
-=head2 $c->uri_for( $path, @args?, \%query_values? )
+=head2 $c->uri_for( $path?, @args?, \%query_values? )
=head2 $c->uri_for( $action, \@captures?, @args?, \%query_values? )
provided path, and the additional arguments and query parameters provided.
When used as a string, provides a textual URI.
+If no arguments are provided, the URI for the current action is returned.
+To return the current action and also provide @args, use
+C<< $c->uri_for( $c->action, @args ) >>.
+
If the first argument is a string, it is taken as a public URI path relative
to C<< $c->namespace >> (if it doesn't begin with a forward slash) or
relative to the application root (if it does). It is then merged with
}
if ( blessed($path) ) { # action object
- my $captures = ( scalar @args && ref $args[0] eq 'ARRAY'
- ? shift(@args)
- : [] );
+ my $captures = [ map { s|/|%2F|; $_; }
+ ( scalar @args && ref $args[0] eq 'ARRAY'
+ ? @{ shift(@args) }
+ : ()) ];
my $action = $path;
$path = $c->dispatcher->uri_for_action($action, $captures);
if (not defined $path) {
carp "uri_for called with undef argument" if grep { ! defined $_ } @args;
s/([^$URI::uric])/$URI::Escape::escapes{$1}/go for @args;
+ s|/|%2F| for @args;
unshift(@args, $path);
# is this a root-level call or a forwarded call?
if ( $callsub =~ /forward$/ ) {
+ my $parent = $c->stack->[-1];
# forward, locate the caller
- if ( my $parent = $c->stack->[-1] ) {
+ if ( exists $c->counter->{"$parent"} ) {
$c->stats->profile(
begin => $action,
parent => "$parent" . $c->counter->{"$parent"},
$c->finalize_body;
}
+ $c->log_response;
+
if ($c->use_stats) {
my $elapsed = sprintf '%f', $c->stats->elapsed;
my $av = $elapsed == 0 ? '??' : sprintf '%.3f', 1 / $elapsed;
}
else {
# everything should be bytes at this point, but just in case
- $response->content_length( bytes::length( $response->body ) );
+ $response->content_length( length( $response->body ) );
}
}
$path = '/' unless length $path;
my $address = $c->req->address || '';
- $c->log->debug(qq/"$method" request for "$path" from "$address"/)
- if $c->debug;
+ $c->log_request;
$c->prepare_action;
$c->engine->prepare_body( $c, @_ );
$c->prepare_parameters;
$c->prepare_uploads;
-
- if ( $c->debug && keys %{ $c->req->body_parameters } ) {
- my $t = Text::SimpleTable->new( [ 35, 'Parameter' ], [ 36, 'Value' ] );
- for my $key ( sort keys %{ $c->req->body_parameters } ) {
- my $param = $c->req->body_parameters->{$key};
- my $value = defined($param) ? $param : '';
- $t->row( $key,
- ref $value eq 'ARRAY' ? ( join ', ', @$value ) : $value );
- }
- $c->log->debug( "Body Parameters are:\n" . $t->draw );
- }
}
=head2 $c->prepare_body_chunk( $chunk )
my $c = shift;
$c->engine->prepare_query_parameters( $c, @_ );
+}
- if ( $c->debug && keys %{ $c->request->query_parameters } ) {
- my $t = Text::SimpleTable->new( [ 35, 'Parameter' ], [ 36, 'Value' ] );
- for my $key ( sort keys %{ $c->req->query_parameters } ) {
- my $param = $c->req->query_parameters->{$key};
- my $value = defined($param) ? $param : '';
- $t->row( $key,
- ref $value eq 'ARRAY' ? ( join ', ', @$value ) : $value );
+=head2 $c->apply_parameter_debug_filters($params)
+
+=cut
+
+sub _apply_parameter_debug_filters {
+ my $c = shift;
+ my $type = shift;
+ my $params = shift;
+
+ # take a copy since we don't want to modify the original
+ my $filtered_params = {%$params};
+
+ my @filters;
+
+ my $filter_param_config = $c->config->{Debug}->{param_filters};
+ if ( ref($filter_param_config) eq 'HASH' ) {
+
+ # filters broken out by parameter type (i.e. body, query, all)
+ my $type_filters = $filter_param_config->{$type} || [];
+ $type_filters = [$type_filters] if ref $type_filters ne 'ARRAY';
+
+ my $all_filters = $filter_param_config->{'all'} || [];
+ $all_filters = [$all_filters] if ref $all_filters ne 'ARRAY';
+
+ @filters = $c->_normalize_debug_filters( [ @$type_filters, @$all_filters ] );
+ } elsif ($filter_param_config) {
+ @filters = $c->_normalize_debug_filters($filter_param_config);
+ }
+
+ # allow callback to modify each parameter
+ foreach my $k ( keys %$filtered_params ) {
+
+ # apply filters to each param
+ foreach my $f (@filters) {
+
+ # take a copy of the key to avoid the callback inadvertantly
+ # modifying things
+ my $copy_key = $k;
+
+ my $returned = $f->( $copy_key => $filtered_params->{$k} );
+
+ if ( defined $returned ) {
+
+ # if no value is returned, we assume the filter chose not to modify anything
+ # otherwise, the returned value is the logged value
+ $filtered_params->{$k} = $returned;
+
+ last; # skip the rest of the filters since this one matched
+ }
}
- $c->log->debug( "Query Parameters are:\n" . $t->draw );
}
+ return $filtered_params;
}
-=head2 $c->prepare_read
+# turn debug filters into a list of CodeRef's
+sub _normalize_debug_filters {
+ my $c = shift;
-Prepares the input for reading.
+ my @filters = ref( $_[0] ) eq 'ARRAY' ? @{ $_[0] } : grep { defined $_ } @_;
-=cut
+ my @normalized = map { _make_filter_callback($_) } @filters;
-sub prepare_read { my $c = shift; $c->engine->prepare_read( $c, @_ ) }
+ return @normalized;
+}
-=head2 $c->prepare_request
+sub _make_filter_callback {
+ my $filter = shift;
-Prepares the engine request.
+ my $filter_str = '[FILTERED]';
+ if ( ref($filter) eq 'Regexp' ) {
+ return sub { return $_[0] =~ $filter ? $filter_str : undef };
+ } elsif ( ref($filter) eq 'CODE' ) {
+ return $filter;
+ } else {
+ return sub { return $_[0] eq $filter ? $filter_str : undef };
+ }
+}
+
+=head2 $c->log_request
+
+Writes information about the request to the debug logs. This includes:
+
+=over 4
+
+=item * Request method, path, and remote IP address
+
+=item * Query keywords (see L<Catalyst::Request/query_keywords>)
+
+=item * Request parameters (see L</log_request_parameters>)
+
+=item * File uploads
+
+=back
=cut
-sub prepare_request { my $c = shift; $c->engine->prepare_request( $c, @_ ) }
+sub log_request {
+ my $c = shift;
-=head2 $c->prepare_uploads
+ return unless $c->debug;
-Prepares uploads.
+ my ( $method, $path, $address ) = ( $c->req->method, $c->req->path, $c->req->address );
+ $method ||= '';
+ $path = '/' unless length $path;
+ $address ||= '';
+ $c->log->debug(qq/"$method" request for "$path" from "$address"/);
+
+ if ( my $keywords = $c->req->query_keywords ) {
+ $c->log->debug("Query keywords are: $keywords");
+ }
+
+ $c->log_request_parameters( query => $c->req->query_parameters, body => $c->req->body_parameters );
+
+ $c->log_request_uploads;
+}
+
+=head2 $c->log_response
+
+Writes information about the response to the debug logs. This includes:
+
+=over 4
+
+=item * Response status code
+
+=item * Response headers (see L</log_headers>)
+
+=back
+
+This logging is not enabled by default. To enable it, you must set a flag in your Catalyst config:
+
+ __PACKAGE__->config( Debug => { log_response => 1 } );
=cut
-sub prepare_uploads {
+sub log_response {
my $c = shift;
- $c->engine->prepare_uploads( $c, @_ );
+ return unless $c->debug && $c->config->{Debug}->{log_response};
+
+ $c->log->debug('Response Status: ' . $c->response->status);
+ $c->log_headers('response', $c->response->headers);
+}
+
+=head2 $c->log_request_parameters( query => {}, body => {} )
+
+Logs request parameters to debug logs
+
+If you have sensitive data that you do not want written to the Catalyst
+debug logs, you can set options in your config to filter those values out.
+There are a few different ways you can set these up depending on what
+exactly you need to filter.
+
+=head3 Filtering parameters by name
- if ( $c->debug && keys %{ $c->request->uploads } ) {
+The most basic means of filtering is to add an entry into your config
+as shown below. You can have a simple scalar to just filter a
+single parameter or an ARRAY ref to filter out multiple params.
+
+ # filters a single param
+ __PACKAGE__->config( Debug => { param_filters => 'param_name' } );
+
+ # filters multiple params
+ __PACKAGE__->config( Debug => { param_filters => [qw(param1 param2)] } );
+
+When the debug logs are generated for a given request, any parameters
+(query or body) that exactly match the specified value(s) will have
+their values replaced with '[FILTERED]'. For instance:
+
+ [debug] Query Parameters are:
+ .-------------------------------------+--------------------------------------.
+ | Parameter | Value |
+ +-------------------------------------+--------------------------------------+
+ | password | [FILTERED] |
+ .-------------------------------------+--------------------------------------.
+
+=head3 Filtering parameters by regular expression
+
+If you have a set of parameters you need to filter, you can specify a
+regular expression that will be used to match against parameter names.
+
+ # filters parameters starting with "private."
+ __PACKAGE__->config( Debug => { param_filters => qr/^private\./ } );
+
+ # filters parameters named "param1" or starting with "private." or "secret."
+ __PACKAGE__->config( Debug => { param_filters => [ 'param1', qr/^private\./, qr/^secret\./ ] } );
+
+Notice on the second example, the arrayref contains a string as well
+as two regular expressions. This should DWIM and filter parameters that
+match any of the filters specified.
+
+=head3 Filtering parameters by callback
+
+If you want even more flexible filtering, you can specify an anonymous
+subroutine. The subroutine is given the parameter name and value and
+is expected to return the new value that will be shown in the debug log.
+An C<undef> return value indicates that no change should be made to
+the value.
+
+ # transform any "password" param to "********"
+ __PACKAGE__->config(
+ Debug => {
+ param_filters => sub { my ( $k, $v ) = @_; return unless $k eq 'password'; return '*' x 8; }
+ }
+ );
+
+ # combine several param filtering methods
+ __PACKAGE__->config(
+ Debug => {
+ param_filters => [
+ 'simple_param_name',
+ qr/^private\./,
+ sub { my ( $k, $v ) = @_; return unless $k eq 'password'; return '*' x 8; },
+ ]
+ }
+ );
+
+An example of the debug log for a request with
+C<password=secret&some_other_param=some_other_value> would be:
+
+ [debug] Body Parameters are:
+ .-------------------------------------+--------------------------------------.
+ | Parameter | Value |
+ +-------------------------------------+--------------------------------------+
+ | some_other_param | some_other_value |
+ | password | ******** |
+ .-------------------------------------+--------------------------------------.
+
+=head3 Filtering by parameter location
+
+If you have different filters that depend on whether a param was passed
+as a query or body param (or as either), you can specify a hashref with
+different sets of filters:
+
+ # filters all body parameters
+ __PACKAGE__->config( Debug => { param_filters => { body => qr// } } );
+
+ # filters query parameters starting with 'private'.
+ __PACKAGE__->config( Debug => { param_filters => { query => qr/^private\./ } } );
+
+ # filters all parameters (query or body) through the specified callback
+ __PACKAGE__->config(
+ Debug => {
+ param_filters => {
+ all => sub { return unless $_[0] eq 'fizzbuzz'; return 'FIZZBUZZ FILTER' }
+ }
+ }
+ );
+
+Of course, you can use any of the above filtering methods with these
+"location-specific" filters:
+
+ # body parameter filters
+ __PACKAGE__->config(
+ Debug => {
+ param_filters => {
+ body => [
+ 'some_param',
+ qr/^private\./,
+ sub { return 'XXX' if shift eq 'other_param' }
+ ]
+ }
+ }
+ );
+
+ # query parameter filters
+ __PACKAGE__->config(
+ Debug => {
+ param_filters => {
+ body => [
+ 'some_param',
+ qr/^private\./,
+ sub { return 'XXX' if shift eq 'other_param' }
+ ]
+ }
+ }
+ );
+
+ # query parameter filters
+ __PACKAGE__->config( Debug => { param_filters => { all => [qw(foo bar)] } } );
+
+=cut
+
+sub log_request_parameters {
+ my $c = shift;
+ my %all_params = @_;
+
+ my $column_width = Catalyst::Utils::term_width() - 44;
+ foreach my $type (qw(query body)) {
+ my $filtered_params = $c->_apply_parameter_debug_filters( $type, $all_params{$type} || {} );
+ next unless keys %$filtered_params;
+ my $t = Text::SimpleTable->new( [ 35, 'Parameter' ], [ $column_width, 'Value' ] );
+ for my $key ( sort keys %$filtered_params ) {
+ my $param = $filtered_params->{$key};
+ my $value = defined($param) ? $param : '';
+ $t->row( $key, ref $value eq 'ARRAY' ? ( join ', ', @$value ) : $value );
+ }
+ $c->log->debug( ucfirst($type) . " Parameters are:\n" . $t->draw );
+ }
+}
+
+=head2 $c->log_request_uploads
+
+Logs file uploads included in the request to the debug logs.
+The parameter name, filename, file type, and file size are all included in
+the debug logs.
+
+=cut
+
+sub log_request_uploads {
+ my $c = shift;
+ my $uploads = $c->req->uploads;
+ if ( keys %$uploads ) {
my $t = Text::SimpleTable->new(
[ 12, 'Parameter' ],
[ 26, 'Filename' ],
[ 18, 'Type' ],
[ 9, 'Size' ]
);
- for my $key ( sort keys %{ $c->request->uploads } ) {
- my $upload = $c->request->uploads->{$key};
+ for my $key ( sort keys %$uploads ) {
+ my $upload = $uploads->{$key};
for my $u ( ref $upload eq 'ARRAY' ? @{$upload} : ($upload) ) {
$t->row( $key, $u->filename, $u->type, $u->size );
}
}
}
+=head2 $c->log_headers($type => $headers)
+
+Writes HTTP::Headers to debug logs, applying filters as configured.
+
+Similarly to how L</log_request_parameters> is configured, you can
+configure Catalyst to filter response header values to avoid writing
+sensitive data to your logs (e.g. cookie values, etc.). The configuration
+works in virtually the same way as the examples in
+L</log_request_parameters>. Here are a few specific examples:
+
+ # filters all "Set-Cookie" headers from response logging
+ __PACKAGE__->config(Debug => { response_header_filters => 'Set-Cookie' } );
+
+ # filters only the value of the cookie (and leaves the name, path, expiration)
+ __PACKAGE__->config(
+ Debug => {
+ response_header_filters => sub {
+ my ( $n, $v ) = @_;
+ return unless $n eq 'Set-Cookie';
+ $v =~ s/^.*?;//;
+ return $v;
+ },
+ }
+ );
+
+=cut
+
+sub log_headers {
+ my $c = shift;
+ my $type = shift;
+ my $headers = shift; # an HTTP::Headers instance
+
+ my $filtered = $c->_apply_header_debug_filters( $type, $headers );
+
+ my $t = Text::SimpleTable->new( [ 35, 'Header Name' ], [ 40, 'Value' ] );
+ $filtered->scan(
+ sub {
+ my ( $name, $value ) = @_;
+ $t->row( $name, $value );
+ }
+ );
+ $c->log->debug( ucfirst($type) . " Headers:\n" . $t->draw );
+}
+
+# Applies debug filters to $headers and returns a new HTTP::Headers object which has (potentially) filtered values.
+sub _apply_header_debug_filters {
+ my $c = shift;
+ my $type = shift;
+ my $headers = shift;
+
+ my @header_filters = $c->_normalize_debug_filters( $c->config->{Debug}->{ $type . '_header_filters' } );
+ my $filtered_headers = HTTP::Headers->new();
+ foreach my $name ( $headers->header_field_names ) {
+ my @values = $headers->header($name);
+
+ # headers can be multi-valued
+ foreach my $value (@values) {
+ foreach my $f (@header_filters) {
+ my $new_value = $f->( $name, $value );
+
+ # if a defined value is returned, we use that
+ if ( defined $new_value ) {
+ $value = $new_value;
+ last; # skip the rest of the filters
+ }
+ }
+ $filtered_headers->push_header( $name, $value );
+ }
+ }
+ return $filtered_headers;
+}
+
+=head2 $c->prepare_read
+
+Prepares the input for reading.
+
+=cut
+
+sub prepare_read { my $c = shift; $c->engine->prepare_read( $c, @_ ) }
+
+=head2 $c->prepare_request
+
+Prepares the engine request.
+
+=cut
+
+sub prepare_request { my $c = shift; $c->engine->prepare_request( $c, @_ ) }
+
+=head2 $c->prepare_uploads
+
+Prepares uploads.
+
+=cut
+
+sub prepare_uploads {
+ my $c = shift;
+
+ $c->engine->prepare_uploads( $c, @_ );
+}
+
=head2 $c->prepare_write
Prepares the output for writing.
my $class = ref $proto || $proto;
Class::MOP::load_class( $plugin );
-
+ $class->log->warn( "$plugin inherits from 'Catalyst::Component' - this is decated and will not work in 5.81" )
+ if $plugin->isa( 'Catalyst::Component' );
$proto->_plugins->{$plugin} = 1;
unless ($instant) {
no strict 'refs';
sub version { return $Catalyst::VERSION }
+=head1 CONFIGURATION
+
+There are a number of 'base' config variables which can be set:
+
+=over
+
+=item *
+
+C<default_model> - The default model picked if you say C<< $c->model >>. See L</$c->model($name)>.
+
+=item *
+
+C<default_view> - The default view to be rendered or returned when C<< $c->view >>. See L</$c->view($name)>.
+is called.
+
+=item *
+
+C<disable_component_resolution_regex_fallback> - Turns
+off the deprecated component resolution functionality so
+that if any of the component methods (e.g. C<< $c->controller('Foo') >>)
+are called then regex search will not be attempted on string values and
+instead C<undef> will be returned.
+
+=item *
+
+C<home> - The application home directory. In an uninstalled application,
+this is the top level application directory. In an installed application,
+this will be the directory containing C<< MyApp.pm >>.
+
+=item *
+
+C<ignore_frontend_proxy> - See L</PROXY SUPPORT>
+
+=item *
+
+C<name> - The name of the application in debug messages and the debug and
+welcome screens
+
+=item *
+
+C<parse_on_demand> - The request body (for example file uploads) will not be parsed
+until it is accessed. This allows you to (for example) check authentication (and reject
+the upload) before actually recieving all the data. See L</ON-DEMAND PARSER>
+
+=item *
+
+C<root> - The root directory for templates. Usually this is just a
+subdirectory of the home directory, but you can set it to change the
+templates to a different directory.
+
+=item *
+
+C<search_extra> - Array reference passed to Module::Pluggable to for additional
+namespaces from which components will be loaded (and constructed and stored in
+C<< $c->components >>).
+
+=item *
+
+C<show_internal_actions> - If true, causes internal actions such as C<< _DISPATCH >>
+to be shown in hit debug tables in the test server.
+
+=item *
+
+C<using_frontend_proxy> - See L</PROXY SUPPORT>.
+
+=back
+
=head1 INTERNAL ACTIONS
Catalyst uses internal actions like C<_DISPATCH>, C<_BEGIN>, C<_AUTO>,
MyApp->config(show_internal_actions => 1);
-=head1 CASE SENSITIVITY
-
-By default Catalyst is not case sensitive, so C<MyApp::C::FOO::Bar> is
-mapped to C</foo/bar>. You can activate case sensitivity with a config
-parameter.
-
- MyApp->config(case_sensitive => 1);
-
-This causes C<MyApp::C::Foo::Bar> to map to C</Foo/Bar>.
-
=head1 ON-DEMAND PARSER
The request body is usually parsed at the beginning of a request,
acme: Leon Brocard <leon@astray.com>
+abraxxa: Alexander Hartmaier <abraxxa@cpan.org>
+
Andrew Bramble
Andrew Ford E<lt>A.Ford@ford-mason.co.ukE<gt>
David E. Wheeler
+dhoss: Devin Austin <dhoss@cpan.org>
+
dkubb: Dan Kubb <dan.kubb-cpan@onautopilot.com>
Drew Taylor