X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Runtime.git;a=blobdiff_plain;f=lib%2FCatalyst%2FEngine%2FCGI.pm;h=3f2ef67d3d13bf700c782b18038a5488264d6786;hp=6946e55589059a3d44fefca26b46825daf4e7e1a;hb=e8b299689361f7f8538d0f7adf70fc86fecba8b2;hpb=c9afa5fc4ed6c36afe6653d7d8fbb9909994c1a8 diff --git a/lib/Catalyst/Engine/CGI.pm b/lib/Catalyst/Engine/CGI.pm index 6946e55..3f2ef67 100644 --- a/lib/Catalyst/Engine/CGI.pm +++ b/lib/Catalyst/Engine/CGI.pm @@ -1,16 +1,9 @@ package Catalyst::Engine::CGI; -use strict; -use base 'Catalyst::Engine'; -use URI; +use Moose; +extends 'Catalyst::Engine'; -require CGI::Simple; -require CGI::Cookie; - -$CGI::Simple::POST_MAX = 1048576; -$CGI::Simple::DISABLE_UPLOADS = 0; - -__PACKAGE__->mk_accessors('cgi'); +has _header_buf => (is => 'rw', clearer => '_clear_header_buf', predicate => '_has_header_buf'); =head1 NAME @@ -33,195 +26,265 @@ appropriate engine module. =head1 DESCRIPTION -This is the Catalyst engine specialized for the CGI environment (using the -C and C modules). Normally Catalyst will select the -appropriate engine according to the environment that it detects, however you -can force Catalyst to use the CGI engine by specifying the following in your -application module: +This is the Catalyst engine specialized for the CGI environment. - use Catalyst qw(-Engine=CGI); +=head1 OVERLOADED METHODS -Catalyst::Engine::CGI generates a full set of HTTP headers, which means that -applications using the engine must be be configured as "Non-parsed Headers" -scripts (at least when running under Apache). To configure this under Apache -name the starting with C. +This class overloads some methods from C. -The performance of this way of using Catalyst is not expected to be -useful in production applications, but it may be helpful for development. +=head2 $self->finalize_headers($c) -=head1 METHODS +=cut -=over 4 +sub finalize_headers { + my ( $self, $c ) = @_; -=item $c->cgi + $c->response->header( Status => $c->response->status ); -This config parameter contains the C object. + $self->_header_buf($c->response->headers->as_string("\015\012") . "\015\012"); +} -=back +=head2 $self->prepare_connection($c) -=head1 OVERLOADED METHODS +=cut -This class overloads some methods from C. +sub prepare_connection { + my ( $self, $c ) = @_; + local (*ENV) = $self->env || \%ENV; -=over 4 + my $request = $c->request; + $request->address( $ENV{REMOTE_ADDR} ); -=item $c->finalize_headers + PROXY_CHECK: + { + unless ( ref($c)->config->{using_frontend_proxy} ) { + last PROXY_CHECK if $ENV{REMOTE_ADDR} ne '127.0.0.1'; + last PROXY_CHECK if ref($c)->config->{ignore_frontend_proxy}; + } + last PROXY_CHECK unless $ENV{HTTP_X_FORWARDED_FOR}; + + # If we are running as a backend server, the user will always appear + # as 127.0.0.1. Select the most recent upstream IP (last in the list) + my ($ip) = $ENV{HTTP_X_FORWARDED_FOR} =~ /([^,\s]+)$/; + $request->address($ip); + if ( defined $ENV{HTTP_X_FORWARDED_PORT} ) { + $ENV{SERVER_PORT} = $ENV{HTTP_X_FORWARDED_PORT}; + } + } -=cut + $request->hostname( $ENV{REMOTE_HOST} ) if exists $ENV{REMOTE_HOST}; + $request->protocol( $ENV{SERVER_PROTOCOL} ); + $request->user( $ENV{REMOTE_USER} ); # XXX: Deprecated. See Catalyst::Request for removal information + $request->remote_user( $ENV{REMOTE_USER} ); + $request->method( $ENV{REQUEST_METHOD} ); -sub finalize_headers { - my $c = shift; - my %headers; - $headers{-status} = $c->response->status if $c->response->status; - for my $name ( $c->response->headers->header_field_names ) { - $headers{"-$name"} = $c->response->headers->header($name); + if ( $ENV{HTTPS} && uc( $ENV{HTTPS} ) eq 'ON' ) { + $request->secure(1); } - my @cookies; - while ( my ( $name, $cookie ) = each %{ $c->response->cookies } ) { - push @cookies, $c->cgi->cookie( - -name => $name, - -value => $cookie->{value}, - -expires => $cookie->{expires}, - -domain => $cookie->{domain}, - -path => $cookie->{path}, - -secure => $cookie->{secure} || 0 - ); + + if ( $ENV{SERVER_PORT} == 443 ) { + $request->secure(1); } - $headers{-cookie} = \@cookies if @cookies; - print $c->cgi->header(%headers); + binmode(STDOUT); # Ensure we are sending bytes. } -=item $c->finalize_output - -Prints the response output to STDOUT. +=head2 $self->prepare_headers($c) =cut -sub finalize_output { - my $c = shift; - print $c->response->output; +sub prepare_headers { + my ( $self, $c ) = @_; + local (*ENV) = $self->env || \%ENV; + my $headers = $c->request->headers; + # Read headers from %ENV + foreach my $header ( keys %ENV ) { + next unless $header =~ /^(?:HTTP|CONTENT|COOKIE)/i; + ( my $field = $header ) =~ s/^HTTPS?_//; + $headers->header( $field => $ENV{$header} ); + } } -=item $c->prepare_connection +=head2 $self->prepare_path($c) =cut -sub prepare_connection { - my $c = shift; - $c->req->hostname( $c->cgi->remote_host ); - $c->req->address( $c->cgi->remote_addr ); -} +# Please don't touch this method without adding tests in +# t/aggregate/unit_core_engine_cgi-prepare_path.t +sub prepare_path { + my ( $self, $c ) = @_; + local (*ENV) = $self->env || \%ENV; + + my $scheme = $c->request->secure ? 'https' : 'http'; + my $host = $ENV{HTTP_HOST} || $ENV{SERVER_NAME}; + my $port = $ENV{SERVER_PORT} || 80; + my $script_name = $ENV{SCRIPT_NAME}; + $script_name =~ s/([^$URI::uric])/$URI::Escape::escapes{$1}/go if $script_name; + + my $base_path; + if ( exists $ENV{REDIRECT_URL} ) { + $base_path = $ENV{REDIRECT_URL}; + $base_path =~ s/\Q$ENV{PATH_INFO}\E$//; + } + else { + $base_path = $script_name || '/'; + } -=item $c->prepare_cookies + # If we are running as a backend proxy, get the true hostname + PROXY_CHECK: + { + unless ( ref($c)->config->{using_frontend_proxy} ) { + last PROXY_CHECK if $host !~ /localhost|127.0.0.1/; + last PROXY_CHECK if ref($c)->config->{ignore_frontend_proxy}; + } + last PROXY_CHECK unless $ENV{HTTP_X_FORWARDED_HOST}; + + $host = $ENV{HTTP_X_FORWARDED_HOST}; + + # backend could be on any port, so + # assume frontend is on the default port + $port = $c->request->secure ? 443 : 80; + if ( $ENV{HTTP_X_FORWARDED_PORT} ) { + $port = $ENV{HTTP_X_FORWARDED_PORT}; + } + } -Sets up cookies. + # RFC 3875: "Unlike a URI path, the PATH_INFO is not URL-encoded, + # and cannot contain path-segment parameters." This means PATH_INFO + # is always decoded, and the script can't distinguish / vs %2F. + # See https://issues.apache.org/bugzilla/show_bug.cgi?id=35256 + # Here we try to resurrect the original encoded URI from REQUEST_URI. + my $path_info = $ENV{PATH_INFO}; +# if (my $req_uri = $ENV{REQUEST_URI}) { +# $req_uri =~ s/^\Q$base_path\E//; +# $req_uri =~ s/\?.*$//; +# if ($req_uri && $req_uri ne '/') { + # This means that REQUEST_URI needs information from PATH_INFO + # prepending to it to be useful, otherwise the sub path which is + # being redirected to becomes the app base address which is + # incorrect. +# my ($match) = $req_uri =~ m{^(/?[^/]+)}; +# my ($path_info_part) = $path_info =~ m|^(.*?\Q$match\E)|; +# substr($req_uri, 0, length($match), $path_info_part) +# if $path_info_part; +# $path_info = $req_uri; +# } +# } + $path_info =~ s/%2F/%252F/g; + # set the request URI + warn("Base path $base_path, path_info $path_info"); + my $path = $base_path . ( $path_info || '' ); + $path =~ s{^/+}{}; + $base_path .= '/' unless $base_path =~ m{/$}; + + # Using URI directly is way too slow, so we construct the URLs manually + my $uri_class = "URI::$scheme"; + + # HTTP_HOST will include the port even if it's 80/443 + $host =~ s/:(?:80|443)$//; + + if ( $port !~ /^(?:80|443)$/ && $host !~ /:/ ) { + $host .= ":$port"; + } -=cut + # Escape the path + $path =~ s/([^$URI::uric])/$URI::Escape::escapes{$1}/go; + $path =~ s/\?/%3F/g; # STUPID STUPID SPECIAL CASE -sub prepare_cookies { shift->req->cookies( { CGI::Cookie->fetch } ) } + my $query = $ENV{QUERY_STRING} ? '?' . $ENV{QUERY_STRING} : ''; + my $uri = $scheme . '://' . $host . '/' . $path . $query; -=item $c->prepare_headers + $c->request->uri( bless(\$uri, $uri_class)->canonical ); -=cut + # set the base URI + # base must end in a slash + $base_path .= '/' unless $base_path =~ m{/$}; -sub prepare_headers { - my $c = shift; - $c->req->method( $c->cgi->request_method ); - for my $header ( $c->cgi->http ) { - ( my $field = $header ) =~ s/^HTTPS?_//; - $c->req->headers->header( $field => $c->cgi->http($header) ); - } - $c->req->headers->header( 'Content-Type' => $c->cgi->content_type ); - $c->req->headers->header( 'Content-Length' => $c->cgi->content_length ); + my $base_uri = $scheme . '://' . $host . $base_path; + + $c->request->base( bless \$base_uri, $uri_class ); } -=item $c->prepare_parameters +=head2 $self->prepare_query_parameters($c) =cut -sub prepare_parameters { - my $c = shift; - my %vars = $c->cgi->Vars; - while ( my ( $key, $value ) = each %vars ) { - my @values = split "\0", $value; - $vars{$key} = @values <= 1 ? $values[0] : \@values; +around prepare_query_parameters => sub { + my $orig = shift; + my ( $self, $c ) = @_; + local (*ENV) = $self->env || \%ENV; + + if ( $ENV{QUERY_STRING} ) { + $self->$orig( $c, $ENV{QUERY_STRING} ); } - $c->req->parameters( {%vars} ); -} +}; -=item $c->prepare_path +=head2 $self->prepare_request($c, (env => \%env)) =cut -sub prepare_path { - my $c = shift; +sub prepare_request { + my ( $self, $c, %args ) = @_; - my $base; - { - my $scheme = $ENV{HTTPS} ? 'https' : 'http'; - my $host = $ENV{HTTP_HOST} || $ENV{SERVER_NAME}; - my $port = $ENV{SERVER_PORT} || 80; - my $path = $ENV{SCRIPT_NAME} || '/'; - - $base = URI->new; - $base->scheme($scheme); - $base->host($host); - $base->port($port); - $base->path($path); - - $base = $base->canonical->as_string; + if ( $args{env} ) { + $self->env( $args{env} ); } - - my $path = $ENV{PATH_INFO} || '/'; - $path =~ s/^\///; - - $c->req->base($base); - $c->req->path($path); } -=item $c->prepare_request +=head2 $self->prepare_write($c) + +Enable autoflush on the output handle for CGI-based engines. =cut -sub prepare_request { shift->cgi( CGI::Simple->new ) } +around prepare_write => sub { + *STDOUT->autoflush(1); + return shift->(@_); +}; + +=head2 $self->write($c, $buffer) -=item $c->prepare_uploads +Writes the buffer to the client. =cut -sub prepare_uploads { - my $c = shift; - for my $name ( $c->cgi->upload ) { - next unless defined $name; - $c->req->uploads->{$name} = { - fh => $c->cgi->upload($name), - size => $c->cgi->upload_info( $name, 'size' ), - type => $c->cgi->upload_info( $name, 'mime' ) - }; +around write => sub { + my $orig = shift; + my ( $self, $c, $buffer ) = @_; + + # Prepend the headers if they have not yet been sent + if ( $self->_has_header_buf ) { + $buffer = $self->_clear_header_buf . $buffer; } -} -=item $c->run + return $self->$orig( $c, $buffer ); +}; + +=head2 $self->read_chunk($c, $buffer, $length) =cut -sub run { shift->handler } +sub read_chunk { shift; shift; *STDIN->sysread(@_); } + +=head2 $self->run + +=cut -=back +sub run { shift; shift->handle_request( env => \%ENV ) } =head1 SEE ALSO -L. +L, L -=head1 AUTHOR +=head1 AUTHORS -Sebastian Riedel, C +Catalyst Contributors, see Catalyst.pm =head1 COPYRIGHT -This program is free software, you can redistribute it and/or modify it under +This library is free software. You can redistribute it and/or modify it under the same terms as Perl itself. =cut +no Moose; 1;