Merge pull request #42 from johnnyshields/rack3-support

Support Rack 3 and drop Rack 2

Author: sbleon

.github/workflows/test.yml

@@ -0,0 +1,70 @@
+---
+name: Test
+
+'on':
+  - push
+  - pull_request
+
+jobs:
+  # rubocop:
+  #   runs-on: ubuntu-latest
+  #   env:
+  #     CI: true
+  #   steps:
+  #     - uses: actions/checkout@v3
+  #     - name: Set up Ruby 3.4
+  #       uses: ruby/setup-ruby@v1
+  #       with:
+  #         ruby-version: 3.4
+  #         bundler-cache: true
+  #     - name: Run RuboCop
+  #       run: bundle exec rubocop --parallel
+
+  test:
+    name: "${{matrix.ruby}} ${{matrix.os || 'ubuntu-latest'}}"
+    env:
+      CI: true
+    runs-on: ${{matrix.os || 'ubuntu-latest'}}
+    continue-on-error: "${{matrix.experimental || false}}"
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - ruby-2.4
+          - ruby-2.5
+          - ruby-2.6
+          - ruby-2.7
+          - ruby-3.0
+          - ruby-3.1
+          - ruby-3.2
+          - ruby-3.3
+          - ruby-3.4
+          - jruby-9.4
+          - truffleruby
+        os:
+          - ubuntu-latest
+          - macos-latest
+          - windows-latest
+        exclude:
+          - ruby: ruby-2.4
+            os: macos-latest
+          - ruby: ruby-2.5
+            os: macos-latest
+          - ruby: jruby-9.4
+            os: windows-latest
+          - ruby: truffleruby
+            os: windows-latest
+
+    steps:
+      - name: repo checkout
+        uses: actions/checkout@v3
+      - name: load ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "${{matrix.ruby}}"
+      - name: bundle
+        run: bundle install --jobs 4 --retry 3
+      - name: test
+        timeout-minutes: 60
+        continue-on-error: "${{matrix.experimental || false}}"
+        run: bundle exec rake spec

.travis.yml

@@ -1,5 +1,13 @@
 # CHANGELOG
 
+## v2.0.0
+
+* Support Rack 3 and add Rack >= 3.0 as a dependency
+* Dropped support for Ruby < 2.4 to match Rack
+* Replace Travis CI with GitHub Actions
+* Add frozen_string_literal to all files
+* Remove guard gem
+
 ## v1.0.0
 
 * Dropped support for Ruby < 2.3
@@ -36,4 +44,4 @@
 
 ## v0.1.0
 
-Broken.
+* Broken.

CHANGELOG.md

@@ -1,4 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
-# Specify your gem's dependencies in utf8-cleaner.gemspec
 gemspec

Gemfile

@@ -1,26 +1,22 @@
 # UTF8Cleaner
 
-Removes invalid UTF-8 characters from the environment so that your app doesn't choke
-on them. This prevents errors like "invalid byte sequence in UTF-8".
+Rack middleware to remove invalid UTF-8 characters from the environment so that your
+app doesn't choke them. Prevents errors like "invalid byte sequence in UTF-8".
 
 ## Installation
 
-Add this line to your application's Gemfile:
+Add this line to your application's `Gemfile`:
 
-    gem 'utf8-cleaner'
+```ruby
+gem 'utf8-cleaner'
+```
 
-And then execute:
+If you're not running Rails, you'll have to add the middleware to your `config.ru`:
 
-    $ bundle
-
-Or install it yourself as:
-
-    $ gem install utf8-cleaner
-
-If you're not running Rails, you'll have to add the middleware to your config.ru:
-
-    require 'utf8-cleaner'
-    use UTF8Cleaner::Middleware
+```ruby
+require 'utf8-cleaner'
+use UTF8Cleaner::Middleware
+```
 
 ## Usage
 
@@ -36,10 +32,10 @@ There's nothing to "use". It just works!
 
 ## Credits
 
-Original middleware author: @phoet - https://gist.github.com/phoet/1336754
-
+* Original middleware author: @phoet - https://gist.github.com/phoet/1336754
 * Ruby 1.9.3 compatibility: @pithyless - https://gist.github.com/pithyless/3639014
 * Code review and cleanup: @nextmat
 * POST body sanitization: @salrepe
 * Bug fixes: @cosine
 * Rails 5 deprecation fix: @benlovell
+* Rack 3 support: @johnnyshields

Guardfile

@@ -1,5 +1,8 @@
-require "bundler/gem_tasks"
+# frozen_string_literal: true
 
-task :default do
-  sh "rspec spec"
-end
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

README.md

@@ -1,4 +1,6 @@
-require "utf8-cleaner/version"
-require "utf8-cleaner/middleware"
-require "utf8-cleaner/uri_string"
-require "utf8-cleaner/railtie" if defined? Rails
+# frozen_string_literal: true
+
+require 'utf8-cleaner/version'
+require 'utf8-cleaner/middleware'
+require 'utf8-cleaner/uri_string'
+require 'utf8-cleaner/railtie' if defined?(Rails)

Rakefile

@@ -1,66 +1,81 @@
+# frozen_string_literal: true
+
 require 'active_support/multibyte/unicode'
 
 module UTF8Cleaner
   class Middleware
-
-    SANITIZE_ENV_KEYS = [
-     "HTTP_REFERER",
-     "HTTP_USER_AGENT",
-     "PATH_INFO",
-     "QUERY_STRING",
-     "REQUEST_PATH",
-     "REQUEST_URI",
-     "HTTP_COOKIE"
-    ]
+    SANITIZE_ENV_KEYS = %w[
+      HTTP_REFERER
+      HTTP_USER_AGENT
+      PATH_INFO
+      QUERY_STRING
+      REQUEST_PATH
+      REQUEST_URI
+      HTTP_COOKIE
+    ].freeze
 
     def initialize(app)
-     @app = app
+      @app = app
     end
 
     def call(env)
-     @app.call(sanitize_env(env))
+      @app.call(sanitize_env(env))
     end
 
     private
 
     include ActiveSupport::Multibyte::Unicode
 
     def sanitize_env(env)
+      env = env.dup # Do not mutate the original
       sanitize_env_keys(env)
       sanitize_env_rack_input(env)
       env
     end
 
     def sanitize_env_keys(env)
       SANITIZE_ENV_KEYS.each do |key|
-        next unless value = env[key]
+        next unless (value = env[key])
         env[key] = cleaned_string(value)
       end
     end
 
     def sanitize_env_rack_input(env)
+      return unless env['rack.input']
+
       case env['CONTENT_TYPE']
-      when 'application/x-www-form-urlencoded'
+      when %r{\Aapplication/x-www-form-urlencoded}i
         # This data gets the full cleaning treatment
-        cleaned_value = cleaned_string(env['rack.input'].read)
-        env['rack.input'] = StringIO.new(cleaned_value) if cleaned_value
-        env['rack.input'].rewind
-      when 'application/json'
+        input_data = read_input(env['rack.input'])
+        return unless input_data
+
+        cleaned_value = cleaned_string(input_data)
+        env['rack.input'] = StringIO.new(cleaned_value)
+      when %r{\Aapplication/json}i
         # This data only gets cleaning of invalid UTF-8 (e.g. from another charset)
         # but we do not URI-decode it.
-        rack_input = env['rack.input'].read
-        if rack_input && !rack_input.ascii_only?
-          env['rack.input'] = StringIO.new(tidy_bytes(rack_input))
-        end
-        env['rack.input'].rewind
-      when 'multipart/form-data'
-        # Don't process the data since it may contain binary content
+        input_data = read_input(env['rack.input'])
+        return unless input_data && !input_data.ascii_only?
+
+        env['rack.input'] = StringIO.new(tidy_bytes(input_data))
       else
-        # Unknown content type. Leave it alone
+        # Do not process multipart/form-data since it may contain binary content.
+        # Leave all other unknown content types alone.
       end
     end
 
+    def read_input(input)
+      return nil unless input
+
+      data = input.read
+      input.rewind if input.respond_to?(:rewind)
+      data
+    end
+
     def cleaned_string(value)
+      return value if value.nil? || value.empty?
+
+      value = value.to_s
       value = tidy_bytes(value) unless value.ascii_only?
       value = URIString.new(value).cleaned if value.include?('%')
       value

lib/utf8-cleaner.rb

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
+
 module UTF8Cleaner
   class Railtie < Rails::Railtie
-    initializer "utf8-cleaner.insert_middleware" do |app|
-      app.config.middleware.insert_before 0, UTF8Cleaner::Middleware
+    initializer('utf8-cleaner.insert_middleware') do |app|
+      app.config.middleware.insert_before(0, UTF8Cleaner::Middleware)
     end
   end
 end