Re: 1f7a775 and 4f6b798, if done in one commit, git (on the command line, not github.com) can detect moved lines. That's really useful IMHO.

Questions about exception/error handling during request processing and up to and including calling the app.

I believe there are four types of exceptions:

A. A socket error.

B. An invalid request is submitted which does not meet the specs for a proper request.

C. A request is submitted which fails due to user defined constraints like http_content_length_limit or supported_http_methods.

D. The app raises an exception.

Questions:

1. When is/should low_level_errorcalled? The comment seems to state that it is only called when the app raises an exception. So, that would mean that only ‘D’ from above would trigger a low_level_error call? At present, I think some type ‘C’ errors are also calling low_level_error.

2. Previous discussions have been concerned with ‘finger printing’ that Puma is the web server. If so, should all ‘production’ error responses not include a response body/content?

3. Should users have control over which error types are logged? Or, should all be logged?

4. Similar to above, should users have control over which error types generate a response via the lowlevel_error_handler?

1. woof, I always thought it was cases A/B/C 😆 I sort of always thought of it as puma_error_handler but maybe I'm wrong...
2. I swear that was already an issue in the past... can't find it now. Yes, probably?
3. I think we should allow the low_level_error handler to return false, people can filter stuff out in there if they want.
4. What's the current contract for the return value of low_level_error?

I'm working on a significant update to this, currently cleaning up tests.

When I'm finished, I'll help review PR's.

Today's Puma has grown quite a bit from its origins. Over time, server.rb (and also test_puma_server.rb) have often been the 'catch all' files for new features.

Back in October of 2020 (PR #2419), request.rb was added, which extracted most of the processing of the request and the generation of the response from server.rb. The file was included in Server, but it made it easier to keep track of request/response processing, leaving the code in server.rb to handle starts/restarts/stops, event loop, interact with the ThreadPool, etc.

Client contains the HttpParser, which reads and processes the request line and headers into the env info passed to the app. If the request contains content/body, Client reads it, and decodes it if needed.

Much of the code to modify and validate the env passed to the app was scattered between Client and Request. The code also raised errors when validation failed.

Since the HttpParser is contained in Client, this PR moves all the request related code to Client. Much of it is contained in the client_env.rb file, which is included in Client.

By encapsulating all the request code in Client, it becomes easier to consider changes. Also, since we can pass an IO like object (with a single request) to Client.new, the testing for single requests doesn't require creating a Server instance. See test/test_request_single.rb for examples. This removed about 100 lines of code from test/test_puma_server.rb.

There many tests that create an app to return a response of request env properties, send a single request, and then check the response. These can moved to test/test_request_single.rb. This PR moves some of them, but more remain.

Although not contained in this PR, renaming request.rb to response.rb would clear up its purpose. Best left for a time immediately before a new release.

Not sure whether to open an issue regarding this.

The issue is when should lowlevel_error_handler be called. I believe there are five cases:

1. The request is invalid based on RFC's.
2. The request exceeds hard-coded length/qty limits.
3. The request exceeds user defined length/qty limits (example - request content/body max size).
4. The app raises an error.
5. The return of the app is invalid.

Note that requests that are invalid based on 2 & 3 may be 'valid' requests, the limits may be set because they could be malicious requests.

This PR isn't tagged v7, but the refactoring is extensive...

@nateberkopec

Thanks. I merged 73b9bd0f. All of the code from that is fine.

The following code in client.rb isn't needed. It improperly handles pipelined requests. I removed it, and all tests still pass.

if above_http_content_limit(@parser.body.bytesize)
  @http_content_length_limit_exceeded = true
  @error_status_code = 413
end

See #3887