Prevent sending multiple or mixed responses on a single request (#2327)

Co-authored-by: Adam Hopkins <adam@amhopkins.com>
Co-authored-by: Adam Hopkins <admhpkns@gmail.com>

sanic/app.py

@@ -42,7 +42,7 @@ from typing import (
     Union,
 )
 from urllib.parse import urlencode, urlunparse
-from warnings import filterwarnings
+from warnings import filterwarnings, warn
 
 from sanic_routing.exceptions import (  # type: ignore
     FinalizationError,
@@ -67,6 +67,7 @@ from sanic.exceptions import (
     URLBuildError,
 )
 from sanic.handlers import ErrorHandler
+from sanic.http import Stage
 from sanic.log import LOGGING_CONFIG_DEFAULTS, Colors, error_logger, logger
 from sanic.mixins.listeners import ListenerEvent
 from sanic.models.futures import (
@@ -736,6 +737,50 @@ class Sanic(BaseSanic, metaclass=TouchUpMeta):
             context={"request": request, "exception": exception},
         )
 
+        if (
+            request.stream is not None
+            and request.stream.stage is not Stage.HANDLER
+        ):
+            error_logger.exception(exception, exc_info=True)
+            logger.error(
+                "The error response will not be sent to the client for "
+                f'the following exception:"{exception}". A previous response '
+                "has at least partially been sent."
+            )
+
+            # ----------------- deprecated -----------------
+            handler = self.error_handler._lookup(
+                exception, request.name if request else None
+            )
+            if handler:
+                warn(
+                    "An error occurred while handling the request after at "
+                    "least some part of the response was sent to the client. "
+                    "Therefore, the response from your custom exception "
+                    f"handler {handler.__name__} will not be sent to the "
+                    "client. Beginning in v22.6, Sanic will stop executing "
+                    "custom exception handlers in this scenario. Exception "
+                    "handlers should only be used to generate the exception "
+                    "responses. If you would like to perform any other "
+                    "action on a raised exception, please consider using a "
+                    "signal handler like "
+                    '`@app.signal("http.lifecycle.exception")`\n'
+                    "For further information, please see the docs: "
+                    "https://sanicframework.org/en/guide/advanced/"
+                    "signals.html",
+                    DeprecationWarning,
+                )
+                try:
+                    response = self.error_handler.response(request, exception)
+                    if isawaitable(response):
+                        response = await response
+                except BaseException as e:
+                    logger.error("An error occurred in the exception handler.")
+                    error_logger.exception(e)
+            # ----------------------------------------------
+
+            return
+
         # -------------------------------------------- #
         # Request Middleware
         # -------------------------------------------- #
@@ -765,6 +810,7 @@ class Sanic(BaseSanic, metaclass=TouchUpMeta):
                     )
         if response is not None:
             try:
+                request.reset_response()
                 response = await request.respond(response)
             except BaseException:
                 # Skip response middleware
@@ -874,7 +920,16 @@ class Sanic(BaseSanic, metaclass=TouchUpMeta):
                 if isawaitable(response):
                     response = await response
 
-            if response is not None:
+            if request.responded:
+                if response is not None:
+                    error_logger.error(
+                        "The response object returned by the route handler "
+                        "will not be sent to client. The request has already "
+                        "been responded to."
+                    )
+                if request.stream is not None:
+                    response = request.stream.response
+            elif response is not None:
                 response = await request.respond(response)
             elif not hasattr(handler, "is_websocket"):
                 response = request.stream.response  # type: ignore

sanic/asgi.py

@@ -7,8 +7,10 @@ import sanic.app  # noqa
 
 from sanic.compat import Header
 from sanic.exceptions import ServerError
+from sanic.http import Stage
 from sanic.models.asgi import ASGIReceive, ASGIScope, ASGISend, MockTransport
 from sanic.request import Request
+from sanic.response import BaseHTTPResponse
 from sanic.server import ConnInfo
 from sanic.server.websockets.connection import WebSocketConnection
 
@@ -83,6 +85,8 @@ class ASGIApp:
     transport: MockTransport
     lifespan: Lifespan
     ws: Optional[WebSocketConnection]
+    stage: Stage
+    response: Optional[BaseHTTPResponse]
 
     def __init__(self) -> None:
         self.ws = None
@@ -95,6 +99,8 @@ class ASGIApp:
         instance.sanic_app = sanic_app
         instance.transport = MockTransport(scope, receive, send)
         instance.transport.loop = sanic_app.loop
+        instance.stage = Stage.IDLE
+        instance.response = None
         setattr(instance.transport, "add_task", sanic_app.loop.create_task)
 
         headers = Header(
@@ -149,6 +155,8 @@ class ASGIApp:
         """
         Read and stream the body in chunks from an incoming ASGI message.
         """
+        if self.stage is Stage.IDLE:
+            self.stage = Stage.REQUEST
         message = await self.transport.receive()
         body = message.get("body", b"")
         if not message.get("more_body", False):
@@ -163,11 +171,17 @@ class ASGIApp:
             if data:
                 yield data
 
-    def respond(self, response):
+    def respond(self, response: BaseHTTPResponse):
+        if self.stage is not Stage.HANDLER:
+            self.stage = Stage.FAILED
+            raise RuntimeError("Response already started")
+        if self.response is not None:
+            self.response.stream = None
         response.stream, self.response = self, response
         return response
 
     async def send(self, data, end_stream):
+        self.stage = Stage.IDLE if end_stream else Stage.RESPONSE
         if self.response:
             response, self.response = self.response, None
             await self.transport.send(
@@ -195,6 +209,7 @@ class ASGIApp:
         Handle the incoming request.
         """
         try:
+            self.stage = Stage.HANDLER
             await self.sanic_app.handle_request(self.request)
         except Exception as e:
             await self.sanic_app.handle_exception(self.request, e)

sanic/http.py

@@ -584,6 +584,11 @@ class Http(metaclass=TouchUpMeta):
             self.stage = Stage.FAILED
             raise RuntimeError("Response already started")
 
+        # Disconnect any earlier but unused response object
+        if self.response is not None:
+            self.response.stream = None
+
+        # Connect and return the response
         self.response, response.stream = response, self
         return response
 

sanic/request.py

@@ -18,7 +18,6 @@ from sanic_routing.route import Route  # type: ignore
 if TYPE_CHECKING:
     from sanic.server import ConnInfo
     from sanic.app import Sanic
-    from sanic.http import Http
 
 import email.utils
 import uuid
@@ -32,7 +31,7 @@ from httptools import parse_url  # type: ignore
 
 from sanic.compat import CancelledErrors, Header
 from sanic.constants import DEFAULT_HTTP_CONTENT_TYPE
-from sanic.exceptions import InvalidUsage
+from sanic.exceptions import InvalidUsage, ServerError
 from sanic.headers import (
     AcceptContainer,
     Options,
@@ -42,6 +41,7 @@ from sanic.headers import (
     parse_host,
     parse_xforwarded,
 )
+from sanic.http import Http, Stage
 from sanic.log import error_logger, logger
 from sanic.models.protocol_types import TransportProtocol
 from sanic.response import BaseHTTPResponse, HTTPResponse
@@ -104,6 +104,7 @@ class Request:
         "parsed_json",
         "parsed_forwarded",
         "raw_url",
+        "responded",
         "request_middleware_started",
         "route",
         "stream",
@@ -155,6 +156,7 @@ class Request:
         self.stream: Optional[Http] = None
         self.route: Optional[Route] = None
         self._protocol = None
+        self.responded: bool = False
 
     def __repr__(self):
         class_name = self.__class__.__name__
@@ -164,6 +166,21 @@ class Request:
     def generate_id(*_):
         return uuid.uuid4()
 
+    def reset_response(self):
+        try:
+            if (
+                self.stream is not None
+                and self.stream.stage is not Stage.HANDLER
+            ):
+                raise ServerError(
+                    "Cannot reset response because previous response was sent."
+                )
+            self.stream.response.stream = None
+            self.stream.response = None
+            self.responded = False
+        except AttributeError:
+            pass
+
     async def respond(
         self,
         response: Optional[BaseHTTPResponse] = None,
@@ -172,13 +189,19 @@ class Request:
         headers: Optional[Union[Header, Dict[str, str]]] = None,
         content_type: Optional[str] = None,
     ):
+        try:
+            if self.stream is not None and self.stream.response:
+                raise ServerError("Second respond call is not allowed.")
+        except AttributeError:
+            pass
         # This logic of determining which response to use is subject to change
         if response is None:
-            response = (self.stream and self.stream.response) or HTTPResponse(
+            response = HTTPResponse(
                 status=status,
                 headers=headers,
                 content_type=content_type,
             )
+
         # Connect the response
         if isinstance(response, BaseHTTPResponse) and self.stream:
             response = self.stream.respond(response)
@@ -193,6 +216,7 @@ class Request:
             error_logger.exception(
                 "Exception occurred in one of response middleware handlers"
             )
+        self.responded = True
         return response
 
     async def receive_body(self):

sanic/response.py

@@ -3,6 +3,7 @@ from mimetypes import guess_type
 from os import path
 from pathlib import PurePath
 from typing import (
+    TYPE_CHECKING,
     Any,
     AnyStr,
     Callable,
@@ -19,11 +20,15 @@ from warnings import warn
 from sanic.compat import Header, open_async
 from sanic.constants import DEFAULT_HTTP_CONTENT_TYPE
 from sanic.cookies import CookieJar
+from sanic.exceptions import SanicException, ServerError
 from sanic.helpers import has_message_body, remove_entity_headers
 from sanic.http import Http
 from sanic.models.protocol_types import HTMLProtocol, Range
 
 
+if TYPE_CHECKING:
+    from sanic.asgi import ASGIApp
+
 try:
     from ujson import dumps as json_dumps
 except ImportError:
@@ -45,7 +50,7 @@ class BaseHTTPResponse:
         self.asgi: bool = False
         self.body: Optional[bytes] = None
         self.content_type: Optional[str] = None
-        self.stream: Http = None
+        self.stream: Optional[Union[Http, ASGIApp]] = None
         self.status: int = None
         self.headers = Header({})
         self._cookies: Optional[CookieJar] = None
@@ -112,8 +117,17 @@ class BaseHTTPResponse:
         """
         if data is None and end_stream is None:
             end_stream = True
-        if end_stream and not data and self.stream.send is None:
-            return
+        if self.stream is None:
+            raise SanicException(
+                "No stream is connected to the response object instance."
+            )
+        if self.stream.send is None:
+            if end_stream and not data:
+                return
+            raise ServerError(
+                "Response stream was ended, no more response data is "
+                "allowed to be sent."
+            )
         data = (
             data.encode()  # type: ignore
             if hasattr(data, "encode")