actionpack 4.2.11.1 → 5.2.6
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +328 -458
- data/MIT-LICENSE +1 -1
- data/README.rdoc +6 -7
- data/lib/abstract_controller/asset_paths.rb +2 -0
- data/lib/abstract_controller/base.rb +45 -49
- data/lib/{action_controller → abstract_controller}/caching/fragments.rb +78 -15
- data/lib/abstract_controller/caching.rb +66 -0
- data/lib/abstract_controller/callbacks.rb +47 -31
- data/lib/abstract_controller/collector.rb +8 -11
- data/lib/abstract_controller/error.rb +6 -0
- data/lib/abstract_controller/helpers.rb +25 -25
- data/lib/abstract_controller/logger.rb +2 -0
- data/lib/abstract_controller/railties/routes_helpers.rb +4 -2
- data/lib/abstract_controller/rendering.rb +42 -41
- data/lib/abstract_controller/translation.rb +10 -7
- data/lib/abstract_controller/url_for.rb +2 -0
- data/lib/abstract_controller.rb +12 -5
- data/lib/action_controller/api/api_rendering.rb +16 -0
- data/lib/action_controller/api.rb +149 -0
- data/lib/action_controller/base.rb +27 -19
- data/lib/action_controller/caching.rb +14 -57
- data/lib/action_controller/form_builder.rb +50 -0
- data/lib/action_controller/log_subscriber.rb +10 -15
- data/lib/action_controller/metal/basic_implicit_render.rb +13 -0
- data/lib/action_controller/metal/conditional_get.rb +118 -44
- data/lib/action_controller/metal/content_security_policy.rb +52 -0
- data/lib/action_controller/metal/cookies.rb +3 -3
- data/lib/action_controller/metal/data_streaming.rb +27 -46
- data/lib/action_controller/metal/etag_with_flash.rb +18 -0
- data/lib/action_controller/metal/etag_with_template_digest.rb +20 -13
- data/lib/action_controller/metal/exceptions.rb +8 -14
- data/lib/action_controller/metal/flash.rb +4 -3
- data/lib/action_controller/metal/force_ssl.rb +23 -21
- data/lib/action_controller/metal/head.rb +21 -19
- data/lib/action_controller/metal/helpers.rb +24 -14
- data/lib/action_controller/metal/http_authentication.rb +65 -58
- data/lib/action_controller/metal/implicit_render.rb +62 -8
- data/lib/action_controller/metal/instrumentation.rb +19 -21
- data/lib/action_controller/metal/live.rb +90 -106
- data/lib/action_controller/metal/mime_responds.rb +33 -46
- data/lib/action_controller/metal/parameter_encoding.rb +51 -0
- data/lib/action_controller/metal/params_wrapper.rb +61 -53
- data/lib/action_controller/metal/redirecting.rb +49 -28
- data/lib/action_controller/metal/renderers.rb +87 -44
- data/lib/action_controller/metal/rendering.rb +72 -50
- data/lib/action_controller/metal/request_forgery_protection.rb +284 -97
- data/lib/action_controller/metal/rescue.rb +9 -16
- data/lib/action_controller/metal/streaming.rb +12 -10
- data/lib/action_controller/metal/strong_parameters.rb +583 -164
- data/lib/action_controller/metal/testing.rb +2 -17
- data/lib/action_controller/metal/url_for.rb +19 -10
- data/lib/action_controller/metal.rb +98 -83
- data/lib/action_controller/railtie.rb +28 -10
- data/lib/action_controller/railties/helpers.rb +2 -0
- data/lib/action_controller/renderer.rb +117 -0
- data/lib/action_controller/template_assertions.rb +11 -0
- data/lib/action_controller/test_case.rb +282 -413
- data/lib/action_controller.rb +29 -21
- data/lib/action_dispatch/http/cache.rb +93 -47
- data/lib/action_dispatch/http/content_security_policy.rb +272 -0
- data/lib/action_dispatch/http/filter_parameters.rb +26 -20
- data/lib/action_dispatch/http/filter_redirect.rb +10 -11
- data/lib/action_dispatch/http/headers.rb +55 -22
- data/lib/action_dispatch/http/mime_negotiation.rb +56 -41
- data/lib/action_dispatch/http/mime_type.rb +134 -121
- data/lib/action_dispatch/http/mime_types.rb +20 -6
- data/lib/action_dispatch/http/parameter_filter.rb +25 -11
- data/lib/action_dispatch/http/parameters.rb +98 -39
- data/lib/action_dispatch/http/rack_cache.rb +2 -0
- data/lib/action_dispatch/http/request.rb +200 -118
- data/lib/action_dispatch/http/response.rb +225 -110
- data/lib/action_dispatch/http/upload.rb +12 -6
- data/lib/action_dispatch/http/url.rb +110 -28
- data/lib/action_dispatch/journey/formatter.rb +55 -32
- data/lib/action_dispatch/journey/gtg/builder.rb +7 -5
- data/lib/action_dispatch/journey/gtg/simulator.rb +3 -9
- data/lib/action_dispatch/journey/gtg/transition_table.rb +17 -16
- data/lib/action_dispatch/journey/nfa/builder.rb +5 -3
- data/lib/action_dispatch/journey/nfa/dot.rb +13 -13
- data/lib/action_dispatch/journey/nfa/simulator.rb +3 -1
- data/lib/action_dispatch/journey/nfa/transition_table.rb +5 -48
- data/lib/action_dispatch/journey/nodes/node.rb +18 -6
- data/lib/action_dispatch/journey/parser.rb +23 -22
- data/lib/action_dispatch/journey/parser.y +3 -2
- data/lib/action_dispatch/journey/parser_extras.rb +12 -4
- data/lib/action_dispatch/journey/path/pattern.rb +50 -44
- data/lib/action_dispatch/journey/route.rb +106 -28
- data/lib/action_dispatch/journey/router/utils.rb +20 -11
- data/lib/action_dispatch/journey/router.rb +35 -23
- data/lib/action_dispatch/journey/routes.rb +18 -16
- data/lib/action_dispatch/journey/scanner.rb +18 -15
- data/lib/action_dispatch/journey/visitors.rb +99 -52
- data/lib/action_dispatch/journey.rb +7 -5
- data/lib/action_dispatch/middleware/callbacks.rb +1 -2
- data/lib/action_dispatch/middleware/cookies.rb +304 -193
- data/lib/action_dispatch/middleware/debug_exceptions.rb +152 -57
- data/lib/action_dispatch/middleware/debug_locks.rb +124 -0
- data/lib/action_dispatch/middleware/exception_wrapper.rb +68 -69
- data/lib/action_dispatch/middleware/executor.rb +21 -0
- data/lib/action_dispatch/middleware/flash.rb +78 -54
- data/lib/action_dispatch/middleware/public_exceptions.rb +27 -25
- data/lib/action_dispatch/middleware/reloader.rb +5 -91
- data/lib/action_dispatch/middleware/remote_ip.rb +41 -31
- data/lib/action_dispatch/middleware/request_id.rb +17 -9
- data/lib/action_dispatch/middleware/session/abstract_store.rb +41 -25
- data/lib/action_dispatch/middleware/session/cache_store.rb +24 -14
- data/lib/action_dispatch/middleware/session/cookie_store.rb +72 -67
- data/lib/action_dispatch/middleware/session/mem_cache_store.rb +8 -2
- data/lib/action_dispatch/middleware/show_exceptions.rb +26 -22
- data/lib/action_dispatch/middleware/ssl.rb +114 -36
- data/lib/action_dispatch/middleware/stack.rb +31 -44
- data/lib/action_dispatch/middleware/static.rb +57 -50
- data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +2 -14
- data/lib/action_dispatch/middleware/templates/rescues/{_source.erb → _source.html.erb} +0 -0
- data/lib/action_dispatch/middleware/templates/rescues/_source.text.erb +8 -0
- data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +21 -0
- data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +13 -0
- data/lib/action_dispatch/middleware/templates/rescues/layout.erb +1 -0
- data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +1 -1
- data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +1 -1
- data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +4 -4
- data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +64 -64
- data/lib/action_dispatch/railtie.rb +19 -11
- data/lib/action_dispatch/request/session.rb +106 -59
- data/lib/action_dispatch/request/utils.rb +67 -24
- data/lib/action_dispatch/routing/endpoint.rb +9 -2
- data/lib/action_dispatch/routing/inspector.rb +58 -67
- data/lib/action_dispatch/routing/mapper.rb +733 -447
- data/lib/action_dispatch/routing/polymorphic_routes.rb +166 -140
- data/lib/action_dispatch/routing/redirection.rb +36 -26
- data/lib/action_dispatch/routing/route_set.rb +321 -291
- data/lib/action_dispatch/routing/routes_proxy.rb +32 -5
- data/lib/action_dispatch/routing/url_for.rb +65 -25
- data/lib/action_dispatch/routing.rb +17 -18
- data/lib/action_dispatch/system_test_case.rb +147 -0
- data/lib/action_dispatch/system_testing/browser.rb +49 -0
- data/lib/action_dispatch/system_testing/driver.rb +59 -0
- data/lib/action_dispatch/system_testing/server.rb +31 -0
- data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +96 -0
- data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +31 -0
- data/lib/action_dispatch/system_testing/test_helpers/undef_methods.rb +26 -0
- data/lib/action_dispatch/testing/assertion_response.rb +47 -0
- data/lib/action_dispatch/testing/assertions/response.rb +45 -20
- data/lib/action_dispatch/testing/assertions/routing.rb +30 -26
- data/lib/action_dispatch/testing/assertions.rb +6 -4
- data/lib/action_dispatch/testing/integration.rb +348 -209
- data/lib/action_dispatch/testing/request_encoder.rb +55 -0
- data/lib/action_dispatch/testing/test_process.rb +28 -22
- data/lib/action_dispatch/testing/test_request.rb +27 -34
- data/lib/action_dispatch/testing/test_response.rb +35 -7
- data/lib/action_dispatch.rb +27 -19
- data/lib/action_pack/gem_version.rb +5 -3
- data/lib/action_pack/version.rb +3 -1
- data/lib/action_pack.rb +4 -2
- metadata +56 -38
- data/lib/action_controller/metal/hide_actions.rb +0 -40
- data/lib/action_controller/metal/rack_delegation.rb +0 -32
- data/lib/action_controller/middleware.rb +0 -39
- data/lib/action_controller/model_naming.rb +0 -12
- data/lib/action_dispatch/journey/backwards.rb +0 -5
- data/lib/action_dispatch/journey/router/strexp.rb +0 -27
- data/lib/action_dispatch/middleware/params_parser.rb +0 -60
- data/lib/action_dispatch/testing/assertions/dom.rb +0 -3
- data/lib/action_dispatch/testing/assertions/selector.rb +0 -3
- data/lib/action_dispatch/testing/assertions/tag.rb +0 -3
@@ -1,15 +1,14 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "active_support/dependencies"
|
2
4
|
|
3
5
|
module AbstractController
|
4
6
|
module Helpers
|
5
7
|
extend ActiveSupport::Concern
|
6
8
|
|
7
9
|
included do
|
8
|
-
class_attribute :_helpers
|
9
|
-
|
10
|
-
|
11
|
-
class_attribute :_helper_methods
|
12
|
-
self._helper_methods = Array.new
|
10
|
+
class_attribute :_helpers, default: Module.new
|
11
|
+
class_attribute :_helper_methods, default: Array.new
|
13
12
|
end
|
14
13
|
|
15
14
|
class MissingHelperError < LoadError
|
@@ -38,7 +37,8 @@ module AbstractController
|
|
38
37
|
end
|
39
38
|
|
40
39
|
# Declare a controller method as a helper. For example, the following
|
41
|
-
# makes the +current_user+ controller
|
40
|
+
# makes the +current_user+ and +logged_in?+ controller methods available
|
41
|
+
# to the view:
|
42
42
|
# class ApplicationController < ActionController::Base
|
43
43
|
# helper_method :current_user, :logged_in?
|
44
44
|
#
|
@@ -170,25 +170,25 @@ module AbstractController
|
|
170
170
|
end
|
171
171
|
|
172
172
|
private
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
173
|
+
# Makes all the (instance) methods in the helper module available to templates
|
174
|
+
# rendered through this controller.
|
175
|
+
#
|
176
|
+
# ==== Parameters
|
177
|
+
# * <tt>module</tt> - The module to include into the current helper module
|
178
|
+
# for the class
|
179
|
+
def add_template_helper(mod)
|
180
|
+
_helpers.module_eval { include mod }
|
181
|
+
end
|
182
182
|
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
183
|
+
def default_helper_module!
|
184
|
+
module_name = name.sub(/Controller$/, "".freeze)
|
185
|
+
module_path = module_name.underscore
|
186
|
+
helper module_path
|
187
|
+
rescue LoadError => e
|
188
|
+
raise e unless e.is_missing? "helpers/#{module_path}_helper"
|
189
|
+
rescue NameError => e
|
190
|
+
raise e unless e.missing_name? "#{module_name}Helper"
|
191
|
+
end
|
192
192
|
end
|
193
193
|
end
|
194
194
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module AbstractController
|
2
4
|
module Railties
|
3
5
|
module RoutesHelpers
|
@@ -6,9 +8,9 @@ module AbstractController
|
|
6
8
|
define_method(:inherited) do |klass|
|
7
9
|
super(klass)
|
8
10
|
if namespace = klass.parents.detect { |m| m.respond_to?(:railtie_routes_url_helpers) }
|
9
|
-
klass.
|
11
|
+
klass.include(namespace.railtie_routes_url_helpers(include_path_helpers))
|
10
12
|
else
|
11
|
-
klass.
|
13
|
+
klass.include(routes.url_helpers(include_path_helpers))
|
12
14
|
end
|
13
15
|
end
|
14
16
|
end
|
@@ -1,8 +1,9 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require
|
4
|
-
require
|
5
|
-
require
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "abstract_controller/error"
|
4
|
+
require "action_view"
|
5
|
+
require "action_view/view_paths"
|
6
|
+
require "set"
|
6
7
|
|
7
8
|
module AbstractController
|
8
9
|
class DoubleRenderError < Error
|
@@ -17,52 +18,49 @@ module AbstractController
|
|
17
18
|
extend ActiveSupport::Concern
|
18
19
|
include ActionView::ViewPaths
|
19
20
|
|
20
|
-
#
|
21
|
-
# sticks the result in self.response_body
|
22
|
-
# :api: public
|
21
|
+
# Normalizes arguments, options and then delegates render_to_body and
|
22
|
+
# sticks the result in <tt>self.response_body</tt>.
|
23
23
|
def render(*args, &block)
|
24
24
|
options = _normalize_render(*args, &block)
|
25
|
-
|
26
|
-
|
27
|
-
|
25
|
+
rendered_body = render_to_body(options)
|
26
|
+
if options[:html]
|
27
|
+
_set_html_content_type
|
28
|
+
else
|
29
|
+
_set_rendered_content_type rendered_format
|
30
|
+
end
|
31
|
+
self.response_body = rendered_body
|
28
32
|
end
|
29
33
|
|
30
34
|
# Raw rendering of a template to a string.
|
31
35
|
#
|
32
36
|
# It is similar to render, except that it does not
|
33
|
-
# set the response_body and it should be guaranteed
|
37
|
+
# set the +response_body+ and it should be guaranteed
|
34
38
|
# to always return a string.
|
35
39
|
#
|
36
|
-
# If a component extends the semantics of response_body
|
37
|
-
# (as
|
40
|
+
# If a component extends the semantics of +response_body+
|
41
|
+
# (as ActionController extends it to be anything that
|
38
42
|
# responds to the method each), this method needs to be
|
39
43
|
# overridden in order to still return a string.
|
40
|
-
# :api: plugin
|
41
44
|
def render_to_string(*args, &block)
|
42
45
|
options = _normalize_render(*args, &block)
|
43
46
|
render_to_body(options)
|
44
47
|
end
|
45
48
|
|
46
49
|
# Performs the actual template rendering.
|
47
|
-
# :api: public
|
48
50
|
def render_to_body(options = {})
|
49
51
|
end
|
50
52
|
|
51
|
-
# Returns Content-Type of rendered content
|
52
|
-
# :api: public
|
53
|
+
# Returns Content-Type of rendered content.
|
53
54
|
def rendered_format
|
54
|
-
Mime
|
55
|
+
Mime[:text]
|
55
56
|
end
|
56
57
|
|
57
|
-
DEFAULT_PROTECTED_INSTANCE_VARIABLES = Set.new %
|
58
|
-
@_action_name @_response_body @_formats @_prefixes
|
59
|
-
|
60
|
-
@_routes @_db_runtime
|
61
|
-
).map(&:to_sym)
|
58
|
+
DEFAULT_PROTECTED_INSTANCE_VARIABLES = Set.new %i(
|
59
|
+
@_action_name @_response_body @_formats @_prefixes
|
60
|
+
)
|
62
61
|
|
63
62
|
# This method should return a hash with assigns.
|
64
63
|
# You can overwrite this configuration per controller.
|
65
|
-
# :api: public
|
66
64
|
def view_assigns
|
67
65
|
protected_vars = _protected_ivars
|
68
66
|
variables = instance_variables
|
@@ -73,10 +71,11 @@ module AbstractController
|
|
73
71
|
}
|
74
72
|
end
|
75
73
|
|
76
|
-
|
77
|
-
#
|
78
|
-
# :
|
79
|
-
|
74
|
+
private
|
75
|
+
# Normalize args by converting <tt>render "foo"</tt> to
|
76
|
+
# <tt>render :action => "foo"</tt> and <tt>render "foo/bar"</tt> to
|
77
|
+
# <tt>render :file => "foo/bar"</tt>.
|
78
|
+
def _normalize_args(action = nil, options = {}) # :doc:
|
80
79
|
if action.respond_to?(:permitted?)
|
81
80
|
if action.permitted?
|
82
81
|
action
|
@@ -91,30 +90,32 @@ module AbstractController
|
|
91
90
|
end
|
92
91
|
|
93
92
|
# Normalize options.
|
94
|
-
# :
|
95
|
-
def _normalize_options(options)
|
93
|
+
def _normalize_options(options) # :doc:
|
96
94
|
options
|
97
95
|
end
|
98
96
|
|
99
97
|
# Process extra options.
|
100
|
-
# :
|
101
|
-
def _process_options(options)
|
98
|
+
def _process_options(options) # :doc:
|
102
99
|
options
|
103
100
|
end
|
104
101
|
|
105
102
|
# Process the rendered format.
|
106
|
-
# :
|
107
|
-
|
103
|
+
def _process_format(format) # :nodoc:
|
104
|
+
end
|
105
|
+
|
106
|
+
def _process_variant(options)
|
107
|
+
end
|
108
|
+
|
109
|
+
def _set_html_content_type # :nodoc:
|
110
|
+
end
|
111
|
+
|
112
|
+
def _set_rendered_content_type(format) # :nodoc:
|
108
113
|
end
|
109
114
|
|
110
115
|
# Normalize args and options.
|
111
|
-
# :
|
112
|
-
def _normalize_render(*args, &block)
|
116
|
+
def _normalize_render(*args, &block) # :nodoc:
|
113
117
|
options = _normalize_args(*args, &block)
|
114
|
-
|
115
|
-
if defined?(request) && request && request.variant.present?
|
116
|
-
options[:variant] = request.variant
|
117
|
-
end
|
118
|
+
_process_variant(options)
|
118
119
|
_normalize_options(options)
|
119
120
|
options
|
120
121
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module AbstractController
|
2
4
|
module Translation
|
3
5
|
# Delegates to <tt>I18n.translate</tt>. Also aliased as <tt>t</tt>.
|
@@ -8,14 +10,15 @@ module AbstractController
|
|
8
10
|
# <tt>I18n.translate("people.index.foo")</tt>. This makes it less repetitive
|
9
11
|
# to translate many keys within the same controller / action and gives you a
|
10
12
|
# simple framework for scoping them consistently.
|
11
|
-
def translate(
|
12
|
-
key
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
def translate(key, options = {})
|
14
|
+
if key.to_s.first == "."
|
15
|
+
path = controller_path.tr("/", ".")
|
16
|
+
defaults = [:"#{path}#{key}"]
|
17
|
+
defaults << options[:default] if options[:default]
|
18
|
+
options[:default] = defaults.flatten
|
19
|
+
key = "#{path}.#{action_name}#{key}"
|
16
20
|
end
|
17
|
-
|
18
|
-
I18n.translate(*args)
|
21
|
+
I18n.translate(key, options)
|
19
22
|
end
|
20
23
|
alias :t :translate
|
21
24
|
|
data/lib/abstract_controller.rb
CHANGED
@@ -1,13 +1,15 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require
|
4
|
-
require
|
5
|
-
require
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "action_pack"
|
4
|
+
require "active_support/rails"
|
5
|
+
require "active_support/i18n"
|
6
6
|
|
7
7
|
module AbstractController
|
8
8
|
extend ActiveSupport::Autoload
|
9
9
|
|
10
|
+
autoload :ActionNotFound, "abstract_controller/base"
|
10
11
|
autoload :Base
|
12
|
+
autoload :Caching
|
11
13
|
autoload :Callbacks
|
12
14
|
autoload :Collector
|
13
15
|
autoload :DoubleRenderError, "abstract_controller/rendering"
|
@@ -17,4 +19,9 @@ module AbstractController
|
|
17
19
|
autoload :Translation
|
18
20
|
autoload :AssetPaths
|
19
21
|
autoload :UrlFor
|
22
|
+
|
23
|
+
def self.eager_load!
|
24
|
+
super
|
25
|
+
AbstractController::Caching.eager_load!
|
26
|
+
end
|
20
27
|
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module ActionController
|
4
|
+
module ApiRendering
|
5
|
+
extend ActiveSupport::Concern
|
6
|
+
|
7
|
+
included do
|
8
|
+
include Rendering
|
9
|
+
end
|
10
|
+
|
11
|
+
def render_to_body(options = {})
|
12
|
+
_process_options(options)
|
13
|
+
super
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,149 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "action_view"
|
4
|
+
require "action_controller"
|
5
|
+
require "action_controller/log_subscriber"
|
6
|
+
|
7
|
+
module ActionController
|
8
|
+
# API Controller is a lightweight version of <tt>ActionController::Base</tt>,
|
9
|
+
# created for applications that don't require all functionalities that a complete
|
10
|
+
# \Rails controller provides, allowing you to create controllers with just the
|
11
|
+
# features that you need for API only applications.
|
12
|
+
#
|
13
|
+
# An API Controller is different from a normal controller in the sense that
|
14
|
+
# by default it doesn't include a number of features that are usually required
|
15
|
+
# by browser access only: layouts and templates rendering, cookies, sessions,
|
16
|
+
# flash, assets, and so on. This makes the entire controller stack thinner,
|
17
|
+
# suitable for API applications. It doesn't mean you won't have such
|
18
|
+
# features if you need them: they're all available for you to include in
|
19
|
+
# your application, they're just not part of the default API controller stack.
|
20
|
+
#
|
21
|
+
# Normally, +ApplicationController+ is the only controller that inherits from
|
22
|
+
# <tt>ActionController::API</tt>. All other controllers in turn inherit from
|
23
|
+
# +ApplicationController+.
|
24
|
+
#
|
25
|
+
# A sample controller could look like this:
|
26
|
+
#
|
27
|
+
# class PostsController < ApplicationController
|
28
|
+
# def index
|
29
|
+
# posts = Post.all
|
30
|
+
# render json: posts
|
31
|
+
# end
|
32
|
+
# end
|
33
|
+
#
|
34
|
+
# Request, response, and parameters objects all work the exact same way as
|
35
|
+
# <tt>ActionController::Base</tt>.
|
36
|
+
#
|
37
|
+
# == Renders
|
38
|
+
#
|
39
|
+
# The default API Controller stack includes all renderers, which means you
|
40
|
+
# can use <tt>render :json</tt> and brothers freely in your controllers. Keep
|
41
|
+
# in mind that templates are not going to be rendered, so you need to ensure
|
42
|
+
# your controller is calling either <tt>render</tt> or <tt>redirect_to</tt> in
|
43
|
+
# all actions, otherwise it will return 204 No Content.
|
44
|
+
#
|
45
|
+
# def show
|
46
|
+
# post = Post.find(params[:id])
|
47
|
+
# render json: post
|
48
|
+
# end
|
49
|
+
#
|
50
|
+
# == Redirects
|
51
|
+
#
|
52
|
+
# Redirects are used to move from one action to another. You can use the
|
53
|
+
# <tt>redirect_to</tt> method in your controllers in the same way as in
|
54
|
+
# <tt>ActionController::Base</tt>. For example:
|
55
|
+
#
|
56
|
+
# def create
|
57
|
+
# redirect_to root_url and return if not_authorized?
|
58
|
+
# # do stuff here
|
59
|
+
# end
|
60
|
+
#
|
61
|
+
# == Adding New Behavior
|
62
|
+
#
|
63
|
+
# In some scenarios you may want to add back some functionality provided by
|
64
|
+
# <tt>ActionController::Base</tt> that is not present by default in
|
65
|
+
# <tt>ActionController::API</tt>, for instance <tt>MimeResponds</tt>. This
|
66
|
+
# module gives you the <tt>respond_to</tt> method. Adding it is quite simple,
|
67
|
+
# you just need to include the module in a specific controller or in
|
68
|
+
# +ApplicationController+ in case you want it available in your entire
|
69
|
+
# application:
|
70
|
+
#
|
71
|
+
# class ApplicationController < ActionController::API
|
72
|
+
# include ActionController::MimeResponds
|
73
|
+
# end
|
74
|
+
#
|
75
|
+
# class PostsController < ApplicationController
|
76
|
+
# def index
|
77
|
+
# posts = Post.all
|
78
|
+
#
|
79
|
+
# respond_to do |format|
|
80
|
+
# format.json { render json: posts }
|
81
|
+
# format.xml { render xml: posts }
|
82
|
+
# end
|
83
|
+
# end
|
84
|
+
# end
|
85
|
+
#
|
86
|
+
# Make sure to check the modules included in <tt>ActionController::Base</tt>
|
87
|
+
# if you want to use any other functionality that is not provided
|
88
|
+
# by <tt>ActionController::API</tt> out of the box.
|
89
|
+
class API < Metal
|
90
|
+
abstract!
|
91
|
+
|
92
|
+
# Shortcut helper that returns all the ActionController::API modules except
|
93
|
+
# the ones passed as arguments:
|
94
|
+
#
|
95
|
+
# class MyAPIBaseController < ActionController::Metal
|
96
|
+
# ActionController::API.without_modules(:ForceSSL, :UrlFor).each do |left|
|
97
|
+
# include left
|
98
|
+
# end
|
99
|
+
# end
|
100
|
+
#
|
101
|
+
# This gives better control over what you want to exclude and makes it easier
|
102
|
+
# to create an API controller class, instead of listing the modules required
|
103
|
+
# manually.
|
104
|
+
def self.without_modules(*modules)
|
105
|
+
modules = modules.map do |m|
|
106
|
+
m.is_a?(Symbol) ? ActionController.const_get(m) : m
|
107
|
+
end
|
108
|
+
|
109
|
+
MODULES - modules
|
110
|
+
end
|
111
|
+
|
112
|
+
MODULES = [
|
113
|
+
AbstractController::Rendering,
|
114
|
+
|
115
|
+
UrlFor,
|
116
|
+
Redirecting,
|
117
|
+
ApiRendering,
|
118
|
+
Renderers::All,
|
119
|
+
ConditionalGet,
|
120
|
+
BasicImplicitRender,
|
121
|
+
StrongParameters,
|
122
|
+
|
123
|
+
ForceSSL,
|
124
|
+
DataStreaming,
|
125
|
+
|
126
|
+
# Before callbacks should also be executed as early as possible, so
|
127
|
+
# also include them at the bottom.
|
128
|
+
AbstractController::Callbacks,
|
129
|
+
|
130
|
+
# Append rescue at the bottom to wrap as much as possible.
|
131
|
+
Rescue,
|
132
|
+
|
133
|
+
# Add instrumentations hooks at the bottom, to ensure they instrument
|
134
|
+
# all the methods properly.
|
135
|
+
Instrumentation,
|
136
|
+
|
137
|
+
# Params wrapper should come before instrumentation so they are
|
138
|
+
# properly showed in logs
|
139
|
+
ParamsWrapper
|
140
|
+
]
|
141
|
+
|
142
|
+
MODULES.each do |mod|
|
143
|
+
include mod
|
144
|
+
end
|
145
|
+
|
146
|
+
ActiveSupport.run_load_hooks(:action_controller_api, self)
|
147
|
+
ActiveSupport.run_load_hooks(:action_controller, self)
|
148
|
+
end
|
149
|
+
end
|
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "action_view"
|
2
4
|
require "action_controller/log_subscriber"
|
3
5
|
require "action_controller/metal/params_wrapper"
|
4
6
|
|
@@ -8,7 +10,7 @@ module ActionController
|
|
8
10
|
# on the controller, which will automatically be made accessible to the web-server through \Rails Routes.
|
9
11
|
#
|
10
12
|
# By default, only the ApplicationController in a \Rails application inherits from <tt>ActionController::Base</tt>. All other
|
11
|
-
# controllers
|
13
|
+
# controllers inherit from ApplicationController. This gives you one class to configure things such as
|
12
14
|
# request forgery protection and filtering of sensitive request parameters.
|
13
15
|
#
|
14
16
|
# A sample controller could look like this:
|
@@ -30,9 +32,9 @@ module ActionController
|
|
30
32
|
#
|
31
33
|
# Unlike index, the create action will not render a template. After performing its main purpose (creating a
|
32
34
|
# new post), it initiates a redirect instead. This redirect works by returning an external
|
33
|
-
#
|
35
|
+
# <tt>302 Moved</tt> HTTP response that takes the user to the index action.
|
34
36
|
#
|
35
|
-
# These two methods represent the two basic action archetypes used in Action Controllers
|
37
|
+
# These two methods represent the two basic action archetypes used in Action Controllers: Get-and-show and do-and-redirect.
|
36
38
|
# Most actions are variations on these themes.
|
37
39
|
#
|
38
40
|
# == Requests
|
@@ -50,17 +52,17 @@ module ActionController
|
|
50
52
|
#
|
51
53
|
# == Parameters
|
52
54
|
#
|
53
|
-
# All request parameters, whether they come from a
|
54
|
-
# which returns a hash. For example, an action that was performed through
|
55
|
-
# <tt>{ "category" => "All", "limit" => "5" }</tt> in params
|
55
|
+
# All request parameters, whether they come from a query string in the URL or form data submitted through a POST request are
|
56
|
+
# available through the <tt>params</tt> method which returns a hash. For example, an action that was performed through
|
57
|
+
# <tt>/posts?category=All&limit=5</tt> will include <tt>{ "category" => "All", "limit" => "5" }</tt> in <tt>params</tt>.
|
56
58
|
#
|
57
59
|
# It's also possible to construct multi-dimensional parameter hashes by specifying keys using brackets, such as:
|
58
60
|
#
|
59
61
|
# <input type="text" name="post[name]" value="david">
|
60
62
|
# <input type="text" name="post[address]" value="hyacintvej">
|
61
63
|
#
|
62
|
-
# A request
|
63
|
-
# If the address input had been named <tt>post[address][street]</tt>, the params would have included
|
64
|
+
# A request coming from a form holding these inputs will include <tt>{ "post" => { "name" => "david", "address" => "hyacintvej" } }</tt>.
|
65
|
+
# If the address input had been named <tt>post[address][street]</tt>, the <tt>params</tt> would have included
|
64
66
|
# <tt>{ "post" => { "address" => { "street" => "hyacintvej" } } }</tt>. There's no limit to the depth of the nesting.
|
65
67
|
#
|
66
68
|
# == Sessions
|
@@ -74,7 +76,7 @@ module ActionController
|
|
74
76
|
#
|
75
77
|
# session[:person] = Person.authenticate(user_name, password)
|
76
78
|
#
|
77
|
-
#
|
79
|
+
# You can retrieve it again through the same hash:
|
78
80
|
#
|
79
81
|
# Hello #{session[:person]}
|
80
82
|
#
|
@@ -206,7 +208,6 @@ module ActionController
|
|
206
208
|
AbstractController::AssetPaths,
|
207
209
|
|
208
210
|
Helpers,
|
209
|
-
HideActions,
|
210
211
|
UrlFor,
|
211
212
|
Redirecting,
|
212
213
|
ActionView::Layouts,
|
@@ -214,15 +215,17 @@ module ActionController
|
|
214
215
|
Renderers::All,
|
215
216
|
ConditionalGet,
|
216
217
|
EtagWithTemplateDigest,
|
217
|
-
|
218
|
+
EtagWithFlash,
|
218
219
|
Caching,
|
219
220
|
MimeResponds,
|
220
221
|
ImplicitRender,
|
221
222
|
StrongParameters,
|
222
|
-
|
223
|
+
ParameterEncoding,
|
223
224
|
Cookies,
|
224
225
|
Flash,
|
226
|
+
FormBuilder,
|
225
227
|
RequestForgeryProtection,
|
228
|
+
ContentSecurityPolicy,
|
226
229
|
ForceSSL,
|
227
230
|
Streaming,
|
228
231
|
DataStreaming,
|
@@ -230,7 +233,7 @@ module ActionController
|
|
230
233
|
HttpAuthentication::Digest::ControllerMethods,
|
231
234
|
HttpAuthentication::Token::ControllerMethods,
|
232
235
|
|
233
|
-
# Before callbacks should also be executed
|
236
|
+
# Before callbacks should also be executed as early as possible, so
|
234
237
|
# also include them at the bottom.
|
235
238
|
AbstractController::Callbacks,
|
236
239
|
|
@@ -249,20 +252,25 @@ module ActionController
|
|
249
252
|
MODULES.each do |mod|
|
250
253
|
include mod
|
251
254
|
end
|
255
|
+
setup_renderer!
|
252
256
|
|
253
257
|
# Define some internal variables that should not be propagated to the view.
|
254
|
-
PROTECTED_IVARS = AbstractController::Rendering::DEFAULT_PROTECTED_INSTANCE_VARIABLES +
|
255
|
-
|
256
|
-
|
258
|
+
PROTECTED_IVARS = AbstractController::Rendering::DEFAULT_PROTECTED_INSTANCE_VARIABLES + %i(
|
259
|
+
@_params @_response @_request @_config @_url_options @_action_has_layout @_view_context_class
|
260
|
+
@_view_renderer @_lookup_context @_routes @_view_runtime @_db_runtime @_helper_proxy
|
261
|
+
)
|
257
262
|
|
258
263
|
def _protected_ivars # :nodoc:
|
259
264
|
PROTECTED_IVARS
|
260
265
|
end
|
261
266
|
|
262
|
-
def self.
|
263
|
-
|
267
|
+
def self.make_response!(request)
|
268
|
+
ActionDispatch::Response.create.tap do |res|
|
269
|
+
res.request = request
|
270
|
+
end
|
264
271
|
end
|
265
272
|
|
273
|
+
ActiveSupport.run_load_hooks(:action_controller_base, self)
|
266
274
|
ActiveSupport.run_load_hooks(:action_controller, self)
|
267
275
|
end
|
268
276
|
end
|