actionpack 7.1.5.1 → 8.1.2

data/lib/action_controller/metal/params_wrapper.rb

@@ -1,12 +1,14 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "active_support/core_ext/hash/slice"
 require "active_support/core_ext/hash/except"
 require "active_support/core_ext/module/anonymous"
 require "action_dispatch/http/mime_type"
 
 module ActionController
-  # = Action Controller Params Wrapper
+  # # Action Controller Params Wrapper
   #
   # Wraps the parameters hash into a nested hash. This will allow clients to
   # submit requests without having to specify any root elements.
@@ -24,8 +26,8 @@ module ActionController
   #       wrap_parameters format: [:json, :xml, :url_encoded_form, :multipart_form]
   #     end
   #
-  # If you enable +ParamsWrapper+ for +:json+ format, instead of having to
-  # send JSON parameters like this:
+  # If you enable `ParamsWrapper` for `:json` format, instead of having to send
+  # JSON parameters like this:
   #
   #     {"user": {"name": "Konata"}}
   #
@@ -34,45 +36,44 @@ module ActionController
   #     {"name": "Konata"}
   #
   # And it will be wrapped into a nested hash with the key name matching the
-  # controller's name. For example, if you're posting to +UsersController+,
-  # your new +params+ hash will look like this:
+  # controller's name. For example, if you're posting to `UsersController`, your
+  # new `params` hash will look like this:
   #
   #     {"name" => "Konata", "user" => {"name" => "Konata"}}
   #
-  # You can also specify the key in which the parameters should be wrapped to,
-  # and also the list of attributes it should wrap by using either +:include+ or
-  # +:exclude+ options like this:
+  # You can also specify the key in which the parameters should be wrapped to, and
+  # also the list of attributes it should wrap by using either `:include` or
+  # `:exclude` options like this:
   #
   #     class UsersController < ApplicationController
   #       wrap_parameters :person, include: [:username, :password]
   #     end
   #
-  # On Active Record models with no +:include+ or +:exclude+ option set,
-  # it will only wrap the parameters returned by the class method
-  # <tt>attribute_names</tt>.
+  # On Active Record models with no `:include` or `:exclude` option set, it will
+  # only wrap the parameters returned by the class method `attribute_names`.
   #
-  # If you're going to pass the parameters to an +ActiveModel+ object (such as
-  # <tt>User.new(params[:user])</tt>), you might consider passing the model class to
-  # the method instead. The +ParamsWrapper+ will actually try to determine the
-  # list of attribute names from the model and only wrap those attributes:
+  # If you're going to pass the parameters to an `ActiveModel` object (such as
+  # `User.new(params[:user])`), you might consider passing the model class to the
+  # method instead. The `ParamsWrapper` will actually try to determine the list of
+  # attribute names from the model and only wrap those attributes:
   #
   #     class UsersController < ApplicationController
   #       wrap_parameters Person
   #     end
   #
-  # You still could pass +:include+ and +:exclude+ to set the list of attributes
+  # You still could pass `:include` and `:exclude` to set the list of attributes
   # you want to wrap.
   #
   # By default, if you don't specify the key in which the parameters would be
-  # wrapped to, +ParamsWrapper+ will actually try to determine if there's
-  # a model related to it or not. This controller, for example:
+  # wrapped to, `ParamsWrapper` will actually try to determine if there's a model
+  # related to it or not. This controller, for example:
   #
   #     class Admin::UsersController < ApplicationController
   #     end
   #
-  # will try to check if +Admin::User+ or +User+ model exists, and use it to
-  # determine the wrapper key respectively. If both models don't exist,
-  # it will then fall back to use +user+ as the key.
+  # will try to check if `Admin::User` or `User` model exists, and use it to
+  # determine the wrapper key respectively. If both models don't exist, it will
+  # then fall back to use `user` as the key.
   #
   # To disable this functionality for a controller:
   #
@@ -84,11 +85,7 @@ module ActionController
 
     EXCLUDE_PARAMETERS = %w(authenticity_token _method utf8)
 
-    require "mutex_m"
-
     class Options < Struct.new(:name, :format, :include, :exclude, :klass, :model) # :nodoc:
-      include Mutex_m
-
       def self.from_hash(hash)
         name    = hash[:name]
         format  = Array(hash[:format])
@@ -99,6 +96,7 @@ module ActionController
 
       def initialize(name, format, include, exclude, klass, model) # :nodoc:
         super
+        @mutex = Mutex.new
         @include_set = include
         @name_set    = name
       end
@@ -111,7 +109,7 @@ module ActionController
         return super if @include_set
 
         m = model
-        synchronize do
+        @mutex.synchronize do
           return super if @include_set
 
           @include_set = true
@@ -144,7 +142,7 @@ module ActionController
         return super if @name_set
 
         m = model
-        synchronize do
+        @mutex.synchronize do
           return super if @name_set
 
           @name_set = true
@@ -157,13 +155,13 @@ module ActionController
       end
 
       private
-        # Determine the wrapper model from the controller's name. By convention,
-        # this could be done by trying to find the defined model that has the
-        # same singular name as the controller. For example, +UsersController+
-        # will try to find if the +User+ model exists.
+        # Determine the wrapper model from the controller's name. By convention, this
+        # could be done by trying to find the defined model that has the same singular
+        # name as the controller. For example, `UsersController` will try to find if the
+        # `User` model exists.
         #
-        # This method also does namespace lookup. Foo::Bar::UsersController will
-        # try to find Foo::Bar::User, Foo::User and finally User.
+        # This method also does namespace lookup. Foo::Bar::UsersController will try to
+        # find Foo::Bar::User, Foo::User and finally User.
         def _default_wrap_model
           return nil if klass.anonymous?
           model_name = klass.name.delete_suffix("Controller").classify
@@ -192,33 +190,34 @@ module ActionController
         self._wrapper_options = Options.from_hash(options)
       end
 
-      # Sets the name of the wrapper key, or the model which +ParamsWrapper+
-      # would use to determine the attribute names from.
+      # Sets the name of the wrapper key, or the model which `ParamsWrapper` would use
+      # to determine the attribute names from.
+      #
+      # #### Examples
+      #     wrap_parameters format: :xml
+      #       # enables the parameter wrapper for XML format
       #
-      # ==== Examples
-      #   wrap_parameters format: :xml
-      #     # enables the parameter wrapper for XML format
+      #     wrap_parameters :person
+      #       # wraps parameters into params[:person] hash
       #
-      #   wrap_parameters :person
-      #     # wraps parameters into +params[:person]+ hash
+      #     wrap_parameters Person
+      #       # wraps parameters by determining the wrapper key from Person class
+      #       # (:person, in this case) and the list of attribute names
       #
-      #   wrap_parameters Person
-      #     # wraps parameters by determining the wrapper key from Person class
-      #     # (+person+, in this case) and the list of attribute names
+      #     wrap_parameters include: [:username, :title]
+      #       # wraps only :username and :title attributes from parameters.
       #
-      #   wrap_parameters include: [:username, :title]
-      #     # wraps only +:username+ and +:title+ attributes from parameters.
+      #     wrap_parameters false
+      #       # disables parameters wrapping for this controller altogether.
       #
-      #   wrap_parameters false
-      #     # disables parameters wrapping for this controller altogether.
+      # #### Options
+      # *   `:format` - The list of formats in which the parameters wrapper will be
+      #     enabled.
+      # *   `:include` - The list of attribute names which parameters wrapper will
+      #     wrap into a nested hash.
+      # *   `:exclude` - The list of attribute names which parameters wrapper will
+      #     exclude from a nested hash.
       #
-      # ==== Options
-      # * <tt>:format</tt> - The list of formats in which the parameters wrapper
-      #   will be enabled.
-      # * <tt>:include</tt> - The list of attribute names which parameters wrapper
-      #   will wrap into a nested hash.
-      # * <tt>:exclude</tt> - The list of attribute names which parameters wrapper
-      #   will exclude from a nested hash.
       def wrap_parameters(name_or_model_or_options, options = {})
         model = nil
 
@@ -240,9 +239,8 @@ module ActionController
         self._wrapper_options = opts
       end
 
-      # Sets the default wrapper key or model which will be used to determine
-      # wrapper key and attribute names. Called automatically when the
-      # module is inherited.
+      # Sets the default wrapper key or model which will be used to determine wrapper
+      # key and attribute names. Called automatically when the module is inherited.
       def inherited(klass)
         if klass._wrapper_options.format.any?
           params = klass._wrapper_options.dup
@@ -254,8 +252,8 @@ module ActionController
     end
 
     private
-      # Performs parameters wrapping upon the request. Called automatically
-      # by the metal call stack.
+      # Performs parameters wrapping upon the request. Called automatically by the
+      # metal call stack.
       def process_action(*)
         _perform_parameter_wrapping if _wrapper_enabled?
         super

data/lib/action_controller/metal/permissions_policy.rb

@@ -1,30 +1,40 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionController # :nodoc:
   module PermissionsPolicy
     extend ActiveSupport::Concern
 
     module ClassMethods
-      # Overrides parts of the globally configured +Feature-Policy+
-      # header:
+      # Overrides parts of the globally configured `Feature-Policy` header:
       #
-      #   class PagesController < ApplicationController
-      #     permissions_policy do |policy|
-      #       policy.geolocation "https://example.com"
+      #     class PagesController < ApplicationController
+      #       permissions_policy do |policy|
+      #         policy.geolocation "https://example.com"
+      #       end
       #     end
-      #   end
       #
-      # Options can be passed similar to +before_action+. For example, pass
-      # <tt>only: :index</tt> to override the header on the index action only:
+      # Options can be passed similar to `before_action`. For example, pass `only:
+      # :index` to override the header on the index action only:
       #
-      #   class PagesController < ApplicationController
-      #     permissions_policy(only: :index) do |policy|
-      #       policy.camera :self
+      #     class PagesController < ApplicationController
+      #       permissions_policy(only: :index) do |policy|
+      #         policy.camera :self
+      #       end
       #     end
-      #   end
       #
+      # Requires a global policy defined in an initializer, which can be
+      # empty:
+      #
+      #     Rails.application.config.permissions_policy do |policy|
+      #       # policy.gyroscope :none
+      #     end
       def permissions_policy(**options, &block)
         before_action(options) do
+          unless request.respond_to?(:permissions_policy)
+            raise "Cannot override permissions_policy if no global permissions_policy configured."
+          end
           if block_given?
             policy = request.permissions_policy.clone
             instance_exec(policy, &block)

data/lib/action_controller/metal/rate_limiting.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+# :markup: markdown
+
+module ActionController # :nodoc:
+  module RateLimiting
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      # Applies a rate limit to all actions or those specified by the normal
+      # `before_action` filters with `only:` and `except:`.
+      #
+      # The maximum number of requests allowed is specified `to:` and constrained to
+      # the window of time given by `within:`.
+      #
+      # Rate limits are by default unique to the ip address making the request, but
+      # you can provide your own identity function by passing a callable in the `by:`
+      # parameter. It's evaluated within the context of the controller processing the
+      # request.
+      #
+      # By default, rate limits are scoped to the controller's path. If you want to
+      # share rate limits across multiple controllers, you can provide your own scope,
+      # by passing value in the `scope:` parameter.
+      #
+      # Requests that exceed the rate limit will raise an `ActionController::TooManyRequests`
+      # error. By default, Action Dispatch will rescue from the error and refuse the request
+      # with a `429 Too Many Requests` response. You can specialize this by passing a callable in the `with:`
+      # parameter. It's evaluated within the context of the controller processing the
+      # request.
+      #
+      # Rate limiting relies on a backing `ActiveSupport::Cache` store and defaults to
+      # `config.action_controller.cache_store`, which itself defaults to the global
+      # `config.cache_store`. If you don't want to store rate limits in the same
+      # datastore as your general caches, you can pass a custom store in the `store`
+      # parameter.
+      #
+      # If you want to use multiple rate limits per controller, you need to give each of
+      # them an explicit name via the `name:` option.
+      #
+      # Examples:
+      #
+      #     class SessionsController < ApplicationController
+      #       rate_limit to: 10, within: 3.minutes, only: :create
+      #     end
+      #
+      #     class SignupsController < ApplicationController
+      #       rate_limit to: 1000, within: 10.seconds,
+      #         by: -> { request.domain }, with: :redirect_to_busy, only: :new
+      #
+      #       private
+      #         def redirect_to_busy
+      #           redirect_to busy_controller_url, alert: "Too many signups on domain!"
+      #         end
+      #     end
+      #
+      #     class APIController < ApplicationController
+      #       RATE_LIMIT_STORE = ActiveSupport::Cache::RedisCacheStore.new(url: ENV["REDIS_URL"])
+      #       rate_limit to: 10, within: 3.minutes, store: RATE_LIMIT_STORE
+      #       rate_limit to: 100, within: 5.minutes, scope: :api_global
+      #     end
+      #
+      #     class SessionsController < ApplicationController
+      #       rate_limit to: 3, within: 2.seconds, name: "short-term"
+      #       rate_limit to: 10, within: 5.minutes, name: "long-term"
+      #     end
+      def rate_limit(to:, within:, by: -> { request.remote_ip }, with: -> { raise TooManyRequests }, store: cache_store, name: nil, scope: nil, **options)
+        before_action -> { rate_limiting(to: to, within: within, by: by, with: with, store: store, name: name, scope: scope || controller_path) }, **options
+      end
+    end
+
+    private
+      def rate_limiting(to:, within:, by:, with:, store:, name:, scope:)
+        by = by.is_a?(Symbol) ? send(by) : instance_exec(&by)
+
+        cache_key = ["rate-limit", scope, name, by].compact.join(":")
+        count = store.increment(cache_key, 1, expires_in: within)
+        if count && count > to
+          ActiveSupport::Notifications.instrument("rate_limit.action_controller",
+              request: request,
+              count: count,
+              to: to,
+              within: within,
+              by: by,
+              name: name,
+              scope: scope,
+              cache_key: cache_key) do
+            with.is_a?(Symbol) ? send(with) : instance_exec(&with)
+          end
+        end
+      end
+  end
+end