RubyGems - actionpack - Versions diffs - 8.0.3 → 8.1.0.rc1 - Mend

actionpack 8.0.3 → 8.1.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

data/lib/action_dispatch/middleware/remote_ip.rb CHANGED Viewed

@@ -44,6 +44,8 @@ module ActionDispatch
       "10.0.0.0/8",     # private IPv4 range 10.x.x.x
       "172.16.0.0/12",  # private IPv4 range 172.16.0.0 .. 172.31.255.255
       "192.168.0.0/16", # private IPv4 range 192.168.x.x
+      "169.254.0.0/16", # link-local IPv4 range 169.254.x.x
+      "fe80::/10",      # link-local IPv6 range fe80::/10
     ].map { |proxy| IPAddr.new(proxy) }
     attr_reader :check_ip, :proxies
@@ -126,11 +128,11 @@ module ActionDispatch
       # left, which was presumably set by one of those proxies.
       def calculate_ip
         # Set by the Rack web server, this is a single value.
-        remote_addr = ips_from(@req.remote_addr).last
+        remote_addr = sanitize_ips(ips_from(@req.remote_addr)).last
         # Could be a CSV list and/or repeated headers that were concatenated.
-        client_ips    = ips_from(@req.client_ip).reverse!
-        forwarded_ips = ips_from(@req.x_forwarded_for).reverse!
+        client_ips    = sanitize_ips(ips_from(@req.client_ip)).reverse!
+        forwarded_ips = sanitize_ips(@req.forwarded_for || []).reverse!
         # `Client-Ip` and `X-Forwarded-For` should not, generally, both be set. If they
         # are both set, it means that either:
@@ -176,7 +178,10 @@ module ActionDispatch
       def ips_from(header) # :doc:
         return [] unless header
         # Split the comma-separated list into an array of strings.
-        ips = header.strip.split(/[,\s]+/)
+        header.strip.split(/[,\s]+/)
+      end
+      def sanitize_ips(ips) # :doc:
         ips.select! do |ip|
           # Only return IPs that are valid according to the IPAddr#new method.
           range = IPAddr.new(ip).to_range

data/lib/action_dispatch/middleware/session/cache_store.rb CHANGED Viewed

@@ -18,11 +18,16 @@ module ActionDispatch
     # *   `expire_after`  - The length of time a session will be stored before
     #     automatically expiring. By default, the `:expires_in` option of the cache
     #     is used.
+    # *   `check_collisions`  - Check if newly generated session ids aren't already in use.
+    #     If for some reason 128 bits of randomness aren't considered secure enough to avoid
+    #     collisions, this option can be enabled to ensure newly generated ids aren't in use.
+    #     By default, it is set to `false` to avoid additional cache write operations.
     #
     class CacheStore < AbstractSecureStore
       def initialize(app, options = {})
         @cache = options[:cache] || Rails.cache
         options[:expire_after] ||= @cache.options[:expires_in]
+        @check_collisions = options[:check_collisions] || false
         super
       end
@@ -61,6 +66,18 @@ module ActionDispatch
         def get_session_with_fallback(sid)
           @cache.read(cache_key(sid.private_id)) || @cache.read(cache_key(sid.public_id))
         end
+        def generate_sid
+          if @check_collisions
+            loop do
+              sid = super
+              key = cache_key(sid.private_id)
+              break sid if @cache.write(key, {}, unless_exist: true, expires_in: default_options[:expire_after])
+            end
+          else
+            super
+          end
+        end
     end
   end
 end

data/lib/action_dispatch/middleware/templates/rescues/_copy_button.html.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ <button onclick="copyAsText.bind(this)()">Copy as text</button>

data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb CHANGED Viewed

@@ -11,8 +11,9 @@
           <tr>
             <td>
               <pre class="line_numbers">
-                <% source_extract[:code].each_key do |line_number| %>
-<span><%= line_number -%></span>
+                <% source_extract[:code].each_key do |line| %>
+                  <% file_url = editor_url(source_extract[:trace], line: line) %>
+<span><%= link_to_if file_url, line, file_url -%></span>
                 <% end %>
               </pre>
             </td>

data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb CHANGED Viewed

@@ -13,13 +13,17 @@
   <% end %>
   <% traces.each do |name, trace| %>
-    <div id="<%= "#{name.gsub(/\s/, '-')}-#{error_index}" %>" style="display: <%= (name == trace_to_show) ? 'block' : 'none' %>;">
+    <div id="<%= "#{name.gsub(/\s/, '-')}-#{error_index}" %>" class="trace-container" style="display: <%= (name == trace_to_show) ? 'block' : 'none' %>;">
       <code class="traces">
         <% trace.each do |frame| %>
-          <a class="trace-frames trace-frames-<%= error_index %>" data-exception-object-id="<%= frame[:exception_object_id] %>" data-frame-id="<%= frame[:id] %>" href="#">
-            <%= frame[:trace] %>
-          </a>
-          <br>
+          <div class="trace">
+            <% file_url = editor_url(frame[:trace]) %>
+            <%= file_url && link_to("✏️", file_url, class: "edit-icon") %>
+            <a class="trace-frames trace-frames-<%= error_index %>" data-exception-object-id="<%= frame[:exception_object_id] %>" data-frame-id="<%= frame[:id] %>" href="#">
+              <%= frame[:trace] %>
+            </a>
+            <br>
+          </div>
         <% end %>
       </code>
     </div>

data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb CHANGED Viewed

@@ -1,4 +1,5 @@
 <header>
+  <%= render "rescues/copy_button" %>
   <h1>Blocked hosts: <%= @hosts.join(", ") %></h1>
 </header>
 <main role="main" id="container">

data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb CHANGED Viewed

@@ -1,4 +1,5 @@
 <header>
+  <%= render "rescues/copy_button" %>
   <h1>
     <%= @exception_wrapper.exception_class_name %>
     <% if params_valid? && @request.parameters['controller'] %>

data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb CHANGED Viewed

@@ -1,4 +1,5 @@
 <header role="banner">
+  <%= render "rescues/copy_button" %>
   <h1>
     <%= @exception.class.to_s %>
     <% if @request.parameters['controller'] %>
@@ -10,6 +11,9 @@
 <main role="main" id="container">
   <h2>
     <%= h @exception.message %>
+    <% if defined?(ActionText) && @exception.message.match?(%r{#{ActionText::RichText.table_name}}) %>
+      <br />To resolve this issue run: bin/rails action_text:install
+    <% end %>
     <% if defined?(ActiveStorage) && @exception.message.match?(%r{#{ActiveStorage::Blob.table_name}|#{ActiveStorage::Attachment.table_name}}) %>
       <br />To resolve this issue run: bin/rails active_storage:install
     <% end %>

data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb CHANGED Viewed

@@ -4,6 +4,9 @@
 <% end %>
 <%= @exception.message %>
+<% if defined?(ActionText) && @exception.message.match?(%r{#{ActionText::RichText.table_name}}) %>
+To resolve this issue run: bin/rails action_text:install
+<% end %>
 <% if defined?(ActiveStorage) && @exception.message.match?(%r{#{ActiveStorage::Blob.table_name}|#{ActiveStorage::Attachment.table_name}}) %>
 To resolve this issue run: bin/rails active_storage:install
 <% end %>

data/lib/action_dispatch/middleware/templates/rescues/layout.erb CHANGED Viewed

@@ -38,6 +38,22 @@
       padding: 0.5em 1.5em;
     }
+    header button {
+      appearance: none;
+      background-color: hsl(0 0% 0% / 0.2);
+      border: 0;
+      border-radius: 14px;
+      color: white;
+      float: right;
+      font-weight: 500;
+      height: 28px;
+      padding-inline: 14px;
+      margin: 0.35em 0;
+    }
+    header button:active {
+      background-color: hsl(0 0% 0% / 0.25);
+    }
     h1 {
       overflow-wrap: break-word;
       margin: 0.2em 0;
@@ -54,6 +70,30 @@
       font-size: 11px;
     }
+    .trace-container {
+      margin-top: 10px;
+    }
+    code.traces .trace {
+      display: flex;
+      align-items: center;
+      gap: 2px;
+    }
+    .edit-icon {
+      width: 16px;
+      height: 16px;
+      display: flex;
+      font-size: 13px;
+      align-items: center;
+      justify-content: center;
+      text-decoration: none;
+    }
+    .edit-icon:hover {
+      scale: 1.05;
+    }
     .response-heading, .request-heading {
       margin-top: 30px;
     }
@@ -274,11 +314,21 @@
     var toggleEnvDump = function() {
       return toggle('env_dump');
     }
+    var copyAsText = function() {
+      const text = document.getElementById("exception-message-for-copy").textContent;
+      navigator.clipboard.writeText(text).then(() => {
+        const beforeText = this.innerText;
+        this.innerText = "Copied!"
+        setTimeout(() => this.innerText = beforeText, 1000)
+      })
+    }
   </script>
 </head>
 <body>
   <%= yield %>
+  <script type="text/plain" id="exception-message-for-copy"><%= raw @exception_message_for_copy %></script>
 </body>
 </html>

data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb CHANGED Viewed

@@ -1,4 +1,5 @@
 <header role="banner">
+  <%= render "rescues/copy_button" %>
   <h1>No view template for interactive request</h1>
 </header>

data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb CHANGED Viewed

@@ -1,4 +1,5 @@
 <header role="banner">
+  <%= render "rescues/copy_button" %>
   <h1>Template is missing</h1>
 </header>

data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb CHANGED Viewed

@@ -1,4 +1,5 @@
 <header role="banner">
+  <%= render "rescues/copy_button" %>
   <h1>Routing Error</h1>
 </header>
 <main role="main" id="container">

data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb CHANGED Viewed

@@ -1,4 +1,5 @@
 <header role="banner">
+  <%= render "rescues/copy_button" %>
   <h1>
     <%= @exception_wrapper.exception_name %> in
     <%= @request.parameters["controller"].camelize if @request.parameters["controller"] %>#<%= @request.parameters["action"] %>

data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb CHANGED Viewed

@@ -1,4 +1,5 @@
 <header role="banner">
+  <%= render "rescues/copy_button" %>
   <h1>Unknown action</h1>
 </header>
 <main role="main" id="container">

data/lib/action_dispatch/railtie.rb CHANGED Viewed

@@ -4,6 +4,7 @@
 require "action_dispatch"
 require "action_dispatch/log_subscriber"
+require "action_dispatch/structured_event_subscriber"
 require "active_support/messages/rotation_configuration"
 module ActionDispatch
@@ -33,6 +34,7 @@ module ActionDispatch
     config.action_dispatch.ignore_leading_brackets = nil
     config.action_dispatch.strict_query_string_separator = nil
+    config.action_dispatch.verbose_redirect_logs = false
     config.action_dispatch.default_headers = {
       "X-Frame-Options" => "SAMEORIGIN",
@@ -55,8 +57,18 @@ module ActionDispatch
       ActionDispatch::Http::URL.secure_protocol = app.config.force_ssl
       ActionDispatch::Http::URL.tld_length = app.config.action_dispatch.tld_length
-      ActionDispatch::ParamBuilder.ignore_leading_brackets = app.config.action_dispatch.ignore_leading_brackets
-      ActionDispatch::QueryParser.strict_query_string_separator = app.config.action_dispatch.strict_query_string_separator
+      unless app.config.action_dispatch.domain_extractor.nil?
+        ActionDispatch::Http::URL.domain_extractor = app.config.action_dispatch.domain_extractor
+      end
+      unless app.config.action_dispatch.ignore_leading_brackets.nil?
+        ActionDispatch::ParamBuilder.ignore_leading_brackets = app.config.action_dispatch.ignore_leading_brackets
+      end
+      unless app.config.action_dispatch.strict_query_string_separator.nil?
+        ActionDispatch::QueryParser.strict_query_string_separator = app.config.action_dispatch.strict_query_string_separator
+      end
+      ActionDispatch.verbose_redirect_logs = app.config.action_dispatch.verbose_redirect_logs
       ActiveSupport.on_load(:action_dispatch_request) do
         self.ignore_accept_header = app.config.action_dispatch.ignore_accept_header

data/lib/action_dispatch/routing/inspector.rb CHANGED Viewed

@@ -64,6 +64,14 @@ module ActionDispatch
       def engine?
         app.engine?
       end
+      def to_h
+        { name: name,
+          verb: verb,
+          path: path,
+          reqs: reqs,
+          source_location: source_location }
+      end
     end
     ##
@@ -72,30 +80,51 @@ module ActionDispatch
     # not use this class.
     class RoutesInspector # :nodoc:
       def initialize(routes)
-        @engines = {}
-        @routes = routes
+        @routes = wrap_routes(routes)
+        @engines = load_engines_routes
       end
       def format(formatter, filter = {})
-        routes_to_display = filter_routes(normalize_filter(filter))
-        routes = collect_routes(routes_to_display)
-        if routes.none?
-          formatter.no_routes(collect_routes(@routes), filter)
-          return formatter.result
-        end
+        all_routes = { nil => @routes }.merge(@engines)
-        formatter.header routes
-        formatter.section routes
-        @engines.each do |name, engine_routes|
-          formatter.section_title "Routes for #{name}"
-          formatter.section engine_routes
+        all_routes.each do |engine_name, routes|
+          format_routes(formatter, filter, engine_name, routes)
         end
         formatter.result
       end
       private
+        def format_routes(formatter, filter, engine_name, routes)
+          routes = filter_routes(routes, normalize_filter(filter)).map(&:to_h)
+          formatter.section_title "Routes for #{engine_name || "application"}" if @engines.any?
+          if routes.any?
+            formatter.header routes
+            formatter.section routes
+          else
+            formatter.no_routes engine_name, routes, filter
+          end
+          formatter.footer routes
+        end
+        def wrap_routes(routes)
+          routes.routes.map { |route| RouteWrapper.new(route) }.reject(&:internal?)
+        end
+        def load_engines_routes
+          engine_routes = @routes.select(&:engine?)
+          engines = engine_routes.to_h do |engine_route|
+            engine_app_routes = engine_route.rack_app.routes
+            engine_app_routes = engine_app_routes.routes if engine_app_routes.is_a?(ActionDispatch::Routing::RouteSet)
+            [engine_route.endpoint, wrap_routes(engine_app_routes)]
+          end
+          engines
+        end
         def normalize_filter(filter)
           if filter[:controller]
             { controller: /#{filter[:controller].underscore.sub(/_?controller\z/, "")}/ }
@@ -115,39 +144,13 @@ module ActionDispatch
           end
         end
-        def filter_routes(filter)
+        def filter_routes(routes, filter)
           if filter
-            @routes.select do |route|
-              route_wrapper = RouteWrapper.new(route)
-              filter.any? { |filter_type, value| route_wrapper.matches_filter?(filter_type, value) }
+            routes.select do |route|
+              filter.any? { |filter_type, value| route.matches_filter?(filter_type, value) }
             end
           else
-            @routes
-          end
-        end
-        def collect_routes(routes)
-          routes.collect do |route|
-            RouteWrapper.new(route)
-          end.reject(&:internal?).collect do |route|
-            collect_engine_routes(route)
-            { name: route.name,
-              verb: route.verb,
-              path: route.path,
-              reqs: route.reqs,
-              source_location: route.source_location }
-          end
-        end
-        def collect_engine_routes(route)
-          name = route.endpoint
-          return unless route.engine?
-          return if @engines[name]
-          routes = route.rack_app.routes
-          if routes.is_a?(ActionDispatch::Routing::RouteSet)
-            @engines[name] = collect_routes(routes.routes)
+            routes
           end
         end
     end
@@ -171,27 +174,36 @@ module ActionDispatch
         def header(routes)
         end
-        def no_routes(routes, filter)
-          @buffer <<
-            if routes.none?
-              <<~MESSAGE
-                You don't have any routes defined!
+        def footer(routes)
+        end
-                Please add some routes in config/routes.rb.
-              MESSAGE
-            elsif filter.key?(:controller)
+        def no_routes(engine, routes, filter)
+          @buffer <<
+            if filter.key?(:controller)
               "No routes were found for this controller."
             elsif filter.key?(:grep)
               "No routes were found for this grep pattern."
+            elsif routes.none?
+              if engine
+                "No routes defined."
+              else
+                <<~MESSAGE
+                  You don't have any routes defined!
+                  Please add some routes in config/routes.rb.
+                MESSAGE
+              end
             end
-          @buffer << "For more information about routes, see the Rails guide: https://guides.rubyonrails.org/routing.html."
+          unless engine
+            @buffer << "For more information about routes, see the Rails guide: https://guides.rubyonrails.org/routing.html."
+          end
         end
       end
       class Sheet < Base
         def section_title(title)
-          @buffer << "\n#{title}:"
+          @buffer << "#{title}:"
         end
         def section(routes)
@@ -202,6 +214,10 @@ module ActionDispatch
           @buffer << draw_header(routes)
         end
+        def footer(routes)
+          @buffer << ""
+        end
         private
           def draw_section(routes)
             header_lengths = ["Prefix", "Verb", "URI Pattern"].map(&:length)
@@ -232,13 +248,17 @@ module ActionDispatch
         end
         def section_title(title)
-          @buffer << "\n#{"[ #{title} ]"}"
+          @buffer << "#{"[ #{title} ]"}"
         end
         def section(routes)
           @buffer << draw_expanded_section(routes)
         end
+        def footer(routes)
+          @buffer << ""
+        end
         private
           def draw_expanded_section(routes)
             routes.map.each_with_index do |r, i|
@@ -269,7 +289,7 @@ module ActionDispatch
           super
         end
-        def no_routes(routes, filter)
+        def no_routes(engine, routes, filter)
           @buffer <<
             if filter.none?
               "No unused routes found."
@@ -300,6 +320,9 @@ module ActionDispatch
       def header(routes)
       end
+      def footer(routes)
+      end
       def no_routes(*)
         @buffer << <<~MESSAGE
           <p>You don't have any routes defined!</p>