baldur 0.1.1 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +14 -2
- data/SECURITY.md +29 -0
- data/TODO.md +0 -1
- data/app/assets/stylesheets/baldur/application/components/forms.css +8 -0
- data/app/helpers/baldur/ui_helper_forms.rb +1 -1
- data/app/views/baldur/components/_tooltip.html.erb +0 -1
- data/baldur.gemspec +8 -2
- data/lib/baldur/version.rb +1 -1
- data/test/csp_rendering_test.rb +60 -0
- data/test/test_helper.rb +6 -0
- metadata +10 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 91618f676806f1de454dd46fca5f426a13f4b5504bf7f2e1c91816325784f740
|
|
4
|
+
data.tar.gz: f91cc858789b87d5eacf92f0e9835ec614b288f045d4333dc2e19c2889850209
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dbcd1175ac464c6dc6c730f5a39c154ec91371a4ea0214b8f0db0b0fc5e595ab0ffc7abaf0a8196cb065c43ce422305a509d799962b76b99746b3ab9a5449b28
|
|
7
|
+
data.tar.gz: f706bf4fadfeb7dfdd5919c8e93c968e402e65a3dcb69a9dae2a2e8ac909649c1ddc06895f0e05985663d5f34a938ee8d06a44f592f605949e96bb201e06b774
|
data/README.md
CHANGED
|
@@ -12,10 +12,10 @@ Baldur is a reusable Rails UI engine for apps using the same frontend stack as t
|
|
|
12
12
|
|
|
13
13
|
1. Add Baldur to the target app `Gemfile`:
|
|
14
14
|
|
|
15
|
-
Baldur now declares `tailwindcss-rails` as a gem dependency, so hosts do not need to add that gem separately unless they want to
|
|
15
|
+
Baldur now declares `tailwindcss-rails >= 4.4.0` as a gem dependency, so hosts do not need to add that gem separately unless they want to enforce their own minimum version.
|
|
16
16
|
|
|
17
17
|
```ruby
|
|
18
|
-
gem "baldur"
|
|
18
|
+
gem "baldur", ">= 0.1.3"
|
|
19
19
|
```
|
|
20
20
|
|
|
21
21
|
2. Run:
|
|
@@ -45,6 +45,18 @@ bundle exec rails generate baldur:install_google_auth
|
|
|
45
45
|
|
|
46
46
|
Default install behavior keeps Geist loaded through the host `fonts.css` scaffold. If a host app wants a different stack, it should update `fonts.css` and then map the loaded families in `theme.css`.
|
|
47
47
|
|
|
48
|
+
## Security
|
|
49
|
+
|
|
50
|
+
- New Baldur releases require MFA for RubyGems owners via gem metadata starting with `0.1.2`.
|
|
51
|
+
- Release artifacts should be installed from RubyGems or GitHub releases and can be verified with the published `.sha512` checksum file.
|
|
52
|
+
- Report vulnerabilities privately through GitHub Security Advisories.
|
|
53
|
+
|
|
54
|
+
To verify a release artifact manually:
|
|
55
|
+
|
|
56
|
+
```sh
|
|
57
|
+
sha512sum -c baldur-0.1.3.gem.sha512
|
|
58
|
+
```
|
|
59
|
+
|
|
48
60
|
## Styling Ownership
|
|
49
61
|
|
|
50
62
|
Tailwind provides the utility/base layer. Baldur is the source of truth for shared design-system primitives.
|
data/SECURITY.md
ADDED
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
## Reporting a Vulnerability
|
|
4
|
+
|
|
5
|
+
Please do not report security issues through public GitHub issues or pull requests.
|
|
6
|
+
|
|
7
|
+
Preferred reporting paths:
|
|
8
|
+
|
|
9
|
+
1. Open a private GitHub Security Advisory draft for this repository.
|
|
10
|
+
2. Use GitHub Security Advisories for private disclosure.
|
|
11
|
+
|
|
12
|
+
Please include:
|
|
13
|
+
|
|
14
|
+
- affected version(s)
|
|
15
|
+
- a clear description of the issue
|
|
16
|
+
- reproduction steps or proof of concept
|
|
17
|
+
- impact assessment if known
|
|
18
|
+
- any suggested remediation
|
|
19
|
+
|
|
20
|
+
## Disclosure Process
|
|
21
|
+
|
|
22
|
+
- I will acknowledge receipt of a report as quickly as practical.
|
|
23
|
+
- I will investigate privately and prepare a fix before public disclosure.
|
|
24
|
+
- Once a fix is available, I may publish a GitHub Security Advisory and request a CVE if the issue merits one.
|
|
25
|
+
- Public disclosure should wait until affected users have a reasonable chance to upgrade.
|
|
26
|
+
|
|
27
|
+
## Supported Versions
|
|
28
|
+
|
|
29
|
+
Security fixes are best-effort and will normally target the latest released version of Baldur.
|
data/TODO.md
CHANGED
|
@@ -3,4 +3,3 @@
|
|
|
3
3
|
- Add a dedicated dummy app in the extracted gem repo for visual smoke checks.
|
|
4
4
|
- Add a component inventory/showcase page in that dummy app.
|
|
5
5
|
- Add a few interaction-specific showcase pages for modal, sidebar, menu select, snackbar, and `panel_secondary`.
|
|
6
|
-
- Add release automation in the extracted gem repo once publication workflow is defined.
|
|
@@ -145,6 +145,14 @@
|
|
|
145
145
|
padding-right: calc(var(--space-4) + 40px);
|
|
146
146
|
}
|
|
147
147
|
|
|
148
|
+
.date-field__native--hidden {
|
|
149
|
+
position: absolute;
|
|
150
|
+
width: 1px;
|
|
151
|
+
height: 1px;
|
|
152
|
+
opacity: 0;
|
|
153
|
+
pointer-events: none;
|
|
154
|
+
}
|
|
155
|
+
|
|
148
156
|
.date-field__toggle {
|
|
149
157
|
position: absolute;
|
|
150
158
|
top: 50%;
|
|
@@ -97,7 +97,7 @@ module Baldur
|
|
|
97
97
|
native_options[:disabled] = true if disabled
|
|
98
98
|
native_options[:tabindex] ||= "-1"
|
|
99
99
|
native_options[:autocomplete] ||= "off"
|
|
100
|
-
native_options[:
|
|
100
|
+
native_options[:class] = [ native_options[:class], "date-field__native--hidden" ].compact.join(" ")
|
|
101
101
|
|
|
102
102
|
if min_date.present?
|
|
103
103
|
min_date_value = case min_date
|
data/baldur.gemspec
CHANGED
|
@@ -4,11 +4,16 @@ Gem::Specification.new do |spec|
|
|
|
4
4
|
spec.name = "baldur"
|
|
5
5
|
spec.version = Baldur::VERSION
|
|
6
6
|
spec.authors = [ "Varun Murkar" ]
|
|
7
|
-
spec.email = [ "hello@varunmurkar.com" ]
|
|
8
7
|
spec.summary = "Reusable Rails UI engine for same-stack application interfaces"
|
|
9
8
|
spec.description = "Baldur packages reusable Rails view helpers, components, styles, and Stimulus controllers."
|
|
10
9
|
spec.homepage = "https://github.com/varunmurkar/baldur"
|
|
11
10
|
spec.license = "MIT"
|
|
11
|
+
spec.metadata = {
|
|
12
|
+
"source_code_uri" => "https://github.com/varunmurkar/baldur",
|
|
13
|
+
"bug_tracker_uri" => "https://github.com/varunmurkar/baldur/issues",
|
|
14
|
+
"changelog_uri" => "https://github.com/varunmurkar/baldur/releases",
|
|
15
|
+
"rubygems_mfa_required" => "true"
|
|
16
|
+
}
|
|
12
17
|
|
|
13
18
|
spec.files = Dir.chdir(__dir__) do
|
|
14
19
|
Dir[
|
|
@@ -16,6 +21,7 @@ Gem::Specification.new do |spec|
|
|
|
16
21
|
"README.md",
|
|
17
22
|
"TODO.md",
|
|
18
23
|
"LICENSE",
|
|
24
|
+
"SECURITY.md",
|
|
19
25
|
"baldur.gemspec",
|
|
20
26
|
"Gemfile"
|
|
21
27
|
].select { |path| File.file?(path) }
|
|
@@ -26,5 +32,5 @@ Gem::Specification.new do |spec|
|
|
|
26
32
|
spec.add_dependency "importmap-rails"
|
|
27
33
|
spec.add_dependency "lucide-rails"
|
|
28
34
|
spec.add_dependency "rails", ">= 8.1.0"
|
|
29
|
-
spec.add_dependency "tailwindcss-rails"
|
|
35
|
+
spec.add_dependency "tailwindcss-rails", ">= 4.4.0"
|
|
30
36
|
end
|
data/lib/baldur/version.rb
CHANGED
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
require_relative "test_helper"
|
|
2
|
+
|
|
3
|
+
require "action_controller"
|
|
4
|
+
|
|
5
|
+
class BaldurCspRenderingTest < Minitest::Test
|
|
6
|
+
class TestController < ActionController::Base
|
|
7
|
+
append_view_path File.expand_path("../app/views", __dir__)
|
|
8
|
+
helper Baldur::UiHelper
|
|
9
|
+
helper Baldur::UiHelperForms
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def test_tooltip_renders_without_inline_style_attribute
|
|
13
|
+
html = TestController.render(
|
|
14
|
+
partial: "baldur/components/tooltip",
|
|
15
|
+
locals: {
|
|
16
|
+
text: "Info",
|
|
17
|
+
content: "Tooltip body",
|
|
18
|
+
show_icon: true,
|
|
19
|
+
icon: "circle-help",
|
|
20
|
+
variant: :link,
|
|
21
|
+
wrapper_class: nil,
|
|
22
|
+
trigger_class: nil,
|
|
23
|
+
bubble_class: nil,
|
|
24
|
+
inline: false
|
|
25
|
+
}
|
|
26
|
+
)
|
|
27
|
+
|
|
28
|
+
refute_includes html, 'style="text-align: left;"'
|
|
29
|
+
assert_includes html, 'role="tooltip"'
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def test_date_field_renders_hidden_native_input_class_without_inline_style
|
|
33
|
+
html = TestController.render(
|
|
34
|
+
partial: "baldur/components/date_field",
|
|
35
|
+
locals: {
|
|
36
|
+
wrapper_classes: "field date-field",
|
|
37
|
+
label: "Due date",
|
|
38
|
+
supporting_text: nil,
|
|
39
|
+
display_input_options: {
|
|
40
|
+
id: "due-date-display",
|
|
41
|
+
class: "text-field__control date-field__display",
|
|
42
|
+
type: "text",
|
|
43
|
+
name: "due_date"
|
|
44
|
+
},
|
|
45
|
+
native_input_options: {
|
|
46
|
+
id: "due-date-native",
|
|
47
|
+
class: "date-field__native date-field__native--hidden",
|
|
48
|
+
type: "date",
|
|
49
|
+
tabindex: "-1"
|
|
50
|
+
},
|
|
51
|
+
toggle_label: "Open date picker",
|
|
52
|
+
icon_name: "calendar",
|
|
53
|
+
support_id: "due-date-support"
|
|
54
|
+
}
|
|
55
|
+
)
|
|
56
|
+
|
|
57
|
+
refute_includes html, 'style="position:absolute;'
|
|
58
|
+
assert_includes html, 'date-field__native--hidden'
|
|
59
|
+
end
|
|
60
|
+
end
|
data/test/test_helper.rb
CHANGED
|
@@ -3,7 +3,13 @@ ENV["MT_NO_PLUGINS"] = "1"
|
|
|
3
3
|
require "bundler/setup"
|
|
4
4
|
require "minitest/autorun"
|
|
5
5
|
require "rails/generators/test_case"
|
|
6
|
+
require "rails"
|
|
7
|
+
require "lucide-rails"
|
|
6
8
|
|
|
7
9
|
require_relative "../lib/baldur"
|
|
8
10
|
require_relative "../app/helpers/baldur/render_helper"
|
|
11
|
+
require_relative "../app/helpers/baldur/ui_helper_feedback"
|
|
12
|
+
require_relative "../app/helpers/baldur/ui_helper_unavailable"
|
|
13
|
+
require_relative "../app/helpers/baldur/ui_helper_forms"
|
|
14
|
+
require_relative "../app/helpers/baldur/ui_helper"
|
|
9
15
|
require_relative "../app/helpers/baldur/marketing_helper"
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: baldur
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Varun Murkar
|
|
@@ -57,18 +57,16 @@ dependencies:
|
|
|
57
57
|
requirements:
|
|
58
58
|
- - ">="
|
|
59
59
|
- !ruby/object:Gem::Version
|
|
60
|
-
version:
|
|
60
|
+
version: 4.4.0
|
|
61
61
|
type: :runtime
|
|
62
62
|
prerelease: false
|
|
63
63
|
version_requirements: !ruby/object:Gem::Requirement
|
|
64
64
|
requirements:
|
|
65
65
|
- - ">="
|
|
66
66
|
- !ruby/object:Gem::Version
|
|
67
|
-
version:
|
|
67
|
+
version: 4.4.0
|
|
68
68
|
description: Baldur packages reusable Rails view helpers, components, styles, and
|
|
69
69
|
Stimulus controllers.
|
|
70
|
-
email:
|
|
71
|
-
- hello@varunmurkar.com
|
|
72
70
|
executables: []
|
|
73
71
|
extensions: []
|
|
74
72
|
extra_rdoc_files: []
|
|
@@ -76,6 +74,7 @@ files:
|
|
|
76
74
|
- Gemfile
|
|
77
75
|
- LICENSE
|
|
78
76
|
- README.md
|
|
77
|
+
- SECURITY.md
|
|
79
78
|
- TODO.md
|
|
80
79
|
- app/assets/javascripts/baldur/controllers/accordion_controller.js
|
|
81
80
|
- app/assets/javascripts/baldur/controllers/alert_controller.js
|
|
@@ -200,6 +199,7 @@ files:
|
|
|
200
199
|
- lib/generators/baldur/install_panel_right/install_panel_right_generator.rb
|
|
201
200
|
- lib/generators/baldur/install_panel_secondary/install_panel_secondary_generator.rb
|
|
202
201
|
- script/verify_host_install
|
|
202
|
+
- test/csp_rendering_test.rb
|
|
203
203
|
- test/gemspec_test.rb
|
|
204
204
|
- test/install_generator_test.rb
|
|
205
205
|
- test/install_panel_secondary_generator_test.rb
|
|
@@ -238,7 +238,11 @@ files:
|
|
|
238
238
|
homepage: https://github.com/varunmurkar/baldur
|
|
239
239
|
licenses:
|
|
240
240
|
- MIT
|
|
241
|
-
metadata:
|
|
241
|
+
metadata:
|
|
242
|
+
source_code_uri: https://github.com/varunmurkar/baldur
|
|
243
|
+
bug_tracker_uri: https://github.com/varunmurkar/baldur/issues
|
|
244
|
+
changelog_uri: https://github.com/varunmurkar/baldur/releases
|
|
245
|
+
rubygems_mfa_required: 'true'
|
|
242
246
|
rdoc_options: []
|
|
243
247
|
require_paths:
|
|
244
248
|
- lib
|