hanami-controller 1.3.0 → 2.0.0.alpha2

data/hanami-controller.gemspec

@@ -17,13 +17,14 @@ Gem::Specification.new do |spec|
   spec.executables   = []
   spec.test_files    = spec.files.grep(%r{^(spec)/})
   spec.require_paths = ['lib']
-  spec.required_ruby_version = '>= 2.3.0'
+  spec.required_ruby_version = '>= 2.6.0'
 
   spec.add_dependency 'rack',         '~> 2.0'
-  spec.add_dependency 'hanami-utils', '~> 1.3'
+  spec.add_dependency 'hanami-utils', '~> 2.0.alpha'
+  spec.add_dependency 'dry-configurable', '~> 0.12'
 
-  spec.add_development_dependency 'bundler',   '~> 1.6'
+  spec.add_development_dependency 'bundler',   '>= 1.6', '< 3'
   spec.add_development_dependency 'rack-test', '~> 1.0'
-  spec.add_development_dependency 'rake',      '~> 12'
-  spec.add_development_dependency 'rspec',     '~> 3.7'
+  spec.add_development_dependency 'rake',      '~> 13'
+  spec.add_development_dependency 'rspec',     '~> 3.9'
 end

data/lib/hanami/action.rb

@@ -1,17 +1,5 @@
-require 'hanami/action/configurable'
-require 'hanami/action/rack'
-require 'hanami/action/mime'
-require 'hanami/action/redirect'
-require 'hanami/action/exposable'
-require 'hanami/action/throwable'
-require 'hanami/action/callbacks'
-begin
-  require 'hanami/validations'
-  require 'hanami/action/validatable'
-rescue LoadError
-end
-require 'hanami/action/head'
-require 'hanami/action/callable'
+require_relative 'action/application_action'
+require_relative 'action/standalone_action'
 
 module Hanami
   # An HTTP endpoint
@@ -28,84 +16,152 @@ module Hanami
   #       # ...
   #     end
   #   end
-  module Action
-    # Override Ruby's hook for modules.
-    # It includes basic Hanami::Action modules to the given class.
+  class Action
+    # Rack SPEC response code
     #
-    # @param base [Class] the target action
+    # @since 1.0.0
+    # @api private
+    RESPONSE_CODE = 0
+
+    # Rack SPEC response headers
     #
-    # @since 0.1.0
+    # @since 1.0.0
     # @api private
+    RESPONSE_HEADERS = 1
+
+    # Rack SPEC response body
     #
-    # @see http://www.ruby-doc.org/core-2.1.2/Module.html#method-i-included
-    #
-    # @see Hanami::Action::Rack
-    # @see Hanami::Action::Mime
-    # @see Hanami::Action::Http
-    # @see Hanami::Action::Redirect
-    # @see Hanami::Action::Exposable
-    # @see Hanami::Action::Throwable
-    # @see Hanami::Action::Callbacks
-    # @see Hanami::Action::Validatable
-    # @see Hanami::Action::Configurable
-    # @see Hanami::Action::Callable
-    def self.included(base)
-      base.class_eval do
-        include Rack
-        include Mime
-        include Redirect
-        include Exposable
-        include Throwable
-        include Callbacks
-        include Validatable if defined?(Validatable)
-        include Configurable
-        include Head
-        prepend Callable
-      end
-    end
+    # @since 1.0.0
+    # @api private
+    RESPONSE_BODY = 2
 
-    private
+    DEFAULT_ERROR_CODE = 500
 
-    # Raise error when `Hanami::Action::Session` isn't included.
+    # Status codes that by RFC must not include a message body
     #
-    # To use `session`, include `Hanami::Action::Session`.
+    # @since 0.3.2
+    # @api private
+    HTTP_STATUSES_WITHOUT_BODY = Set.new((100..199).to_a << 204 << 205 << 304).freeze
+
+    # Not Found
     #
-    # @raise [Hanami::Controller::MissingSessionError]
+    # @since 1.0.0
+    # @api private
+    NOT_FOUND = 404
+
+    # Entity headers allowed in blank body responses, according to
+    # RFC 2616 - Section 10 (HTTP 1.1).
     #
-    # @since 1.2.0
-    def session
-      raise Hanami::Controller::MissingSessionError.new(:session)
-    end
+    # "The response MAY include new or updated metainformation in the form
+    #   of entity-headers".
+    #
+    # @since 0.4.0
+    # @api private
+    #
+    # @see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.5
+    # @see http://www.w3.org/Protocols/rfc2616/rfc2616-sec7.html
+    ENTITY_HEADERS = {
+      'Allow'            => true,
+      'Content-Encoding' => true,
+      'Content-Language' => true,
+      'Content-Location' => true,
+      'Content-MD5'      => true,
+      'Content-Range'    => true,
+      'Expires'          => true,
+      'Last-Modified'    => true,
+      'extension-header' => true
+    }.freeze
 
-    # Raise error when `Hanami::Action::Session` isn't included.
+    # The request method
     #
-    # To use `flash`, include `Hanami::Action::Session`.
+    # @since 0.3.2
+    # @api private
+    REQUEST_METHOD = 'REQUEST_METHOD'.freeze
+
+    # The Content-Length HTTP header
     #
-    # @raise [Hanami::Controller::MissingSessionError]
+    # @since 1.0.0
+    # @api private
+    CONTENT_LENGTH = 'Content-Length'.freeze
+
+    # The non-standard HTTP header to pass the control over when a resource
+    # cannot be found by the current endpoint
     #
-    # @since 1.2.0
-    def flash
-      raise Hanami::Controller::MissingSessionError.new(:flash)
-    end
+    # @since 1.0.0
+    # @api private
+    X_CASCADE = 'X-Cascade'.freeze
+
+    # HEAD request
+    #
+    # @since 0.3.2
+    # @api private
+    HEAD = 'HEAD'.freeze
+
+    # The key that returns accepted mime types from the Rack env
+    #
+    # @since 0.1.0
+    # @api private
+    HTTP_ACCEPT          = 'HTTP_ACCEPT'.freeze
 
-    # Finalize the response
+    # The header key to set the mime type of the response
     #
-    # This method is abstract and COULD be implemented by included modules in
-    # order to prepare their data before the response will be returned to the
-    # webserver.
+    # @since 0.1.0
+    # @api private
+    CONTENT_TYPE         = 'Content-Type'.freeze
+
+    # The default mime type for an incoming HTTP request
     #
     # @since 0.1.0
     # @api private
-    # @abstract
+    DEFAULT_ACCEPT       = '*/*'.freeze
+
+    # The default mime type that is returned in the response
+    #
+    # @since 0.1.0
+    # @api private
+    DEFAULT_CONTENT_TYPE = 'application/octet-stream'.freeze
+
+    # @since 0.2.0
+    # @api private
+    RACK_ERRORS = 'rack.errors'.freeze
+
+    # This isn't part of Rack SPEC
+    #
+    # Exception notifiers use <tt>rack.exception</tt> instead of
+    # <tt>rack.errors</tt>, so we need to support it.
+    #
+    # @since 0.5.0
+    # @api private
     #
-    # @see Hanami::Action::Mime#finish
-    # @see Hanami::Action::Exposable#finish
-    # @see Hanami::Action::Callable#finish
-    # @see Hanami::Action::Session#finish
-    # @see Hanami::Action::Cookies#finish
-    # @see Hanami::Action::Cache#finish
-    # @see Hanami::Action::Head#finish
-    def finish
+    # @see Hanami::Action::Throwable::RACK_ERRORS
+    # @see http://www.rubydoc.info/github/rack/rack/file/SPEC#The_Error_Stream
+    # @see https://github.com/hanami/controller/issues/133
+    RACK_EXCEPTION = 'rack.exception'.freeze
+
+    # The HTTP header for redirects
+    #
+    # @since 0.2.0
+    # @api private
+    LOCATION = 'Location'.freeze
+
+    include StandaloneAction
+
+    def self.inherited(subclass)
+      super
+
+      # When inheriting within an Hanami app, and the application provider has
+      # changed from the superclass, (re-)configure the action for the provider,
+      # i.e. for the slice and/or the application itself
+      if (provider = application_provider(subclass)) && provider != application_provider(subclass.superclass)
+        subclass.include ApplicationAction.new(provider)
+      end
+    end
+
+    def self.application_provider(subclass)
+      if Hanami.respond_to?(:application?) && Hanami.application?
+        Hanami.application.component_provider(subclass)
+      end
     end
+    private_class_method :application_provider
   end
 end

data/lib/hanami/action/application_action.rb

@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+
+module Hanami
+  class Action
+    class ApplicationAction < Module
+      attr_reader :provider
+      attr_reader :application
+
+      def initialize(provider)
+        @provider = provider
+        @application = provider.respond_to?(:application) ? provider.application : Hanami.application
+      end
+
+      def included(action_class)
+        action_class.include InstanceMethods
+
+        define_initialize action_class
+        configure_action action_class
+        extend_behavior action_class
+      end
+
+      def inspect
+        "#<#{self.class.name}[#{provider.name}]>"
+      end
+
+      private
+
+      def define_initialize(action_class)
+        resolve_view = method(:resolve_paired_view)
+        resolve_context = method(:resolve_view_context)
+
+        define_method :initialize do |**deps|
+          # Conditionally assign these to repsect any explictly auto-injected
+          # dependencies provided by the class
+          @view ||= deps[:view] || resolve_view.(self.class)
+          @view_context ||= deps[:view_context] || resolve_context.()
+
+          super(**deps)
+        end
+      end
+
+      def resolve_view_context
+        identifier = application.config.actions.view_context_identifier
+
+        if provider.key?(identifier)
+          provider[identifier]
+        elsif application.key?(identifier)
+          application[identifier]
+        end
+      end
+
+      def resolve_paired_view(action_class)
+        view_identifiers = application.config.actions.view_name_inferrer.(
+          action_name: action_class.name,
+          provider: provider
+        )
+
+        view_identifiers.detect { |identifier|
+          break provider[identifier] if provider.key?(identifier)
+        }
+      end
+
+      def configure_action(action_class)
+        action_class.config.settings.each do |setting|
+          application_value = application.config.actions.public_send(:"#{setting}")
+          action_class.config.public_send :"#{setting}=", application_value
+        end
+      end
+
+      def extend_behavior(action_class)
+        if application.config.actions.csrf_protection
+          require "hanami/action/csrf_protection"
+          action_class.include Hanami::Action::CSRFProtection
+        end
+
+        if application.config.actions.cookies.enabled?
+          require "hanami/action/cookies"
+          action_class.include Hanami::Action::Cookies
+        end
+      end
+
+      module InstanceMethods
+        attr_reader :view
+        attr_reader :view_context
+
+        protected
+
+        def handle(request, response)
+          if view
+            response.render view, **request.params
+          end
+        end
+
+        private
+
+        def build_response(**options)
+          options = options.merge(view_options: method(:view_options))
+          super(**options)
+        end
+
+        def view_options(req, res)
+          {context: view_context&.with(**view_context_options(req, res))}.compact
+        end
+
+        def view_context_options(req, res)
+          {request: req, response: res}
+        end
+      end
+    end
+  end
+end

data/lib/hanami/action/application_configuration.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+require_relative "application_configuration/cookies"
+require_relative "application_configuration/sessions"
+require_relative "configuration"
+require_relative "view_name_inferrer"
+
+module Hanami
+  class Action
+    class ApplicationConfiguration
+      include Dry::Configurable
+
+      setting(:cookies, {}) { |options| Cookies.new(options) }
+      setting(:sessions) { |storage, *options| Sessions.new(storage, *options) }
+      setting :csrf_protection
+
+      setting :name_inference_base, "actions"
+      setting :view_context_identifier, "view.context"
+      setting :view_name_inferrer, ViewNameInferrer
+      setting :view_name_inference_base, "views"
+
+      def initialize(*)
+        super
+
+        @base_configuration = Configuration.new
+
+        configure_defaults
+      end
+
+      def finalize!
+        # A nil value for `csrf_protection` means it has not been explicitly configured
+        # (neither true nor false), so we can default it to whether sessions are enabled
+        self.csrf_protection = sessions.enabled? if csrf_protection.nil?
+      end
+
+      # Returns the list of available settings
+      #
+      # @return [Set]
+      #
+      # @since 2.0.0
+      # @api private
+      def settings
+        base_configuration.settings + self.class.settings
+      end
+
+      private
+
+      attr_reader :base_configuration
+
+      # Apply defaults for base configuration settings
+      def configure_defaults
+        self.default_request_format = :html
+        self.default_response_format = :html
+
+        self.default_headers = {
+          "X-Frame-Options" => "DENY",
+          "X-Content-Type-Options" => "nosniff",
+          "X-XSS-Protection" => "1; mode=block",
+          "Content-Security-Policy" => \
+            "base-uri 'self'; " \
+            "child-src 'self'; " \
+            "connect-src 'self'; " \
+            "default-src 'none'; " \
+            "font-src 'self'; " \
+            "form-action 'self'; " \
+            "frame-ancestors 'self'; " \
+            "frame-src 'self'; " \
+            "img-src 'self' https: data:; " \
+            "media-src 'self'; " \
+            "object-src 'none'; " \
+            "plugin-types application/pdf; " \
+            "script-src 'self'; " \
+            "style-src 'self' 'unsafe-inline' https:"
+        }
+      end
+
+      def method_missing(name, *args, &block)
+        if config.respond_to?(name)
+          config.public_send(name, *args, &block)
+        elsif base_configuration.respond_to?(name)
+          base_configuration.public_send(name, *args, &block)
+        else
+          super
+        end
+      end
+
+      def respond_to_missing?(name, _incude_all = false)
+        config.respond_to?(name) || base_configuration.respond_to?(name) || super
+      end
+    end
+  end
+end