hanami-controller 1.3.2 → 2.0.0.alpha3

data/hanami-controller.gemspec

@@ -17,13 +17,14 @@ Gem::Specification.new do |spec|
   spec.executables   = []
   spec.test_files    = spec.files.grep(%r{^(spec)/})
   spec.require_paths = ['lib']
-  spec.required_ruby_version = '>= 2.3.0'
+  spec.required_ruby_version = '>= 2.6.0'
 
   spec.add_dependency 'rack',         '~> 2.0'
-  spec.add_dependency 'hanami-utils', '~> 1.3'
+  spec.add_dependency 'hanami-utils', '~> 2.0.alpha'
+  spec.add_dependency 'dry-configurable', '~> 0.13', '>= 0.13.0'
 
   spec.add_development_dependency 'bundler',   '>= 1.6', '< 3'
   spec.add_development_dependency 'rack-test', '~> 1.0'
-  spec.add_development_dependency 'rake',      '~> 12'
-  spec.add_development_dependency 'rspec',     '~> 3.7'
+  spec.add_development_dependency 'rake',      '~> 13'
+  spec.add_development_dependency 'rspec',     '~> 3.9'
 end

data/lib/hanami/action/application_action.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+
+module Hanami
+  class Action
+    class ApplicationAction < Module
+      attr_reader :provider
+      attr_reader :application
+
+      def initialize(provider)
+        @provider = provider
+        @application = provider.respond_to?(:application) ? provider.application : Hanami.application
+      end
+
+      def included(action_class)
+        action_class.include InstanceMethods
+
+        define_initialize action_class
+        configure_action action_class
+        extend_behavior action_class
+      end
+
+      def inspect
+        "#<#{self.class.name}[#{provider.name}]>"
+      end
+
+      private
+
+      def define_initialize(action_class)
+        resolve_view = method(:resolve_paired_view)
+        resolve_context = method(:resolve_view_context)
+
+        define_method :initialize do |**deps|
+          # Conditionally assign these to repsect any explictly auto-injected
+          # dependencies provided by the class
+          @view ||= deps[:view] || resolve_view.(self.class)
+          @view_context ||= deps[:view_context] || resolve_context.()
+
+          super(**deps)
+        end
+      end
+
+      def resolve_view_context
+        identifier = application.config.actions.view_context_identifier
+
+        if provider.key?(identifier)
+          provider[identifier]
+        elsif application.key?(identifier)
+          application[identifier]
+        end
+      end
+
+      def resolve_paired_view(action_class)
+        view_identifiers = application.config.actions.view_name_inferrer.(
+          action_name: action_class.name,
+          provider: provider
+        )
+
+        view_identifiers.detect { |identifier|
+          break provider[identifier] if provider.key?(identifier)
+        }
+      end
+
+      def configure_action(action_class)
+        action_class.config.settings.each do |setting|
+          application_value = application.config.actions.public_send(:"#{setting}")
+          action_class.config.public_send :"#{setting}=", application_value
+        end
+      end
+
+      def extend_behavior(action_class)
+        if application.config.actions.sessions.enabled?
+          require "hanami/action/session"
+          action_class.include Hanami::Action::Session
+        end
+
+        if application.config.actions.csrf_protection
+          require "hanami/action/csrf_protection"
+          action_class.include Hanami::Action::CSRFProtection
+        end
+
+        if application.config.actions.cookies.enabled?
+          require "hanami/action/cookies"
+          action_class.include Hanami::Action::Cookies
+        end
+      end
+
+      module InstanceMethods
+        attr_reader :view
+        attr_reader :view_context
+
+        def build_response(**options)
+          options = options.merge(view_options: method(:view_options))
+          super(**options)
+        end
+
+        def view_options(req, res)
+          {context: view_context&.with(**view_context_options(req, res))}.compact
+        end
+
+        def view_context_options(req, res)
+          {request: req, response: res}
+        end
+
+        # Automatically render the view, if the body hasn't been populated yet
+        def finish(req, res, halted)
+          res.render(view, **req.params, **res.exposures) if view && res.body.empty?
+          super
+        end
+      end
+    end
+  end
+end

data/lib/hanami/action/application_configuration/cookies.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Hanami
+  class Action
+    class ApplicationConfiguration
+      # Wrapper for application-level configuration of HTTP cookies for Hanami actions.
+      # This decorates the hash of cookie options that is otherwise directly configurable
+      # on actions, and adds the `enabled?` method to allow `ApplicationAction` to
+      # determine whether to include the `Action::Cookies` module.
+      #
+      # @since 2.0.0
+      class Cookies
+        attr_reader :options
+
+        def initialize(options)
+          @options = options
+        end
+
+        def enabled?
+          !options.nil?
+        end
+
+        def to_h
+          options.to_h
+        end
+      end
+    end
+  end
+end

data/lib/hanami/action/application_configuration/sessions.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require "dry/core/constants"
+require "hanami/utils/string"
+require "hanami/utils/class"
+
+module Hanami
+  class Action
+    class ApplicationConfiguration
+      # Configuration for HTTP sessions in Hanami actions
+      #
+      # @since 2.0.0
+      class Sessions
+        attr_reader :storage, :options
+
+        def initialize(storage = nil, *options)
+          @storage = storage
+          @options = options
+        end
+
+        def enabled?
+          !storage.nil?
+        end
+
+        def middleware
+          return [] if !enabled?
+
+          [[storage_middleware, options]]
+        end
+
+        private
+
+        def storage_middleware
+          require_storage
+
+          name = Utils::String.classify(storage)
+          Utils::Class.load!(name, ::Rack::Session)
+        end
+
+        def require_storage
+          require "rack/session/#{storage}"
+        end
+      end
+    end
+  end
+end

data/lib/hanami/action/application_configuration.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+require_relative "application_configuration/cookies"
+require_relative "application_configuration/sessions"
+require_relative "configuration"
+require_relative "view_name_inferrer"
+
+module Hanami
+  class Action
+    class ApplicationConfiguration
+      include Dry::Configurable
+
+      setting :cookies, default: {}, constructor: -> options { Cookies.new(options) }
+      setting :sessions, constructor: proc { |storage, *options| Sessions.new(storage, *options) }
+      setting :csrf_protection
+
+      setting :name_inference_base, default: "actions"
+      setting :view_context_identifier, default: "view.context"
+      setting :view_name_inferrer, default: ViewNameInferrer
+      setting :view_name_inference_base, default: "views"
+
+      def initialize(*)
+        super
+
+        @base_configuration = Configuration.new
+
+        configure_defaults
+      end
+
+      def finalize!
+        # A nil value for `csrf_protection` means it has not been explicitly configured
+        # (neither true nor false), so we can default it to whether sessions are enabled
+        self.csrf_protection = sessions.enabled? if csrf_protection.nil?
+      end
+
+      # Returns the list of available settings
+      #
+      # @return [Set]
+      #
+      # @since 2.0.0
+      # @api private
+      def settings
+        base_configuration.settings + self.class.settings
+      end
+
+      private
+
+      attr_reader :base_configuration
+
+      # Apply defaults for base configuration settings
+      def configure_defaults
+        self.default_request_format = :html
+        self.default_response_format = :html
+
+        self.default_headers = {
+          "X-Frame-Options" => "DENY",
+          "X-Content-Type-Options" => "nosniff",
+          "X-XSS-Protection" => "1; mode=block",
+          "Content-Security-Policy" => \
+            "base-uri 'self'; " \
+            "child-src 'self'; " \
+            "connect-src 'self'; " \
+            "default-src 'none'; " \
+            "font-src 'self'; " \
+            "form-action 'self'; " \
+            "frame-ancestors 'self'; " \
+            "frame-src 'self'; " \
+            "img-src 'self' https: data:; " \
+            "media-src 'self'; " \
+            "object-src 'none'; " \
+            "plugin-types application/pdf; " \
+            "script-src 'self'; " \
+            "style-src 'self' 'unsafe-inline' https:"
+        }
+      end
+
+      def method_missing(name, *args, &block)
+        if config.respond_to?(name)
+          config.public_send(name, *args, &block)
+        elsif base_configuration.respond_to?(name)
+          base_configuration.public_send(name, *args, &block)
+        else
+          super
+        end
+      end
+
+      def respond_to_missing?(name, _incude_all = false)
+        config.respond_to?(name) || base_configuration.respond_to?(name) || super
+      end
+    end
+  end
+end

data/lib/hanami/action/base_params.rb

@@ -2,7 +2,7 @@ require 'rack/request'
 require 'hanami/utils/hash'
 
 module Hanami
-  module Action
+  class Action
     class BaseParams
       # The key that returns raw input from the Rack env
       #
@@ -173,7 +173,7 @@ module Hanami
       def _router_params(fallback = {})
         env.fetch(ROUTER_PARAMS) do
           if session = fallback.delete(RACK_SESSION) # rubocop:disable Lint/AssignmentInCondition
-            fallback[RACK_SESSION] = Utils::Hash.new(session).symbolize!.to_hash
+            fallback[RACK_SESSION] = Utils::Hash.deep_symbolize(session)
           end
 
           fallback

data/lib/hanami/action/cache/cache_control.rb

@@ -1,7 +1,7 @@
 require 'hanami/action/cache/directives'
 
 module Hanami
-  module Action
+  class Action
     module Cache
       # Module with Cache-Control logic
       #
@@ -37,7 +37,7 @@ module Hanami
           def cache_control_directives
             @cache_control_directives || Object.new.tap do |null_object|
               def null_object.headers
-                Hash.new
+                ::Hash.new
               end
             end
           end
@@ -49,9 +49,9 @@ module Hanami
         # @api private
         #
         # @see Hanami::Action#finish
-        def finish
+        def finish(_, res, _)
+          res.headers.merge!(self.class.cache_control_directives.headers) unless res.headers.include? HEADER
           super
-          headers.merge!(self.class.cache_control_directives.headers) unless headers.include? HEADER
         end
 
         # Class which stores CacheControl values

data/lib/hanami/action/cache/conditional_get.rb

@@ -1,5 +1,7 @@
+require "hanami/utils/blank"
+
 module Hanami
-  module Action
+  class Action
     module Cache
       # @since 0.3.0
       # @api private

data/lib/hanami/action/cache/directives.rb

@@ -1,5 +1,5 @@
 module Hanami
-  module Action
+  class Action
     module Cache
       # Cache-Control directives which have values
       #

data/lib/hanami/action/cache/expires.rb

@@ -1,7 +1,7 @@
 require 'hanami/action/cache/cache_control'
 
 module Hanami
-  module Action
+  class Action
     module Cache
       # Module with Expires logic
       #
@@ -49,9 +49,9 @@ module Hanami
         # @api private
         #
         # @see Hanami::Action#finish
-        def finish
+        def finish(_, res, _)
+          res.headers.merge!(self.class.expires_directives.headers) unless res.headers.include? HEADER
           super
-          headers.merge!(self.class.expires_directives.headers) unless headers.include? HEADER
         end
 
         # Class which stores Expires directives

data/lib/hanami/action/cache.rb

@@ -3,7 +3,7 @@ require 'hanami/action/cache/expires'
 require 'hanami/action/cache/conditional_get'
 
 module Hanami
-  module Action
+  class Action
     # Cache type API
     #
     # @since 0.3.0
@@ -26,144 +26,6 @@ module Hanami
           include CacheControl, Expires
         end
       end
-
-      protected
-
-      # Specify response freshness policy for HTTP caches (Cache-Control header).
-      # Any number of non-value directives (:public, :private, :no_cache,
-      # :no_store, :must_revalidate, :proxy_revalidate) may be passed along with
-      # a Hash of value directives (:max_age, :min_stale, :s_max_age).
-      #
-      # See RFC 2616 / 14.9 for more on standard cache control directives:
-      # http://tools.ietf.org/html/rfc2616#section-14.9.1
-      #
-      # @param values [Array<Symbols, Hash>] mapped to cache_control directives
-      # @option values [Symbol] :public
-      # @option values [Symbol] :private
-      # @option values [Symbol] :no_cache
-      # @option values [Symbol] :no_store
-      # @option values [Symbol] :must_validate
-      # @option values [Symbol] :proxy_revalidate
-      # @option values [Hash] :max_age
-      # @option values [Hash] :min_stale
-      # @option values [Hash] :s_max_age
-      #
-      # @return void
-      #
-      # @since 0.3.0
-      #
-      # @example
-      #   require 'hanami/controller'
-      #   require 'hanami/action/cache'
-      #
-      #   class Show
-      #     include Hanami::Action
-      #     include Hanami::Action::Cache
-      #
-      #     def call(params)
-      #       # ...
-      #
-      #       # set Cache-Control directives
-      #       cache_control :public, max_age: 900, s_maxage: 86400
-      #
-      #       # overwrite previous Cache-Control directives
-      #       cache_control :private, :no_cache, :no_store
-      #
-      #       => Cache-Control: private, no-store, max-age=900
-      #
-      #     end
-      #   end
-      def cache_control(*values)
-        cache_control = CacheControl::Directives.new(*values)
-        headers.merge!(cache_control.headers)
-      end
-
-      # Set the Expires header and Cache-Control/max-age directive. Amount
-      # can be an integer number of seconds in the future or a Time object
-      # indicating when the response should be considered "stale". The remaining
-      # "values" arguments are passed to the #cache_control helper:
-      #
-      # @param amount [Integer,Time] number of seconds or point in time
-      # @param values [Array<Symbols>] mapped to cache_control directives
-      #
-      # @return void
-      #
-      # @since 0.3.0
-      #
-      # @example
-      #   require 'hanami/controller'
-      #   require 'hanami/action/cache'
-      #
-      #   class Show
-      #     include Hanami::Action
-      #     include Hanami::Action::Cache
-      #
-      #     def call(params)
-      #       # ...
-      #
-      #       # set Cache-Control directives and Expires
-      #       expires 900, :public
-      #
-      #       # overwrite Cache-Control directives and Expires
-      #       expires 300, :private, :no_cache, :no_store
-      #
-      #       => Expires: Thu, 26 Jun 2014 12:00:00 GMT
-      #       => Cache-Control: private, no-cache, no-store max-age=300
-      #
-      #     end
-      #   end
-      def expires(amount, *values)
-        expires = Expires::Directives.new(amount, *values)
-        headers.merge!(expires.headers)
-      end
-
-      # Set the etag, last_modified, or both headers on the response
-      # and halts a 304 Not Modified if the request is still fresh
-      # respecting IfNoneMatch and IfModifiedSince request headers
-      #
-      # @param options [Hash]
-      # @option options [Integer] :etag for testing IfNoneMatch conditions
-      # @option options [Date] :last_modified for testing IfModifiedSince conditions
-      #
-      # @return void
-      #
-      # @since 0.3.0
-      #
-      # @example
-      #   require 'hanami/controller'
-      #   require 'hanami/action/cache'
-      #
-      #   class Show
-      #     include Hanami::Action
-      #     include Hanami::Action::Cache
-      #
-      #     def call(params)
-      #       # ...
-      #
-      #       # set etag response header and halt 304
-      #       # if request matches IF_NONE_MATCH header
-      #       fresh etag: @resource.updated_at.to_i
-      #
-      #       # set last_modified response header and halt 304
-      #       # if request matches IF_MODIFIED_SINCE
-      #       fresh last_modified: @resource.updated_at
-      #
-      #       # set etag and last_modified response header,
-      #       # halt 304 if request matches IF_MODIFIED_SINCE
-      #       # and IF_NONE_MATCH
-      #       fresh last_modified: @resource.updated_at
-      #
-      #     end
-      #   end
-      def fresh(options)
-        conditional_get = ConditionalGet.new(@_env, options)
-
-        headers.merge!(conditional_get.headers)
-
-        conditional_get.fresh? do
-          halt 304
-        end
-      end
     end
   end
 end