hanami-controller 2.0.0.alpha1 → 2.0.0.alpha2

data/lib/hanami/action/application_action.rb

@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+
+module Hanami
+  class Action
+    class ApplicationAction < Module
+      attr_reader :provider
+      attr_reader :application
+
+      def initialize(provider)
+        @provider = provider
+        @application = provider.respond_to?(:application) ? provider.application : Hanami.application
+      end
+
+      def included(action_class)
+        action_class.include InstanceMethods
+
+        define_initialize action_class
+        configure_action action_class
+        extend_behavior action_class
+      end
+
+      def inspect
+        "#<#{self.class.name}[#{provider.name}]>"
+      end
+
+      private
+
+      def define_initialize(action_class)
+        resolve_view = method(:resolve_paired_view)
+        resolve_context = method(:resolve_view_context)
+
+        define_method :initialize do |**deps|
+          # Conditionally assign these to repsect any explictly auto-injected
+          # dependencies provided by the class
+          @view ||= deps[:view] || resolve_view.(self.class)
+          @view_context ||= deps[:view_context] || resolve_context.()
+
+          super(**deps)
+        end
+      end
+
+      def resolve_view_context
+        identifier = application.config.actions.view_context_identifier
+
+        if provider.key?(identifier)
+          provider[identifier]
+        elsif application.key?(identifier)
+          application[identifier]
+        end
+      end
+
+      def resolve_paired_view(action_class)
+        view_identifiers = application.config.actions.view_name_inferrer.(
+          action_name: action_class.name,
+          provider: provider
+        )
+
+        view_identifiers.detect { |identifier|
+          break provider[identifier] if provider.key?(identifier)
+        }
+      end
+
+      def configure_action(action_class)
+        action_class.config.settings.each do |setting|
+          application_value = application.config.actions.public_send(:"#{setting}")
+          action_class.config.public_send :"#{setting}=", application_value
+        end
+      end
+
+      def extend_behavior(action_class)
+        if application.config.actions.csrf_protection
+          require "hanami/action/csrf_protection"
+          action_class.include Hanami::Action::CSRFProtection
+        end
+
+        if application.config.actions.cookies.enabled?
+          require "hanami/action/cookies"
+          action_class.include Hanami::Action::Cookies
+        end
+      end
+
+      module InstanceMethods
+        attr_reader :view
+        attr_reader :view_context
+
+        protected
+
+        def handle(request, response)
+          if view
+            response.render view, **request.params
+          end
+        end
+
+        private
+
+        def build_response(**options)
+          options = options.merge(view_options: method(:view_options))
+          super(**options)
+        end
+
+        def view_options(req, res)
+          {context: view_context&.with(**view_context_options(req, res))}.compact
+        end
+
+        def view_context_options(req, res)
+          {request: req, response: res}
+        end
+      end
+    end
+  end
+end

data/lib/hanami/action/application_configuration.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+require_relative "application_configuration/cookies"
+require_relative "application_configuration/sessions"
+require_relative "configuration"
+require_relative "view_name_inferrer"
+
+module Hanami
+  class Action
+    class ApplicationConfiguration
+      include Dry::Configurable
+
+      setting(:cookies, {}) { |options| Cookies.new(options) }
+      setting(:sessions) { |storage, *options| Sessions.new(storage, *options) }
+      setting :csrf_protection
+
+      setting :name_inference_base, "actions"
+      setting :view_context_identifier, "view.context"
+      setting :view_name_inferrer, ViewNameInferrer
+      setting :view_name_inference_base, "views"
+
+      def initialize(*)
+        super
+
+        @base_configuration = Configuration.new
+
+        configure_defaults
+      end
+
+      def finalize!
+        # A nil value for `csrf_protection` means it has not been explicitly configured
+        # (neither true nor false), so we can default it to whether sessions are enabled
+        self.csrf_protection = sessions.enabled? if csrf_protection.nil?
+      end
+
+      # Returns the list of available settings
+      #
+      # @return [Set]
+      #
+      # @since 2.0.0
+      # @api private
+      def settings
+        base_configuration.settings + self.class.settings
+      end
+
+      private
+
+      attr_reader :base_configuration
+
+      # Apply defaults for base configuration settings
+      def configure_defaults
+        self.default_request_format = :html
+        self.default_response_format = :html
+
+        self.default_headers = {
+          "X-Frame-Options" => "DENY",
+          "X-Content-Type-Options" => "nosniff",
+          "X-XSS-Protection" => "1; mode=block",
+          "Content-Security-Policy" => \
+            "base-uri 'self'; " \
+            "child-src 'self'; " \
+            "connect-src 'self'; " \
+            "default-src 'none'; " \
+            "font-src 'self'; " \
+            "form-action 'self'; " \
+            "frame-ancestors 'self'; " \
+            "frame-src 'self'; " \
+            "img-src 'self' https: data:; " \
+            "media-src 'self'; " \
+            "object-src 'none'; " \
+            "plugin-types application/pdf; " \
+            "script-src 'self'; " \
+            "style-src 'self' 'unsafe-inline' https:"
+        }
+      end
+
+      def method_missing(name, *args, &block)
+        if config.respond_to?(name)
+          config.public_send(name, *args, &block)
+        elsif base_configuration.respond_to?(name)
+          base_configuration.public_send(name, *args, &block)
+        else
+          super
+        end
+      end
+
+      def respond_to_missing?(name, _incude_all = false)
+        config.respond_to?(name) || base_configuration.respond_to?(name) || super
+      end
+    end
+  end
+end

data/lib/hanami/action/application_configuration/cookies.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Hanami
+  class Action
+    class ApplicationConfiguration
+      # Wrapper for application-level configuration of HTTP cookies for Hanami actions.
+      # This decorates the hash of cookie options that is otherwise directly configurable
+      # on actions, and adds the `enabled?` method to allow `ApplicationAction` to
+      # determine whether to include the `Action::Cookies` module.
+      #
+      # @since 2.0.0
+      class Cookies
+        attr_reader :options
+
+        def initialize(options)
+          @options = options
+        end
+
+        def enabled?
+          !options.nil?
+        end
+
+        def to_h
+          options.to_h
+        end
+      end
+    end
+  end
+end

data/lib/hanami/action/application_configuration/sessions.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require "dry/core/constants"
+require "hanami/utils/string"
+require "hanami/utils/class"
+
+module Hanami
+  class Action
+    class ApplicationConfiguration
+      # Configuration for HTTP sessions in Hanami actions
+      #
+      # @since 2.0.0
+      class Sessions
+        attr_reader :storage, :options
+
+        def initialize(storage = nil, *options)
+          @storage = storage
+          @options = options
+        end
+
+        def enabled?
+          !storage.nil?
+        end
+
+        def middleware
+          return [] if !enabled?
+
+          [[storage_middleware, options]]
+        end
+
+        private
+
+        def storage_middleware
+          require_storage
+
+          name = Utils::String.classify(storage)
+          Utils::Class.load!(name, ::Rack::Session)
+        end
+
+        def require_storage
+          require "rack/session/#{storage}"
+        end
+      end
+    end
+  end
+end

data/lib/hanami/action/cache/conditional_get.rb

@@ -69,7 +69,10 @@ module Hanami
         # @since 0.3.0
         # @api private
         def fresh?
-          !Hanami::Utils::Blank.blank?(modified_since) && Time.httpdate(modified_since).to_i >= @value.to_time.to_i
+          return false if Hanami::Utils::Blank.blank?(modified_since)
+          return false if Hanami::Utils::Blank.blank?(@value)
+
+          Time.httpdate(modified_since).to_i >= @value.to_time.to_i
         end
 
         # @since 0.3.0

data/lib/hanami/action/configuration.rb

@@ -0,0 +1,430 @@
+# frozen_string_literal: true
+
+require "dry/configurable"
+require "hanami/utils/kernel"
+require "pathname"
+require_relative "mime"
+
+module Hanami
+  class Action
+    class Configuration
+      include Dry::Configurable
+
+      # Initialize the Configuration
+      #
+      # @yield [config] the configuration object
+      #
+      # @return [Configuration]
+      #
+      # @since 2.0.0
+      # @api private
+      def initialize(*)
+        super
+        yield self if block_given?
+      end
+
+      # Returns the list of available settings
+      #
+      # @return [Set]
+      #
+      # @since 2.0.0
+      # @api private
+      def settings
+        self.class.settings
+      end
+
+      # @!method handled_exceptions=(exceptions)
+      #
+      #   Specifies how to handle exceptions with an HTTP status
+      #
+      #   Raised exceptions will return the corresponding HTTP status
+      #
+      #   @param exceptions [Hash{Exception=>Integer}] exception classes as
+      #     keys and HTTP statuses as values
+      #
+      #   @return [void]
+      #
+      #   @since 0.2.0
+      #
+      #   @example
+      #     configuration.handled_exceptions = {ArgumentError => 400}
+      #
+      # @!method handled_exceptions
+      #
+      #   Returns the configured handled exceptions
+      #
+      #   @return [Hash{Exception=>Integer}]
+      #
+      #   @see handled_exceptions=
+      #
+      #   @since 0.2.0
+      setting :handled_exceptions, {}
+
+      # Specifies how to handle exceptions with an HTTP status
+      #
+      # Raised exceptions will return the corresponding HTTP status
+      #
+      # The specified exceptions will be merged with any previously configured
+      # exceptions
+      #
+      # @param exceptions [Hash{Exception=>Integer}] exception classes as keys
+      #   and HTTP statuses as values
+      #
+      # @return [void]
+      #
+      # @since 0.2.0
+      #
+      # @see handled_exceptions=
+      #
+      # @example
+      #   configuration.handle_exceptions(ArgumentError => 400}
+      def handle_exception(exceptions)
+        self.handled_exceptions = handled_exceptions
+          .merge(exceptions)
+          .sort { |(ex1, _), (ex2, _)| ex1.ancestors.include?(ex2) ? -1 : 1 }
+          .to_h
+      end
+
+      # Default MIME type to format mapping
+      #
+      # @since 0.2.0
+      # @api private
+      DEFAULT_FORMATS = {
+        'application/octet-stream' => :all,
+        '*/*'                      => :all,
+        'text/html'                => :html
+      }.freeze
+
+      # @!method formats=(formats)
+      #
+      #   Specifies the MIME type to format mapping
+      #
+      #   @param formats [Hash{String=>Symbol}] MIME type strings as keys and
+      #     format symbols as values
+      #
+      #   @return [void]
+      #
+      #   @since 0.2.0
+      #
+      #   @see format
+      #   @see Hanami::Action::Mime
+      #
+      #   @example
+      #     configuration.formats = {"text/html" => :html}
+      #
+      # @!method formats
+      #
+      #   Returns the configured MIME type to format mapping
+      #
+      #   @return [Symbol,nil] the corresponding format, if present
+      #
+      #   @see format
+      #   @see formats=
+      #
+      #   @since 0.2.0
+      setting :formats, DEFAULT_FORMATS.dup
+
+      # Registers a MIME type to format mapping
+      #
+      # @param hash [Hash{Symbol=>String}] format symbols as keys and the MIME
+      #   type strings must as values
+      #
+      # @return [void]
+      #
+      # @since 0.2.0
+      #
+      # @see Hanami::Action::Mime
+      #
+      # @example configuration.format html: "text/html"
+      def format(hash)
+        symbol, mime_type = *Utils::Kernel.Array(hash)
+        formats[Utils::Kernel.String(mime_type)] = Utils::Kernel.Symbol(symbol)
+      end
+
+      # Returns the configured format for the given MIME type
+      #
+      # @param mime_type [#to_s,#to_str] A mime type
+      #
+      # @return [Symbol,nil] the corresponding format, nil if not found
+      #
+      # @see format
+      #
+      # @since 0.2.0
+      # @api private
+      def format_for(mime_type)
+        formats[mime_type]
+      end
+
+      # Returns the configured format's MIME types
+      #
+      # @return [Array<String>] the format's MIME types
+      #
+      # @see formats=
+      # @see format
+      #
+      # @since 0.8.0
+      #
+      # @api private
+      def mime_types
+        # FIXME: this isn't efficient. speed it up!
+        ((formats.keys - DEFAULT_FORMATS.keys) +
+          Hanami::Action::Mime::TYPES.values).freeze
+      end
+
+      # Returns a MIME type for the given format
+      #
+      # @param format [#to_sym] a format
+      #
+      # @return [String,nil] the corresponding MIME type, if present
+      #
+      # @since 0.2.0
+      # @api private
+      def mime_type_for(format)
+        formats.key(format)
+      end
+
+      # @!method default_request_format=(format)
+      #
+      #   Sets a format as default fallback for all the requests without a strict
+      #   requirement for the MIME type.
+      #
+      #   The given format must be coercible to a symbol, and be a valid MIME
+      #   type alias. If it isn't, at runtime the framework will raise an
+      #   `Hanami::Controller::UnknownFormatError`.
+      #
+      #   By default, this value is nil.
+      #
+      #   @param format [Symbol]
+      #
+      #   @return [void]
+      #
+      #   @since 0.5.0
+      #
+      #   @see Hanami::Action::Mime
+      #
+      # @!method default_request_format
+      #
+      #   Returns the configured default request format
+      #
+      #   @return [Symbol] format
+      #
+      #   @see default_request_format=
+      #
+      #   @since 0.5.0
+      setting :default_request_format do |format|
+        Utils::Kernel.Symbol(format) unless format.nil?
+      end
+
+      # @!method default_response_format=(format)
+      #
+      #   Sets a format to be used for all responses regardless of the request
+      #   type.
+      #
+      #   The given format must be coercible to a symbol, and be a valid MIME
+      #   type alias. If it isn't, at the runtime the framework will raise an
+      #   `Hanami::Controller::UnknownFormatError`.
+      #
+      #   By default, this value is nil.
+      #
+      #   @param format [Symbol]
+      #
+      #   @return [void]
+      #
+      #   @since 0.5.0
+      #
+      #   @see Hanami::Action::Mime
+      #
+      # @!method default_response_format
+      #
+      #   Returns the configured default response format
+      #
+      #   @return [Symbol] format
+      #
+      #   @see default_request_format=
+      #
+      #   @since 0.5.0
+      setting :default_response_format do |format|
+        Utils::Kernel.Symbol(format) unless format.nil?
+      end
+
+      # @!method default_charset=(charset)
+      #
+      #   Sets a charset (character set) as default fallback for all the requests
+      #   without a strict requirement for the charset.
+      #
+      #   By default, this value is nil.
+      #
+      #   @param charset [String]
+      #
+      #   @return [void]
+      #
+      #   @since 0.3.0
+      #
+      #   @see Hanami::Action::Mime
+      #
+      # @!method default_charset
+      #
+      #   Returns the configured default charset.
+      #
+      #   @return [String,nil] the charset, if present
+      #
+      #   @see default_charset=
+      #
+      #   @since 0.3.0
+      setting :default_charset
+
+      # @!method default_headers=(headers)
+      #
+      #   Sets default headers for all responses.
+      #
+      #   By default, this is an empty hash.
+      #
+      #   @param headers [Hash{String=>String}] the headers
+      #
+      #   @return [void]
+      #
+      #   @since 0.4.0
+      #
+      #   @see default_headers
+      #
+      #   @example
+      #     configuration.default_headers = {'X-Frame-Options' => 'DENY'}
+      #
+      # @!method default_headers
+      #
+      #   Returns the configured headers
+      #
+      #   @return [Hash{String=>String}] the headers
+      #
+      #   @since 0.4.0
+      #
+      #   @see default_headers=
+      setting :default_headers, {} do |headers|
+        headers.compact
+      end
+
+      # @!method cookies=(cookie_options)
+      #
+      #   Sets default cookie options for all responses.
+      #
+      #   By default this, is an empty hash.
+      #
+      #   @param cookie_options [Hash{Symbol=>String}] the cookie options
+      #
+      #   @return [void]
+      #
+      #   @since 0.4.0
+      #
+      #   @example
+      #     configuration.cookies = {
+      #       domain: 'hanamirb.org',
+      #       path: '/controller',
+      #       secure: true,
+      #       httponly: true
+      #     }
+      #
+      # @!method cookies
+      #
+      #   Returns the configured cookie options
+      #
+      #   @return [Hash{Symbol=>String}]
+      #
+      #   @since 0.4.0
+      #
+      #   @see cookies=
+      setting :cookies, {} do |cookie_options|
+        # Call `to_h` here to permit `ApplicationConfiguration::Cookies` object to be
+        # provided when application actions are configured
+        cookie_options.to_h.compact
+      end
+
+      # @!method root_directory=(dir)
+      #
+      #   Sets the the for the public directory, which is used for file downloads.
+      #   This must be an existent directory.
+      #
+      #   Defaults to the current working directory.
+      #
+      #   @param dir [String] the directory path
+      #
+      #   @return [void]
+      #
+      #   @since 1.0.0
+      #
+      #   @api private
+      #
+      # @!method root_directory
+      #
+      #   Returns the configured root directory
+      #
+      #   @return [String] the directory path
+      #
+      #   @see root_directory=
+      #
+      #   @since 1.0.0
+      #
+      #   @api private
+      setting :root_directory do |dir|
+        dir ||= Dir.pwd
+
+        Pathname(dir).realpath
+      end
+
+      # Default public directory
+      #
+      # This serves as the root directory for file downloads
+      #
+      # @since 1.0.0
+      #
+      # @api private
+      DEFAULT_PUBLIC_DIRECTORY = 'public'.freeze
+
+      # @!method public_directory=(directory)
+      #
+      #   Sets the path to public directory. This directory is used for file downloads.
+      #
+      #   This given directory will be appended onto the root directory.
+      #
+      #   By default, the public directory is "public".
+      #
+      #   @param directory [String] the public directory path
+      #
+      #   @return [void]
+      #
+      #   @see root_directory
+      #   @see public_directory
+      setting :public_directory, DEFAULT_PUBLIC_DIRECTORY
+
+      # Returns the configured public directory, appended onto the root directory.
+      #
+      # @return [String] the fill directory path
+      #
+      # @example
+      #   configuration.public_directory = "public"
+      #
+      #   configuration.public_directory
+      #   # => "/path/to/root/public"
+      #
+      # @see public_directory=
+      # @see root_directory=
+      def public_directory
+        # This must be a string, for Rack compatibility
+        root_directory.join(super).to_s
+      end
+
+      private
+
+      def method_missing(name, *args, &block)
+        if config.respond_to?(name)
+          config.public_send(name, *args, &block)
+        else
+          super
+        end
+      end
+
+      def respond_to_missing?(name, _incude_all = false)
+        config.respond_to?(name) || super
+      end
+    end
+  end
+end