hanami-controller 2.0.0.alpha2 → 2.0.0.alpha6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d159c89cbe6b24762a475776ae1585e76925c8f26501c6334c908893624587e5
-  data.tar.gz: b5f4b394c5337ae9b46f2482f86f69aaf151dbaee9cd2ac95be15f69a12ce65a
+  metadata.gz: 4f14c59426ea7017dc546100e0443d17d5f63362cd4b6f1546adfb18ae6bd4e3
+  data.tar.gz: 62fafda341ad801430ab2575df6a28b6a9848a71739c977e481fe8fa00dbadfc
 SHA512:
-  metadata.gz: aac599272b21e8ca56b2c519b93a47593dc126d442be727d87b4e8884e1c2da3d349d480399e1ed781560acb9e450e24b1985fbcd7083d65d79fb8573c3db606
-  data.tar.gz: 75beecc46dce543367e7869887cda80937c2d838a65996f9bd831e56dfade6fa1ccccc03c7c0a0ace5aad833e26db10638e6c51e869b70cb6dc95abd351b7000
+  metadata.gz: a51c5a37c6961bff7d1c3c30906cc2e072029e6d0b4ec5782ef92d592ed4f8b247807b9aabd803004afb31fd2f23900bb8a34c9d29bc1515e30e0caba4b3318a
+  data.tar.gz: b69d515d608fbaf545e7d2d4e6d19fbd6d305bc10bcc0a2208dc6e740389eb7188514112028d02dd3d8e6729192eed95305b7ec3a09cdd77039b55ac5d054083

data/CHANGELOG.md

@@ -1,6 +1,32 @@
 # Hanami::Controller
 Complete, fast and testable actions for Rack
 
+## v2.0.0.alpha6 - 2022-02-10
+### Added
+- [Luca Guidi] Official support for Ruby: MRI 3.1
+
+### Changed
+- [Luca Guidi] Drop support for Ruby: MRI 2.6, and 2.7.
+- [Sean Collins] Align with Rack list of HTTP supported status. Added: `103`, `306`, `421`, `425`, `451`, and `509`. Removed: `418`, `420`, `444`, `449`, `450`, `451`, `499`, `598`, `599`.
+
+## v2.0.0.alpha5 - 2022-01-12
+### Added
+- [Philip Arndt] Added "rss" ("application/rss+xml") to list of supported MIME types
+
+## v2.0.0.alpha4 - 2021-12-07
+### Added
+- [Luca Guidi] Manage Content Security Policy (CSP) defaults and new API via `Hanami::Action::ApplicationConfiguration#content_security_policy`
+- [Tim Riley & Marc Busqué] Provide access to routes inside all application actions via `Hanami::Action::ApplicationAction#routes`
+
+## v2.0.0.alpha3 - 2021-11-09
+### Added
+- [Luca Guidi] Automatically include session behavior in `Hanami::Action` when sessions are enabled via Hanami application config
+- [Sean Collins] Pass exposures from action to view
+
+### Changed
+- [Tim Riley] (Internal) Updated settings to use updated `setting` API in dry-configurable 0.13.0
+- [Sean Collins] Move automatic view rendering from `handle` to `finish`
+
 ## v2.0.0.alpha2 - 2021-05-04
 ### Added
 - [Luca Guidi] Official support for Ruby: MRI 3.0

data/README.md

@@ -2,11 +2,15 @@
 
 Complete, fast and testable actions for Rack and [Hanami](http://hanamirb.org)
 
+## Version
+
+**This branch contains the code for `hanami-controller` 2.x.**
+
 ## Status
 
 [![Gem Version](https://badge.fury.io/rb/hanami-controller.svg)](https://badge.fury.io/rb/hanami-controller)
-[![CI](https://github.com/hanami/controller/workflows/ci/badge.svg?branch=unstable)](https://github.com/hanami/controller/actions?query=workflow%3Aci+branch%3Aunstable)
-[![Test Coverage](https://codecov.io/gh/hanami/controller/branch/unstable/graph/badge.svg)](https://codecov.io/gh/hanami/controller)
+[![CI](https://github.com/hanami/controller/workflows/ci/badge.svg?branch=main)](https://github.com/hanami/controller/actions?query=workflow%3Aci+branch%3Amain)
+[![Test Coverage](https://codecov.io/gh/hanami/controller/branch/main/graph/badge.svg)](https://codecov.io/gh/hanami/controller)
 [![Depfu](https://badges.depfu.com/badges/7cd17419fba78b726be1353118fb01de/overview.svg)](https://depfu.com/github/hanami/controller?project=Bundler)
 [![Inline Docs](http://inch-ci.org/github/hanami/controller.svg)](http://inch-ci.org/github/hanami/controller)
 
@@ -22,7 +26,7 @@ Complete, fast and testable actions for Rack and [Hanami](http://hanamirb.org)
 
 ## Rubies
 
-__Hanami::Controller__ supports Ruby (MRI) 2.5+
+__Hanami::Controller__ supports Ruby (MRI) 3.0+
 
 ## Installation
 
@@ -963,6 +967,4 @@ __Hanami::Controller__ uses [Semantic Versioning 2.0.0](http://semver.org)
 
 ## Copyright
 
-Copyright © 2014-2021 Luca Guidi – Released under MIT License
-
-This project was formerly known as Lotus (`lotus-controller`).
+Copyright © 2014-2022 Hanami Team – Released under MIT License

data/hanami-controller.gemspec

@@ -17,11 +17,12 @@ Gem::Specification.new do |spec|
   spec.executables   = []
   spec.test_files    = spec.files.grep(%r{^(spec)/})
   spec.require_paths = ['lib']
-  spec.required_ruby_version = '>= 2.6.0'
+  spec.metadata["rubygems_mfa_required"] = "true"
+  spec.required_ruby_version = '>= 3.0'
 
   spec.add_dependency 'rack',         '~> 2.0'
   spec.add_dependency 'hanami-utils', '~> 2.0.alpha'
-  spec.add_dependency 'dry-configurable', '~> 0.12'
+  spec.add_dependency 'dry-configurable', '~> 0.13', '>= 0.13.0'
 
   spec.add_development_dependency 'bundler',   '>= 1.6', '< 3'
   spec.add_development_dependency 'rack-test', '~> 1.0'

data/lib/hanami/action/application_action.rb

@@ -14,7 +14,7 @@ module Hanami
       def included(action_class)
         action_class.include InstanceMethods
 
-        define_initialize action_class
+        define_initialize
         configure_action action_class
         extend_behavior action_class
       end
@@ -25,20 +25,33 @@ module Hanami
 
       private
 
-      def define_initialize(action_class)
+      def define_initialize
         resolve_view = method(:resolve_paired_view)
         resolve_context = method(:resolve_view_context)
+        resolve_routes = method(:resolve_routes)
 
         define_method :initialize do |**deps|
           # Conditionally assign these to repsect any explictly auto-injected
           # dependencies provided by the class
           @view ||= deps[:view] || resolve_view.(self.class)
           @view_context ||= deps[:view_context] || resolve_context.()
+          @routes ||= deps[:routes] || resolve_routes.()
 
           super(**deps)
         end
       end
 
+      def resolve_paired_view(action_class)
+        view_identifiers = application.config.actions.view_name_inferrer.(
+          action_name: action_class.name,
+          provider: provider
+        )
+
+        view_identifiers.detect { |identifier|
+          break provider[identifier] if provider.key?(identifier)
+        }
+      end
+
       def resolve_view_context
         identifier = application.config.actions.view_context_identifier
 
@@ -49,15 +62,8 @@ module Hanami
         end
       end
 
-      def resolve_paired_view(action_class)
-        view_identifiers = application.config.actions.view_name_inferrer.(
-          action_name: action_class.name,
-          provider: provider
-        )
-
-        view_identifiers.detect { |identifier|
-          break provider[identifier] if provider.key?(identifier)
-        }
+      def resolve_routes
+        application[:routes_helper] if application.key?(:routes_helper)
       end
 
       def configure_action(action_class)
@@ -68,6 +74,11 @@ module Hanami
       end
 
       def extend_behavior(action_class)
+        if application.config.actions.sessions.enabled?
+          require "hanami/action/session"
+          action_class.include Hanami::Action::Session
+        end
+
         if application.config.actions.csrf_protection
           require "hanami/action/csrf_protection"
           action_class.include Hanami::Action::CSRFProtection
@@ -82,16 +93,7 @@ module Hanami
       module InstanceMethods
         attr_reader :view
         attr_reader :view_context
-
-        protected
-
-        def handle(request, response)
-          if view
-            response.render view, **request.params
-          end
-        end
-
-        private
+        attr_reader :routes
 
         def build_response(**options)
           options = options.merge(view_options: method(:view_options))
@@ -105,6 +107,24 @@ module Hanami
         def view_context_options(req, res)
           {request: req, response: res}
         end
+
+        def finish(req, res, halted)
+          res.render(view, **req.params) if render?(res)
+          super
+        end
+
+        # Decide whether to render the current response with the associated view.
+        # This can be overridden to enable/disable automatic rendering.
+        #
+        # @param res [Hanami::Action::Response]
+        #
+        # @return [TrueClass,FalseClass]
+        #
+        # @since 2.0.0
+        # @api public
+        def render?(res)
+          view && res.body.empty?
+        end
       end
     end
   end

data/lib/hanami/action/application_configuration/content_security_policy.rb

@@ -0,0 +1,118 @@
+# frozen_string_literal: true
+
+module Hanami
+  class Action
+    class ApplicationConfiguration
+      # Configuration for Content Security Policy in Hanami applications
+      #
+      # @since 2.0.0
+      class ContentSecurityPolicy
+        # @since 2.0.0
+        # @api private
+        def initialize(&blk)
+          @policy = {
+            base_uri: "'self'",
+            child_src: "'self'",
+            connect_src: "'self'",
+            default_src: "'none'",
+            font_src: "'self'",
+            form_action: "'self'",
+            frame_ancestors: "'self'",
+            frame_src: "'self'",
+            img_src: "'self' https: data:",
+            media_src: "'self'",
+            object_src: "'none'",
+            plugin_types: "application/pdf",
+            script_src: "'self'",
+            style_src: "'self' 'unsafe-inline' https:"
+          }
+
+          blk&.(self)
+        end
+
+        # @since 2.0.0
+        # @api private
+        def initialize_copy(original_object)
+          @policy = original_object.instance_variable_get(:@policy).dup
+          super
+        end
+
+        # Get a CSP setting
+        #
+        # @param key [Symbol] the underscored name of the CPS setting
+        # @return [String,NilClass] the CSP setting, if any
+        #
+        # @since 2.0.0
+        # @api public
+        #
+        # @example
+        #   module MyApp
+        #     class Application < Hanami::Application
+        #       config.actions.content_security_policy[:base_uri] # => "'self'"
+        #     end
+        #   end
+        def [](key)
+          @policy[key]
+        end
+
+        # Set a CSP setting
+        #
+        # @param key [Symbol] the underscored name of the CPS setting
+        # @param value [String] the CSP setting value
+        #
+        # @since 2.0.0
+        # @api public
+        #
+        # @example Replace a default value
+        #   module MyApp
+        #     class Application < Hanami::Application
+        #       config.actions.content_security_policy[:plugin_types] = nil
+        #     end
+        #   end
+        #
+        # @example Append to a default value
+        #   module MyApp
+        #     class Application < Hanami::Application
+        #       config.actions.content_security_policy[:script_src] += " https://my.cdn.test"
+        #     end
+        #   end
+        def []=(key, value)
+          @policy[key] = value
+        end
+
+        # Deletes a CSP key
+        #
+        # @param key [Symbol] the underscored name of the CPS setting
+        #
+        # @since 2.0.0
+        # @api public
+        #
+        # @example
+        #   module MyApp
+        #     class Application < Hanami::Application
+        #       config.actions.content_security_policy.delete(:object_src)
+        #     end
+        #   end
+        def delete(key)
+          @policy.delete(key)
+        end
+
+        # @since 2.0.0
+        # @api private
+        def to_str
+          @policy.map do |key, value|
+            "#{dasherize(key)} #{value}"
+          end.join(";\n")
+        end
+
+        private
+
+        # @since 2.0.0
+        # @api private
+        def dasherize(key)
+          key.to_s.gsub("_", "-")
+        end
+      end
+    end
+  end
+end

data/lib/hanami/action/application_configuration.rb

@@ -2,6 +2,7 @@
 
 require_relative "application_configuration/cookies"
 require_relative "application_configuration/sessions"
+require_relative "application_configuration/content_security_policy"
 require_relative "configuration"
 require_relative "view_name_inferrer"
 
@@ -10,19 +11,27 @@ module Hanami
     class ApplicationConfiguration
       include Dry::Configurable
 
-      setting(:cookies, {}) { |options| Cookies.new(options) }
-      setting(:sessions) { |storage, *options| Sessions.new(storage, *options) }
+      setting :cookies, default: {}, constructor: -> options { Cookies.new(options) }
+      setting :sessions, constructor: proc { |storage, *options| Sessions.new(storage, *options) }
       setting :csrf_protection
 
-      setting :name_inference_base, "actions"
-      setting :view_context_identifier, "view.context"
-      setting :view_name_inferrer, ViewNameInferrer
-      setting :view_name_inference_base, "views"
+      setting :name_inference_base, default: "actions"
+      setting :view_context_identifier, default: "view.context"
+      setting :view_name_inferrer, default: ViewNameInferrer
+      setting :view_name_inference_base, default: "views"
 
-      def initialize(*)
-        super
+      attr_accessor :content_security_policy
+
+      def initialize(*, **options)
+        super()
 
         @base_configuration = Configuration.new
+        @content_security_policy = ContentSecurityPolicy.new do |csp|
+          if assets_server_url = options[:assets_server_url]
+            csp[:script_src] += " #{assets_server_url}"
+            csp[:style_src] += " #{assets_server_url}"
+          end
+        end
 
         configure_defaults
       end
@@ -31,6 +40,10 @@ module Hanami
         # A nil value for `csrf_protection` means it has not been explicitly configured
         # (neither true nor false), so we can default it to whether sessions are enabled
         self.csrf_protection = sessions.enabled? if csrf_protection.nil?
+
+        if self.content_security_policy
+          self.default_headers["Content-Security-Policy"] = self.content_security_policy.to_str
+        end
       end
 
       # Returns the list of available settings
@@ -55,22 +68,7 @@ module Hanami
         self.default_headers = {
           "X-Frame-Options" => "DENY",
           "X-Content-Type-Options" => "nosniff",
-          "X-XSS-Protection" => "1; mode=block",
-          "Content-Security-Policy" => \
-            "base-uri 'self'; " \
-            "child-src 'self'; " \
-            "connect-src 'self'; " \
-            "default-src 'none'; " \
-            "font-src 'self'; " \
-            "form-action 'self'; " \
-            "frame-ancestors 'self'; " \
-            "frame-src 'self'; " \
-            "img-src 'self' https: data:; " \
-            "media-src 'self'; " \
-            "object-src 'none'; " \
-            "plugin-types application/pdf; " \
-            "script-src 'self'; " \
-            "style-src 'self' 'unsafe-inline' https:"
+          "X-XSS-Protection" => "1; mode=block"
         }
       end
 

data/lib/hanami/action/configuration.rb

@@ -58,7 +58,7 @@ module Hanami
       #   @see handled_exceptions=
       #
       #   @since 0.2.0
-      setting :handled_exceptions, {}
+      setting :handled_exceptions, default: {}
 
       # Specifies how to handle exceptions with an HTTP status
       #
@@ -122,7 +122,7 @@ module Hanami
       #   @see formats=
       #
       #   @since 0.2.0
-      setting :formats, DEFAULT_FORMATS.dup
+      setting :formats, default: DEFAULT_FORMATS.dup
 
       # Registers a MIME type to format mapping
       #
@@ -211,9 +211,9 @@ module Hanami
       #   @see default_request_format=
       #
       #   @since 0.5.0
-      setting :default_request_format do |format|
+      setting :default_request_format, constructor: -> format {
         Utils::Kernel.Symbol(format) unless format.nil?
-      end
+      }
 
       # @!method default_response_format=(format)
       #
@@ -243,9 +243,9 @@ module Hanami
       #   @see default_request_format=
       #
       #   @since 0.5.0
-      setting :default_response_format do |format|
+      setting :default_response_format, constructor: -> format {
         Utils::Kernel.Symbol(format) unless format.nil?
-      end
+      }
 
       # @!method default_charset=(charset)
       #
@@ -299,9 +299,7 @@ module Hanami
       #   @since 0.4.0
       #
       #   @see default_headers=
-      setting :default_headers, {} do |headers|
-        headers.compact
-      end
+      setting :default_headers, default: {}, constructor: -> headers { headers.compact }
 
       # @!method cookies=(cookie_options)
       #
@@ -332,11 +330,11 @@ module Hanami
       #   @since 0.4.0
       #
       #   @see cookies=
-      setting :cookies, {} do |cookie_options|
+      setting :cookies, default: {}, constructor: -> cookie_options {
         # Call `to_h` here to permit `ApplicationConfiguration::Cookies` object to be
         # provided when application actions are configured
         cookie_options.to_h.compact
-      end
+      }
 
       # @!method root_directory=(dir)
       #
@@ -364,11 +362,11 @@ module Hanami
       #   @since 1.0.0
       #
       #   @api private
-      setting :root_directory do |dir|
+      setting :root_directory, constructor: -> dir {
         dir ||= Dir.pwd
 
         Pathname(dir).realpath
-      end
+      }
 
       # Default public directory
       #
@@ -393,7 +391,7 @@ module Hanami
       #
       #   @see root_directory
       #   @see public_directory
-      setting :public_directory, DEFAULT_PUBLIC_DIRECTORY
+      setting :public_directory, default: DEFAULT_PUBLIC_DIRECTORY
 
       # Returns the configured public directory, appended onto the root directory.
       #

data/lib/hanami/action/mime.rb

@@ -57,6 +57,7 @@ module Hanami
         pgp: 'application/pgp-encrypted',
         png: 'image/png',
         psd: 'image/vnd.adobe.photoshop',
+        rss: 'application/rss+xml',
         rtf: 'application/rtf',
         sh: 'application/x-sh',
         svg: 'image/svg+xml',

data/lib/hanami/action/response.rb

@@ -76,7 +76,7 @@ module Hanami
       end
 
       def render(view, **options)
-        self.body = view.(**view_options.(request, self), **options).to_str
+        self.body = view.(**view_options.(request, self), **exposures.merge(options)).to_str
       end
 
       def format=(args)

data/lib/hanami/action/standalone_action.rb

@@ -553,15 +553,12 @@ module Hanami
 
         # Finalize the response
         #
-        # This method is abstract and COULD be implemented by included modules in
-        # order to prepare their data before the response will be returned to the
-        # webserver.
+        # Prepare the data before the response will be returned to the webserver
         #
         # @since 0.1.0
         # @api private
         # @abstract
         #
-        # @see Hanami::Action::Callable#finish
         # @see Hanami::Action::Session#finish
         # @see Hanami::Action::Cookies#finish
         # @see Hanami::Action::Cache#finish

data/lib/hanami/controller/version.rb

@@ -3,6 +3,6 @@ module Hanami
     # Defines the version
     #
     # @since 0.1.0
-    VERSION = '2.0.0.alpha2'.freeze
+    VERSION = '2.0.0.alpha6'.freeze
   end
 end

data/lib/hanami/http/status.rb

@@ -11,23 +11,7 @@ module Hanami
       #
       # @since 0.1.0
       # @api private
-      ALL = ::Rack::Utils::HTTP_STATUS_CODES.dup.merge({
-        103 => 'Checkpoint',
-        122 => 'Request-URI too long',
-        413 => 'Payload Too Large',                            # Rack 1.5 compat
-        414 => 'URI Too Long',                                 # Rack 1.5 compat
-        416 => 'Range Not Satisfiable',                        # Rack 1.5 compat
-        418 => 'I\'m a teapot',
-        420 => 'Enhance Your Calm',
-        444 => 'No Response',
-        449 => 'Retry With',
-        450 => 'Blocked by Windows Parental Controls',
-        451 => 'Wrong Exchange server',
-        499 => 'Client Closed Request',
-        506 => 'Variant Also Negotiates',                      # Rack 1.5 compat
-        598 => 'Network read timeout error',
-        599 => 'Network connect timeout error'
-      }).freeze
+      ALL = ::Rack::Utils::HTTP_STATUS_CODES
 
       # Return a status for the given code
       #

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hanami-controller
 version: !ruby/object:Gem::Version
-  version: 2.0.0.alpha2
+  version: 2.0.0.alpha6
 platform: ruby
 authors:
 - Luca Guidi
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-04 00:00:00.000000000 Z
+date: 2022-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -44,14 +44,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.12'
+        version: '0.13'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.13.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.12'
+        version: '0.13'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.13.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -128,6 +134,7 @@ files:
 - lib/hanami/action.rb
 - lib/hanami/action/application_action.rb
 - lib/hanami/action/application_configuration.rb
+- lib/hanami/action/application_configuration/content_security_policy.rb
 - lib/hanami/action/application_configuration/cookies.rb
 - lib/hanami/action/application_configuration/sessions.rb
 - lib/hanami/action/base_params.rb
@@ -159,7 +166,8 @@ files:
 homepage: http://hanamirb.org
 licenses:
 - MIT
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -168,14 +176,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.6.0
+      version: '3.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">"
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubygems_version: 3.2.4
+rubygems_version: 3.3.3
 signing_key:
 specification_version: 4
 summary: Complete, fast and testable actions for Rack and Hanami