hanami-controller 2.0.0.alpha6 → 2.0.0.alpha8

data/lib/hanami/action/application_action.rb

@@ -1,131 +0,0 @@
-# frozen_string_literal: true
-
-module Hanami
-  class Action
-    class ApplicationAction < Module
-      attr_reader :provider
-      attr_reader :application
-
-      def initialize(provider)
-        @provider = provider
-        @application = provider.respond_to?(:application) ? provider.application : Hanami.application
-      end
-
-      def included(action_class)
-        action_class.include InstanceMethods
-
-        define_initialize
-        configure_action action_class
-        extend_behavior action_class
-      end
-
-      def inspect
-        "#<#{self.class.name}[#{provider.name}]>"
-      end
-
-      private
-
-      def define_initialize
-        resolve_view = method(:resolve_paired_view)
-        resolve_context = method(:resolve_view_context)
-        resolve_routes = method(:resolve_routes)
-
-        define_method :initialize do |**deps|
-          # Conditionally assign these to repsect any explictly auto-injected
-          # dependencies provided by the class
-          @view ||= deps[:view] || resolve_view.(self.class)
-          @view_context ||= deps[:view_context] || resolve_context.()
-          @routes ||= deps[:routes] || resolve_routes.()
-
-          super(**deps)
-        end
-      end
-
-      def resolve_paired_view(action_class)
-        view_identifiers = application.config.actions.view_name_inferrer.(
-          action_name: action_class.name,
-          provider: provider
-        )
-
-        view_identifiers.detect { |identifier|
-          break provider[identifier] if provider.key?(identifier)
-        }
-      end
-
-      def resolve_view_context
-        identifier = application.config.actions.view_context_identifier
-
-        if provider.key?(identifier)
-          provider[identifier]
-        elsif application.key?(identifier)
-          application[identifier]
-        end
-      end
-
-      def resolve_routes
-        application[:routes_helper] if application.key?(:routes_helper)
-      end
-
-      def configure_action(action_class)
-        action_class.config.settings.each do |setting|
-          application_value = application.config.actions.public_send(:"#{setting}")
-          action_class.config.public_send :"#{setting}=", application_value
-        end
-      end
-
-      def extend_behavior(action_class)
-        if application.config.actions.sessions.enabled?
-          require "hanami/action/session"
-          action_class.include Hanami::Action::Session
-        end
-
-        if application.config.actions.csrf_protection
-          require "hanami/action/csrf_protection"
-          action_class.include Hanami::Action::CSRFProtection
-        end
-
-        if application.config.actions.cookies.enabled?
-          require "hanami/action/cookies"
-          action_class.include Hanami::Action::Cookies
-        end
-      end
-
-      module InstanceMethods
-        attr_reader :view
-        attr_reader :view_context
-        attr_reader :routes
-
-        def build_response(**options)
-          options = options.merge(view_options: method(:view_options))
-          super(**options)
-        end
-
-        def view_options(req, res)
-          {context: view_context&.with(**view_context_options(req, res))}.compact
-        end
-
-        def view_context_options(req, res)
-          {request: req, response: res}
-        end
-
-        def finish(req, res, halted)
-          res.render(view, **req.params) if render?(res)
-          super
-        end
-
-        # Decide whether to render the current response with the associated view.
-        # This can be overridden to enable/disable automatic rendering.
-        #
-        # @param res [Hanami::Action::Response]
-        #
-        # @return [TrueClass,FalseClass]
-        #
-        # @since 2.0.0
-        # @api public
-        def render?(res)
-          view && res.body.empty?
-        end
-      end
-    end
-  end
-end

data/lib/hanami/action/application_configuration/content_security_policy.rb

@@ -1,118 +0,0 @@
-# frozen_string_literal: true
-
-module Hanami
-  class Action
-    class ApplicationConfiguration
-      # Configuration for Content Security Policy in Hanami applications
-      #
-      # @since 2.0.0
-      class ContentSecurityPolicy
-        # @since 2.0.0
-        # @api private
-        def initialize(&blk)
-          @policy = {
-            base_uri: "'self'",
-            child_src: "'self'",
-            connect_src: "'self'",
-            default_src: "'none'",
-            font_src: "'self'",
-            form_action: "'self'",
-            frame_ancestors: "'self'",
-            frame_src: "'self'",
-            img_src: "'self' https: data:",
-            media_src: "'self'",
-            object_src: "'none'",
-            plugin_types: "application/pdf",
-            script_src: "'self'",
-            style_src: "'self' 'unsafe-inline' https:"
-          }
-
-          blk&.(self)
-        end
-
-        # @since 2.0.0
-        # @api private
-        def initialize_copy(original_object)
-          @policy = original_object.instance_variable_get(:@policy).dup
-          super
-        end
-
-        # Get a CSP setting
-        #
-        # @param key [Symbol] the underscored name of the CPS setting
-        # @return [String,NilClass] the CSP setting, if any
-        #
-        # @since 2.0.0
-        # @api public
-        #
-        # @example
-        #   module MyApp
-        #     class Application < Hanami::Application
-        #       config.actions.content_security_policy[:base_uri] # => "'self'"
-        #     end
-        #   end
-        def [](key)
-          @policy[key]
-        end
-
-        # Set a CSP setting
-        #
-        # @param key [Symbol] the underscored name of the CPS setting
-        # @param value [String] the CSP setting value
-        #
-        # @since 2.0.0
-        # @api public
-        #
-        # @example Replace a default value
-        #   module MyApp
-        #     class Application < Hanami::Application
-        #       config.actions.content_security_policy[:plugin_types] = nil
-        #     end
-        #   end
-        #
-        # @example Append to a default value
-        #   module MyApp
-        #     class Application < Hanami::Application
-        #       config.actions.content_security_policy[:script_src] += " https://my.cdn.test"
-        #     end
-        #   end
-        def []=(key, value)
-          @policy[key] = value
-        end
-
-        # Deletes a CSP key
-        #
-        # @param key [Symbol] the underscored name of the CPS setting
-        #
-        # @since 2.0.0
-        # @api public
-        #
-        # @example
-        #   module MyApp
-        #     class Application < Hanami::Application
-        #       config.actions.content_security_policy.delete(:object_src)
-        #     end
-        #   end
-        def delete(key)
-          @policy.delete(key)
-        end
-
-        # @since 2.0.0
-        # @api private
-        def to_str
-          @policy.map do |key, value|
-            "#{dasherize(key)} #{value}"
-          end.join(";\n")
-        end
-
-        private
-
-        # @since 2.0.0
-        # @api private
-        def dasherize(key)
-          key.to_s.gsub("_", "-")
-        end
-      end
-    end
-  end
-end

data/lib/hanami/action/application_configuration/cookies.rb

@@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-module Hanami
-  class Action
-    class ApplicationConfiguration
-      # Wrapper for application-level configuration of HTTP cookies for Hanami actions.
-      # This decorates the hash of cookie options that is otherwise directly configurable
-      # on actions, and adds the `enabled?` method to allow `ApplicationAction` to
-      # determine whether to include the `Action::Cookies` module.
-      #
-      # @since 2.0.0
-      class Cookies
-        attr_reader :options
-
-        def initialize(options)
-          @options = options
-        end
-
-        def enabled?
-          !options.nil?
-        end
-
-        def to_h
-          options.to_h
-        end
-      end
-    end
-  end
-end

data/lib/hanami/action/application_configuration/sessions.rb

@@ -1,46 +0,0 @@
-# frozen_string_literal: true
-
-require "dry/core/constants"
-require "hanami/utils/string"
-require "hanami/utils/class"
-
-module Hanami
-  class Action
-    class ApplicationConfiguration
-      # Configuration for HTTP sessions in Hanami actions
-      #
-      # @since 2.0.0
-      class Sessions
-        attr_reader :storage, :options
-
-        def initialize(storage = nil, *options)
-          @storage = storage
-          @options = options
-        end
-
-        def enabled?
-          !storage.nil?
-        end
-
-        def middleware
-          return [] if !enabled?
-
-          [[storage_middleware, options]]
-        end
-
-        private
-
-        def storage_middleware
-          require_storage
-
-          name = Utils::String.classify(storage)
-          Utils::Class.load!(name, ::Rack::Session)
-        end
-
-        def require_storage
-          require "rack/session/#{storage}"
-        end
-      end
-    end
-  end
-end

data/lib/hanami/action/application_configuration.rb

@@ -1,90 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "application_configuration/cookies"
-require_relative "application_configuration/sessions"
-require_relative "application_configuration/content_security_policy"
-require_relative "configuration"
-require_relative "view_name_inferrer"
-
-module Hanami
-  class Action
-    class ApplicationConfiguration
-      include Dry::Configurable
-
-      setting :cookies, default: {}, constructor: -> options { Cookies.new(options) }
-      setting :sessions, constructor: proc { |storage, *options| Sessions.new(storage, *options) }
-      setting :csrf_protection
-
-      setting :name_inference_base, default: "actions"
-      setting :view_context_identifier, default: "view.context"
-      setting :view_name_inferrer, default: ViewNameInferrer
-      setting :view_name_inference_base, default: "views"
-
-      attr_accessor :content_security_policy
-
-      def initialize(*, **options)
-        super()
-
-        @base_configuration = Configuration.new
-        @content_security_policy = ContentSecurityPolicy.new do |csp|
-          if assets_server_url = options[:assets_server_url]
-            csp[:script_src] += " #{assets_server_url}"
-            csp[:style_src] += " #{assets_server_url}"
-          end
-        end
-
-        configure_defaults
-      end
-
-      def finalize!
-        # A nil value for `csrf_protection` means it has not been explicitly configured
-        # (neither true nor false), so we can default it to whether sessions are enabled
-        self.csrf_protection = sessions.enabled? if csrf_protection.nil?
-
-        if self.content_security_policy
-          self.default_headers["Content-Security-Policy"] = self.content_security_policy.to_str
-        end
-      end
-
-      # Returns the list of available settings
-      #
-      # @return [Set]
-      #
-      # @since 2.0.0
-      # @api private
-      def settings
-        base_configuration.settings + self.class.settings
-      end
-
-      private
-
-      attr_reader :base_configuration
-
-      # Apply defaults for base configuration settings
-      def configure_defaults
-        self.default_request_format = :html
-        self.default_response_format = :html
-
-        self.default_headers = {
-          "X-Frame-Options" => "DENY",
-          "X-Content-Type-Options" => "nosniff",
-          "X-XSS-Protection" => "1; mode=block"
-        }
-      end
-
-      def method_missing(name, *args, &block)
-        if config.respond_to?(name)
-          config.public_send(name, *args, &block)
-        elsif base_configuration.respond_to?(name)
-          base_configuration.public_send(name, *args, &block)
-        else
-          super
-        end
-      end
-
-      def respond_to_missing?(name, _incude_all = false)
-        config.respond_to?(name) || base_configuration.respond_to?(name) || super
-      end
-    end
-  end
-end