hanami-controller 2.0.0.alpha8 → 2.0.0.beta1

data/lib/hanami/action/cookie_jar.rb

@@ -1,4 +1,7 @@
-require 'hanami/utils/hash'
+# frozen_string_literal: true
+
+require "rack/utils"
+require "hanami/utils/hash"
 
 module Hanami
   class Action
@@ -10,40 +13,9 @@ module Hanami
     #
     # @see Hanami::Action::Cookies#cookies
     class CookieJar
-      # The key that returns raw cookies from the Rack env
-      #
-      # @since 0.1.0
-      # @api private
-      HTTP_HEADER       = 'HTTP_COOKIE'.freeze
-
-      # The key used by Rack to set the session cookie
-      #
-      # We let CookieJar to NOT take care of this cookie, but it leaves the
-      # responsibility to the Rack middleware that handle sessions.
-      #
-      # This prevents <tt>Set-Cookie</tt> to be sent twice.
-      #
-      # @since 0.5.1
-      # @api private
-      #
-      # @see https://github.com/hanami/controller/issues/138
-      RACK_SESSION_KEY   = :'rack.session'
-
-      # The key used by Rack to set the cookies as an Hash in the env
-      #
-      # @since 0.1.0
-      # @api private
-      COOKIE_HASH_KEY   = 'rack.request.cookie_hash'.freeze
-
-      # The key used by Rack to set the cookies as a String in the env
-      #
-      # @since 0.1.0
-      # @api private
-      COOKIE_STRING_KEY = 'rack.request.cookie_string'.freeze
-
       # @since 0.4.5
       # @api private
-      COOKIE_SEPARATOR = ';,'.freeze
+      COOKIE_SEPARATOR = ";,"
 
       # Initialize the CookieJar
       #
@@ -68,11 +40,14 @@ module Hanami
       #
       # @see Hanami::Action::Cookies#finish
       def finish
-        @cookies.delete(RACK_SESSION_KEY)
-        @cookies.each do |k,v|
-          next unless changed?(k)
-          v.nil? ? delete_cookie(k) : set_cookie(k, _merge_default_values(v))
-        end if changed?
+        @cookies.delete(Action::RACK_SESSION)
+        if changed?
+          @cookies.each do |k, v|
+            next unless changed?(k)
+
+            v.nil? ? delete_cookie(k) : set_cookie(k, _merge_default_values(v))
+          end
+        end
       end
 
       # Returns the object associated with the given key
@@ -122,12 +97,12 @@ module Hanami
       #
       # @example
       #   require "hanami/controller"
-      #   class MyAction
-      #     include Hanami::Action
+      #   class MyAction < Hanami::Action
       #     include Hanami::Action::Cookies
       #
-      #     def call(params)
-      #       cookies.each do |key, value|
+      #     def handle(req, res)
+      #       # read cookies
+      #       req.cookies.each do |key, value|
       #         # ...
       #       end
       #     end
@@ -167,10 +142,10 @@ module Hanami
       # @api private
       def _merge_default_values(value)
         cookies_options = if value.is_a?(::Hash)
-          value.merge! _add_expires_option(value)
-        else
-          { value: value }
-        end
+                            value.merge! _add_expires_option(value)
+                          else
+                            {value: value}
+                          end
         @default_options.merge cookies_options
       end
 
@@ -179,8 +154,8 @@ module Hanami
       # @since 0.4.3
       # @api private
       def _add_expires_option(value)
-        if value.has_key?(:max_age) && !value.has_key?(:expires)
-          { expires: (Time.now + value[:max_age]) }
+        if value.key?(:max_age) && !value.key?(:expires)
+          {expires: (Time.now + value[:max_age])}
         else
           {}
         end
@@ -193,11 +168,12 @@ module Hanami
       # @since 0.1.0
       # @api private
       def extract(env)
-        hash   = env[COOKIE_HASH_KEY] ||= {}
-        string = env[HTTP_HEADER]
+        hash   = env[Action::COOKIE_HASH_KEY] ||= {}
+        string = env[Action::HTTP_COOKIE]
+
+        return hash if string == env[Action::COOKIE_STRING_KEY]
 
-        return hash if string == env[COOKIE_STRING_KEY]
-        # TODO Next Rack 1.7.x ?? version will have ::Rack::Utils.parse_cookies
+        # TODO: Next Rack 1.7.x ?? version will have ::Rack::Utils.parse_cookies
         # We can then replace the following lines.
         hash.clear
 
@@ -206,9 +182,15 @@ module Hanami
         #   the Cookie header such that those with more specific Path attributes
         #   precede those with less specific.  Ordering with respect to other
         #   attributes (e.g., Domain) is unspecified.
-        cookies = ::Rack::Utils.parse_query(string, COOKIE_SEPARATOR) { |s| ::Rack::Utils.unescape(s) rescue s }
-        cookies.each { |k,v| hash[k] = Array === v ? v.first : v }
-        env[COOKIE_STRING_KEY] = string
+        cookies = ::Rack::Utils.parse_query(string, COOKIE_SEPARATOR) { |s|
+          begin
+            ::Rack::Utils.unescape(s)
+          rescue StandardError
+            s
+          end
+        }
+        cookies.each { |k, v| hash[k] = v.is_a?(Array) ? v.first : v }
+        env[Action::COOKIE_STRING_KEY] = string
         hash
       end
 

data/lib/hanami/action/cookies.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Hanami
   class Action
     # Cookies API

data/lib/hanami/action/csrf_protection.rb

@@ -1,4 +1,7 @@
+# frozen_string_literal: true
+
 require "hanami/utils/blank"
+require "hanami/controller/error"
 require "rack/utils"
 require "securerandom"
 
@@ -8,7 +11,7 @@ module Hanami
     # Invalid CSRF Token
     #
     # @since 0.4.0
-    class InvalidCSRFTokenError < ::StandardError
+    class InvalidCSRFTokenError < Controller::Error
     end
 
     # CSRF Protection
@@ -38,10 +41,8 @@ module Hanami
     #
     # @example Custom Handling
     #   module Web::Controllers::Books
-    #     class Create
-    #       include Web::Action
-    #
-    #       def call(params)
+    #     class Create < Web::Action
+    #       def handl(*)
     #         # ...
     #       end
     #
@@ -56,16 +57,14 @@ module Hanami
     #
     # @example Bypass Security Check
     #   module Web::Controllers::Books
-    #     class Create
-    #       include Web::Action
-    #
-    #       def call(params)
+    #     class Create < Web::Action
+    #       def handle(*)
     #         # ...
     #       end
     #
     #       private
     #
-    #       def verify_csrf_token?
+    #       def verify_csrf_token?(req, res)
     #         false
     #       end
     #     end
@@ -87,18 +86,20 @@ module Hanami
       # @since 0.4.0
       # @api private
       IDEMPOTENT_HTTP_METHODS = Hash[
-        "GET" => true,
-        "HEAD" => true,
-        "TRACE" => true,
-        "OPTIONS" => true
+        Action::GET => true,
+        Action::HEAD => true,
+        Action::TRACE => true,
+        Action::OPTIONS => true
       ].freeze
 
       # @since 0.4.0
       # @api private
       def self.included(action)
-        action.class_eval do
-          before :set_csrf_token, :verify_csrf_token
-        end unless Hanami.respond_to?(:env?) && Hanami.env?(:test)
+        unless Hanami.respond_to?(:env?) && Hanami.env?(:test)
+          action.class_eval do
+            before :set_csrf_token, :verify_csrf_token
+          end
+        end
       end
 
       private
@@ -107,7 +108,7 @@ module Hanami
       #
       # @since 0.4.0
       # @api private
-      def set_csrf_token(req, res)
+      def set_csrf_token(_req, res)
         res.session[CSRF_TOKEN] ||= generate_csrf_token
       end
 
@@ -141,7 +142,7 @@ module Hanami
       # Verify the CSRF token was passed in params.
       #
       # @api private
-      def missing_csrf_token?(req, res)
+      def missing_csrf_token?(req, *)
         Hanami::Utils::Blank.blank?(req.params[CSRF_TOKEN])
       end
 
@@ -161,21 +162,19 @@ module Hanami
       #
       # @example
       #   module Web::Controllers::Books
-      #     class Create
-      #       include Web::Action
-      #
-      #       def call(params)
+      #     class Create < Web::Action
+      #       def call(*)
       #         # ...
       #       end
       #
       #       private
       #
-      #       def verify_csrf_token?
+      #       def verify_csrf_token?(req, res)
       #         false
       #       end
       #     end
       #   end
-      def verify_csrf_token?(req, res)
+      def verify_csrf_token?(req, *)
         !IDEMPOTENT_HTTP_METHODS[req.request_method]
       end
 
@@ -191,21 +190,19 @@ module Hanami
       #
       # @example
       #   module Web::Controllers::Books
-      #     class Create
-      #       include Web::Action
-      #
-      #       def call(params)
+      #     class Create < Web::Action
+      #       def call(*)
       #         # ...
       #       end
       #
       #       private
       #
-      #       def handle_invalid_csrf_token
+      #       def handle_invalid_csrf_token(req, res)
       #         # custom invalid CSRF management goes here
       #       end
       #     end
       #   end
-      def handle_invalid_csrf_token(req, res)
+      def handle_invalid_csrf_token(*, res)
         res.session.clear
         raise InvalidCSRFTokenError
       end

data/lib/hanami/action/flash.rb

@@ -18,6 +18,10 @@ module Hanami
     # @since 0.3.0
     # @api public
     class Flash
+      # @since 2.0.0
+      # @api private
+      KEY = "_flash"
+
       # @return [Hash] The flash hash for the next request, written to by {#[]=}.
       #
       # @see #[]=

data/lib/hanami/action/halt.rb

@@ -1,8 +1,12 @@
+# frozen_string_literal: true
+
 require "hanami/http/status"
 
 module Hanami
   class Action
     module Halt
+      # @since 2.0.0
+      # @api private
       def self.call(status, body = nil)
         body ||= Http::Status.message_for(status)
         throw :halt, [status, body]

data/lib/hanami/action/mime.rb

@@ -1,85 +1,74 @@
+# frozen_string_literal: true
+
 require "hanami/utils"
 require "rack/utils"
 require "rack/mime"
 
 module Hanami
   class Action
-    module Mime
-      DEFAULT_CONTENT_TYPE = 'application/octet-stream'.freeze
-      DEFAULT_CHARSET      = 'utf-8'.freeze
-
-      # The key that returns content mime type from the Rack env
-      #
-      # @since 2.0.0
-      # @api private
-      HTTP_CONTENT_TYPE    = 'CONTENT_TYPE'.freeze
-
-      # The header key to set the mime type of the response
-      #
-      # @since 0.1.0
-      # @api private
-      CONTENT_TYPE         = 'Content-Type'.freeze
-
+    module Mime # rubocop:disable Metrics/ModuleLength
       # Most commom MIME Types used for responses
       #
       # @since 1.0.0
       # @api private
       TYPES = {
-        txt: 'text/plain',
-        html: 'text/html',
-        json: 'application/json',
-        manifest: 'text/cache-manifest',
-        atom: 'application/atom+xml',
-        avi: 'video/x-msvideo',
-        bmp: 'image/bmp',
-        bz: 'application/x-bzip',
-        bz2: 'application/x-bzip2',
-        chm: 'application/vnd.ms-htmlhelp',
-        css: 'text/css',
-        csv: 'text/csv',
-        flv: 'video/x-flv',
-        gif: 'image/gif',
-        gz: 'application/x-gzip',
-        h264: 'video/h264',
-        ico: 'image/vnd.microsoft.icon',
-        ics: 'text/calendar',
-        jpg: 'image/jpeg',
-        js: 'application/javascript',
-        mp4: 'video/mp4',
-        mov: 'video/quicktime',
-        mp3: 'audio/mpeg',
-        mp4a: 'audio/mp4',
-        mpg: 'video/mpeg',
-        oga: 'audio/ogg',
-        ogg: 'application/ogg',
-        ogv: 'video/ogg',
-        pdf: 'application/pdf',
-        pgp: 'application/pgp-encrypted',
-        png: 'image/png',
-        psd: 'image/vnd.adobe.photoshop',
-        rss: 'application/rss+xml',
-        rtf: 'application/rtf',
-        sh: 'application/x-sh',
-        svg: 'image/svg+xml',
-        swf: 'application/x-shockwave-flash',
-        tar: 'application/x-tar',
-        torrent: 'application/x-bittorrent',
-        tsv: 'text/tab-separated-values',
-        uri: 'text/uri-list',
-        vcs: 'text/x-vcalendar',
-        wav: 'audio/x-wav',
-        webm: 'video/webm',
-        wmv: 'video/x-ms-wmv',
-        woff: 'application/font-woff',
-        woff2: 'application/font-woff2',
-        wsdl: 'application/wsdl+xml',
-        xhtml: 'application/xhtml+xml',
-        xml: 'application/xml',
-        xslt: 'application/xslt+xml',
-        yml: 'text/yaml',
-        zip: 'application/zip'
+        txt: "text/plain",
+        html: "text/html",
+        json: "application/json",
+        manifest: "text/cache-manifest",
+        atom: "application/atom+xml",
+        avi: "video/x-msvideo",
+        bmp: "image/bmp",
+        bz: "application/x-bzip",
+        bz2: "application/x-bzip2",
+        chm: "application/vnd.ms-htmlhelp",
+        css: "text/css",
+        csv: "text/csv",
+        flv: "video/x-flv",
+        gif: "image/gif",
+        gz: "application/x-gzip",
+        h264: "video/h264",
+        ico: "image/vnd.microsoft.icon",
+        ics: "text/calendar",
+        jpg: "image/jpeg",
+        js: "application/javascript",
+        mp4: "video/mp4",
+        mov: "video/quicktime",
+        mp3: "audio/mpeg",
+        mp4a: "audio/mp4",
+        mpg: "video/mpeg",
+        oga: "audio/ogg",
+        ogg: "application/ogg",
+        ogv: "video/ogg",
+        pdf: "application/pdf",
+        pgp: "application/pgp-encrypted",
+        png: "image/png",
+        psd: "image/vnd.adobe.photoshop",
+        rss: "application/rss+xml",
+        rtf: "application/rtf",
+        sh: "application/x-sh",
+        svg: "image/svg+xml",
+        swf: "application/x-shockwave-flash",
+        tar: "application/x-tar",
+        torrent: "application/x-bittorrent",
+        tsv: "text/tab-separated-values",
+        uri: "text/uri-list",
+        vcs: "text/x-vcalendar",
+        wav: "audio/x-wav",
+        webm: "video/webm",
+        wmv: "video/x-ms-wmv",
+        woff: "application/font-woff",
+        woff2: "application/font-woff2",
+        wsdl: "application/wsdl+xml",
+        xhtml: "application/xhtml+xml",
+        xml: "application/xml",
+        xslt: "application/xslt+xml",
+        yml: "text/yaml",
+        zip: "application/zip"
       }.freeze
 
+      # @since 2.0.0
+      # @api private
       def self.content_type_with_charset(content_type, charset)
         "#{content_type}; charset=#{charset}"
       end
@@ -92,27 +81,38 @@ module Hanami
       # lastly it will fallback to DEFAULT_CONTENT_TYPE
       #
       # @return [String]
+      #
+      # @since 2.0.0
+      # @api private
       def self.content_type(configuration, request, accepted_mime_types)
         if request.accept_header?
           type = best_q_match(request.accept, accepted_mime_types)
           return type if type
         end
 
-        default_response_type(configuration) || default_content_type(configuration) || DEFAULT_CONTENT_TYPE
+        default_response_type(configuration) || default_content_type(configuration) || Action::DEFAULT_CONTENT_TYPE
       end
 
+      # @since 2.0.0
+      # @api private
       def self.charset(default_charset)
-        default_charset || DEFAULT_CHARSET
+        default_charset || Action::DEFAULT_CHARSET
       end
 
+      # @since 2.0.0
+      # @api private
       def self.default_response_type(configuration)
         format_to_mime_type(configuration.default_response_format, configuration)
       end
 
+      # @since 2.0.0
+      # @api private
       def self.default_content_type(configuration)
         format_to_mime_type(configuration.default_request_format, configuration)
       end
 
+      # @since 2.0.0
+      # @api private
       def self.format_to_mime_type(format, configuration)
         return if format.nil?
 
@@ -128,12 +128,18 @@ module Hanami
       #   detect_format("text/html; charset=utf-8", configuration)  #=> :html
       #
       # @return [Symbol, nil]
+      #
+      # @since 2.0.0
+      # @api private
       def self.detect_format(content_type, configuration)
         return if content_type.nil?
+
         ct = content_type.split(";").first
         configuration.format_for(ct) || format_for(ct)
       end
 
+      # @since 2.0.0
+      # @api private
       def self.format_for(content_type)
         TYPES.key(content_type)
       end
@@ -145,6 +151,9 @@ module Hanami
       # @return [Array<String>, nil]
       #
       # @raise [Hanami::Controller::UnknownFormatError] if the format is invalid
+      #
+      # @since 2.0.0
+      # @api private
       def self.restrict_mime_types(configuration, accepted_formats)
         return if accepted_formats.empty?
 
@@ -155,6 +164,7 @@ module Hanami
         accepted_mime_types = mime_types & configuration.mime_types
 
         return if accepted_mime_types.empty?
+
         accepted_mime_types
       end
 
@@ -164,8 +174,13 @@ module Hanami
       # If no Content-Type is sent in the request it will check the default_request_format
       #
       # @return [TrueClass, FalseClass]
+      #
+      # @since 2.0.0
+      # @api private
       def self.accepted_mime_type?(request, accepted_mime_types, configuration)
-        mime_type = request.env[HTTP_CONTENT_TYPE] || default_content_type(configuration) || DEFAULT_CONTENT_TYPE
+        mime_type = request.env[Action::HTTP_CONTENT_TYPE] ||
+                    default_content_type(configuration) ||
+                    Action::DEFAULT_CONTENT_TYPE
 
         !accepted_mime_types.find { |mt| ::Rack::Mime.match?(mt, mime_type) }.nil?
       end
@@ -175,6 +190,9 @@ module Hanami
       # @see Hanami::Action::Mime#call
       #
       # @return [String]
+      #
+      # @since 2.0.0
+      # @api private
       def self.calculate_content_type_with_charset(configuration, request, accepted_mime_types)
         charset      = self.charset(configuration.default_charset)
         content_type = self.content_type(configuration, request, accepted_mime_types)
@@ -197,6 +215,7 @@ module Hanami
         ::Rack::Utils.q_values(q_value_header).each_with_index.map do |(req_mime, quality), index|
           match = available_mimes.find { |am| ::Rack::Mime.match?(am, req_mime) }
           next unless match
+
           RequestMimeWeight.new(req_mime, quality, index, match)
         end.compact.max&.format
       end
@@ -204,6 +223,16 @@ module Hanami
       # @since 1.0.1
       # @api private
       class RequestMimeWeight
+        # @since 2.0.0
+        # @api private
+        MIME_SEPARATOR = "/"
+        private_constant :MIME_SEPARATOR
+
+        # @since 2.0.0
+        # @api private
+        MIME_WILDCARD = "*"
+        private_constant :MIME_WILDCARD
+
         include Comparable
 
         # @since 1.0.1
@@ -237,6 +266,7 @@ module Hanami
         # @api private
         def <=>(other)
           return priority <=> other.priority unless priority == other.priority
+
           other.index <=> index
         end
 
@@ -245,7 +275,7 @@ module Hanami
         # @since 1.0.1
         # @api private
         def calculate_priority(mime)
-          @priority ||= (mime.split('/'.freeze, 2).count('*'.freeze) * -10) + quality
+          @priority ||= (mime.split(MIME_SEPARATOR, 2).count(MIME_WILDCARD) * -10) + quality
         end
       end
     end