hanami-controller 2.0.0.beta1 → 2.0.0.beta4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 11f51222319fd677dad5bcad139e3a9fe4ec4a9099a44cab8e1809de78ca7def
-  data.tar.gz: 38367d9e9a0831e0bae832ffc4a7528ba97ecafb399b57e085d723de522f0219
+  metadata.gz: a363029b7df3ddc560e2975862f72548788a2a2910c2d32519f073556b4bfbb2
+  data.tar.gz: e7d67505e3b0161a656d24e1ff634bd02c11d4fad1e217a1ee482271be6dbbd9
 SHA512:
-  metadata.gz: 5522815b014bd6bf4ad6750a12c80a6db7d1aaab15562004a7898bc6cf5a5f0bbfa93d171cee31268685268ead3d37d6aa42be1bfc780c7a3bba2207814df087
-  data.tar.gz: 379911174cd6deb4637e6dcb80731d1d221f6bb4f3c184001f6f526e8d87cdf385aa0e114a1c4fa78c2dc3361015074b5afbe428a2b630a8ff4cd17f180e5908
+  metadata.gz: 0a9aeb4ea44db1fe6f137dee8f3e5e05bda318a8c53f1f57c30204a0077b5dcfd82aefab569fd7169c2c728de2331fcaa52f1fcdec2e3adb6d4679c38791edf6
+  data.tar.gz: 726de07b87cd8055da9973ea0365c00bde1f8808a1593ef3830051e196c722f001f6dc13615182f067542c605c9437259d1d36028031867edf3abd8d9612e817

data/CHANGELOG.md

@@ -2,6 +2,25 @@
 
 Complete, fast and testable actions for Rack
 
+## v2.0.0.beta4 - 2022-10-24
+
+### Added
+
+- [Tim Riley] Add `Response#flash`, and delgate to request object for both `Response#session` and `Response#flash`, ensuring the same objects are used when accessed via either request or response (#399)
+
+### Fixed
+
+- [Benjamin Klotz] When a params validation schema is provided (in a `params do` block), only return the validated params from `request.params` (#375)
+- [Sean Collins] Handle dry-schema's messages hash now being frozen by default (#391)
+
+### Changed
+
+- [Tim Riley] When `Action.accept` is declared (or `Action::Config.accepted_formats` configured), return a 406 error if an `Accept` request header is present but is not acceptable. In the absence of an `Accept` header, return a 415 error if a `Content-Type` header is present but not acceptable. If neither header is provided, accept the request. (#396)
+- [Tim Riley] Add `Action.handle_exception` class method as a shortcut for `Hanami::Action::Config#handle_exception` (#394)
+- [Tim Riley] Significantly reduce memory usage by leveraging recent dry-configurable changes, and relocating `accepted_formats`, `before_callbacks`, `after_callbacks` inheritable attributes to `config` (#392)
+- [Tim Riley] Make params validation schemas (defined in `params do` block) inheritable to subclasses (#394)
+- [Benhamin Klotz, Tim Riley] Raise `Hanami::Action::MissingSessionError` with a friendly message if `Request#session`, `Request#flash`, `Response#session` or `Response#flash` are called for an action that does not already include `Hanami::Action:Session` mixin (#379 via #395)
+
 ## v2.0.0.beta1 - 2022-07-20
 
 ### Fixed

data/README.md

@@ -771,7 +771,7 @@ end
 # When called with "\*/\*"            => 200
 # When called with "text/html"        => 200
 # When called with "application/json" => 200
-# When called with "application/xml"  => 406
+# When called with "application/xml"  => 415
 ```
 
 You can check if the requested MIME type is accepted by the client.

data/lib/hanami/action/config.rb

@@ -0,0 +1,262 @@
+# frozen_string_literal: true
+
+require "dry/configurable"
+require_relative "mime"
+
+module Hanami
+  class Action
+    class Config < Dry::Configurable::Config
+      # Default MIME type to format mapping
+      #
+      # @since 0.2.0
+      # @api private
+      DEFAULT_FORMATS = {
+        "application/octet-stream" => :all,
+        "*/*" => :all,
+        "text/html" => :html
+      }.freeze
+
+      # Default public directory
+      #
+      # This serves as the root directory for file downloads
+      #
+      # @since 1.0.0
+      #
+      # @api private
+      DEFAULT_PUBLIC_DIRECTORY = "public"
+
+      # @!attribute [rw] handled_exceptions
+      #
+      #   Specifies how to handle exceptions with an HTTP status.
+      #
+      #   Raised exceptions will return the corresponding HTTP status.
+      #
+      #   @return [Hash{Exception=>Integer}] exception classes as keys and HTTP statuses as values
+      #
+      #   @example
+      #     config.handled_exceptions = {ArgumentError => 400}
+      #
+      #   @since 0.2.0
+
+      # Specifies how to handle exceptions with an HTTP status
+      #
+      # Raised exceptions will return the corresponding HTTP status
+      #
+      # The specified exceptions will be merged with any previously configured
+      # exceptions
+      #
+      # @param exceptions [Hash{Exception=>Integer}] exception classes as keys
+      #   and HTTP statuses as values
+      #
+      # @return [void]
+      #
+      # @example
+      #   config.handle_exceptions(ArgumentError => 400}
+      #
+      # @see handled_exceptions
+      #
+      # @since 0.2.0
+      def handle_exception(exceptions)
+        self.handled_exceptions = handled_exceptions
+          .merge(exceptions)
+          .sort { |(ex1, _), (ex2, _)| ex1.ancestors.include?(ex2) ? -1 : 1 }
+          .to_h
+      end
+
+      # @!attribute [rw] formats
+      #
+      #   Specifies the MIME type to format mapping
+      #
+      #   @return [Hash{String=>Symbol}] MIME type strings as keys and format symbols as values
+      #
+      #   @see format
+      #   @see Hanami::Action::Mime
+      #
+      #   @example
+      #     config.formats = {"text/html" => :html}
+      #
+      #   @since 0.2.0
+
+      # Registers a MIME type to format mapping
+      #
+      # @param hash [Hash{Symbol=>String}] format symbols as keys and the MIME
+      #   type strings must as values
+      #
+      # @return [void]
+      #
+      # @see formats
+      # @see Hanami::Action::Mime
+      #
+      # @example
+      #   config.format html: "text/html"
+      #
+      # @since 0.2.0
+      def format(hash)
+        symbol, mime_type = *Utils::Kernel.Array(hash)
+        formats[Utils::Kernel.String(mime_type)] = Utils::Kernel.Symbol(symbol)
+      end
+
+      # Returns the configured format for the given MIME type
+      #
+      # @param mime_type [#to_s,#to_str] A mime type
+      #
+      # @return [Symbol,nil] the corresponding format, nil if not found
+      #
+      # @see format
+      #
+      # @since 0.2.0
+      # @api private
+      def format_for(mime_type)
+        formats[mime_type]
+      end
+
+      # Returns the configured format's MIME types
+      #
+      # @return [Array<String>] the format's MIME types
+      #
+      # @see formats=
+      # @see format
+      #
+      # @since 0.8.0
+      #
+      # @api private
+      def mime_types
+        # FIXME: this isn't efficient. speed it up!
+        ((formats.keys - DEFAULT_FORMATS.keys) +
+          Hanami::Action::Mime::TYPES.values).freeze
+      end
+
+      # Returns a MIME type for the given format
+      #
+      # @param format [#to_sym] a format
+      #
+      # @return [String,nil] the corresponding MIME type, if present
+      #
+      # @since 0.2.0
+      # @api private
+      def mime_type_for(format)
+        formats.key(format)
+      end
+
+      # @since 2.0.0
+      # @api private
+      def accepted_mime_types
+        accepted_formats.any? ? Mime.restrict_mime_types(self) : mime_types
+      end
+
+      # @!attribute [rw] default_request_format
+      #
+      #   Sets a format as default fallback for all the requests without a strict
+      #   requirement for the MIME type.
+      #
+      #   The given format must be coercible to a symbol, and be a valid MIME
+      #   type alias. If it isn't, at runtime the framework will raise an
+      #   `Hanami::Controller::UnknownFormatError`.
+      #
+      #   By default, this value is nil.
+      #
+      #   @return [Symbol]
+      #
+      #   @see Hanami::Action::Mime
+      #
+      #   @since 0.5.0
+
+      # @!attribute [rw] default_response_format
+      #
+      #   Sets a format to be used for all responses regardless of the request
+      #   type.
+      #
+      #   The given format must be coercible to a symbol, and be a valid MIME
+      #   type alias. If it isn't, at the runtime the framework will raise an
+      #   `Hanami::Controller::UnknownFormatError`.
+      #
+      #   By default, this value is nil.
+      #
+      #   @return [Symbol]
+      #
+      #   @see Hanami::Action::Mime
+      #
+      #   @since 0.5.0
+
+      # @!attribute [rw] default_charset
+      #
+      #   Sets a charset (character set) as default fallback for all the requests
+      #   without a strict requirement for the charset.
+      #
+      #   By default, this value is nil.
+      #
+      #   @return [String]
+      #
+      #   @see Hanami::Action::Mime
+      #
+      #   @since 0.3.0
+
+      # @!attribute [rw] default_headers
+      #
+      #   Sets default headers for all responses.
+      #
+      #   By default, this is an empty hash.
+      #
+      #   @return [Hash{String=>String}] the headers
+      #
+      #   @example
+      #     config.default_headers = {"X-Frame-Options" => "DENY"}
+      #
+      #   @see default_headers
+      #
+      #   @since 0.4.0
+
+      # @!attribute [rw] cookies
+      #
+      #   Sets default cookie options for all responses.
+      #
+      #   By default this, is an empty hash.
+      #
+      #   @return [Hash{Symbol=>String}] the cookie options
+      #
+      #   @example
+      #     config.cookies = {
+      #       domain: "hanamirb.org",
+      #       path: "/controller",
+      #       secure: true,
+      #       httponly: true
+      #     }
+      #
+      #   @since 0.4.0
+
+      # @!attribute [rw] root_directory
+      #
+      #   Sets the the for the public directory, which is used for file downloads.
+      #   This must be an existent directory.
+      #
+      #   Defaults to the current working directory.
+      #
+      #   @return [String] the directory path
+      #
+      #   @api private
+      #
+      #   @since 1.0.0
+
+      # @!attribute [rw] public_directory
+      #
+      # Sets the path to public directory. This directory is used for file downloads.
+      #
+      # This given directory will be appended onto the root directory.
+      #
+      # By default, the public directory is `"public"`.
+      # @return [String] the public directory path
+      #
+      # @example
+      #   config.public_directory = "public"
+      #   config.public_directory # => "/path/to/root/public"
+      #
+      # @see root_directory
+      #
+      # @since 2.0.0
+      def public_directory
+        # This must be a string, for Rack compatibility
+        root_directory.join(super).to_s
+      end
+    end
+  end
+end

data/lib/hanami/action/constants.rb

@@ -114,13 +114,13 @@ module Hanami
     #
     # @since 0.1.0
     # @api private
-    HTTP_ACCEPT          = "HTTP_ACCEPT"
+    HTTP_ACCEPT = "HTTP_ACCEPT"
 
     # The header key to set the mime type of the response
     #
     # @since 0.1.0
     # @api private
-    CONTENT_TYPE         = ::Rack::CONTENT_TYPE
+    CONTENT_TYPE = ::Rack::CONTENT_TYPE
 
     # The default mime type for an incoming HTTP request
     #
@@ -152,7 +152,7 @@ module Hanami
     #
     # @since 2.0.0
     # @api private
-    ETAG          = ::Rack::ETAG
+    ETAG = ::Rack::ETAG
 
     # @since 2.0.0
     # @api private
@@ -221,7 +221,7 @@ module Hanami
     #
     # @since 2.0.0
     # @api private
-    COOKIE_HASH_KEY   = ::Rack::RACK_REQUEST_COOKIE_HASH
+    COOKIE_HASH_KEY = ::Rack::RACK_REQUEST_COOKIE_HASH
 
     # The key used by Rack to set the cookies as a String in the env
     #
@@ -233,7 +233,7 @@ module Hanami
     #
     # @since 2.0.0
     # @api private
-    RACK_INPUT    = ::Rack::RACK_INPUT
+    RACK_INPUT = ::Rack::RACK_INPUT
 
     # The key that returns router params from the Rack env
     # This is a builtin integration for Hanami::Router
@@ -250,12 +250,6 @@ module Hanami
 
     # @since 2.0.0
     # @api private
-    DEFAULT_CHARSET      = "utf-8"
-
-    # The key that returns content mime type from the Rack env
-    #
-    # @since 2.0.0
-    # @api private
-    HTTP_CONTENT_TYPE    = "CONTENT_TYPE"
+    DEFAULT_CHARSET = "utf-8"
   end
 end

data/lib/hanami/action/csrf_protection.rb

@@ -96,6 +96,7 @@ module Hanami
       # @api private
       def self.included(action)
         unless Hanami.respond_to?(:env?) && Hanami.env?(:test)
+          action.include Hanami::Action::Session
           action.class_eval do
             before :set_csrf_token, :verify_csrf_token
           end

data/lib/hanami/action/error.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Hanami
+  class Action
+    # @since 2.0.0
+    class Error < ::StandardError
+    end
+
+    # Missing session error
+    #
+    # This error is raised when `session` or `flash` is accessed/set on request/response objects
+    # in actions which do not include `Hanami::Action::Session`.
+    #
+    # @since 2.0.0
+    #
+    # @see Hanami::Action::Session
+    # @see Hanami::Action::Request#session
+    # @see Hanami::Action::Response#session
+    # @see Hanami::Action::Response#flash
+    class MissingSessionError < Error
+      def initialize(session_method)
+        super(<<~TEXT)
+          Sessions are not enabled. To use `#{session_method}`:
+
+          Configure sessions in your Hanami app, e.g.
+
+            module MyApp
+              class App < Hanami::App
+                # See Rack::Session::Cookie for options
+                config.sessions = :cookie, {**cookie_session_options}
+              end
+            end
+
+          Or include session support directly in your action class:
+
+            include Hanami::Action::Session
+        TEXT
+      end
+    end
+  end
+end

data/lib/hanami/action/mime.rb

@@ -84,13 +84,13 @@ module Hanami
       #
       # @since 2.0.0
       # @api private
-      def self.content_type(configuration, request, accepted_mime_types)
+      def self.content_type(config, request, accepted_mime_types)
         if request.accept_header?
           type = best_q_match(request.accept, accepted_mime_types)
           return type if type
         end
 
-        default_response_type(configuration) || default_content_type(configuration) || Action::DEFAULT_CONTENT_TYPE
+        default_response_type(config) || default_content_type(config) || Action::DEFAULT_CONTENT_TYPE
       end
 
       # @since 2.0.0
@@ -101,22 +101,22 @@ module Hanami
 
       # @since 2.0.0
       # @api private
-      def self.default_response_type(configuration)
-        format_to_mime_type(configuration.default_response_format, configuration)
+      def self.default_response_type(config)
+        format_to_mime_type(config.default_response_format, config)
       end
 
       # @since 2.0.0
       # @api private
-      def self.default_content_type(configuration)
-        format_to_mime_type(configuration.default_request_format, configuration)
+      def self.default_content_type(config)
+        format_to_mime_type(config.default_request_format, config)
       end
 
       # @since 2.0.0
       # @api private
-      def self.format_to_mime_type(format, configuration)
+      def self.format_to_mime_type(format, config)
         return if format.nil?
 
-        configuration.mime_type_for(format) ||
+        config.mime_type_for(format) ||
           TYPES.fetch(format) { raise Hanami::Controller::UnknownFormatError.new(format) }
       end
 
@@ -125,17 +125,17 @@ module Hanami
       #
       # @see Hanami::Action::Mime#finish
       # @example
-      #   detect_format("text/html; charset=utf-8", configuration)  #=> :html
+      #   detect_format("text/html; charset=utf-8", config)  #=> :html
       #
       # @return [Symbol, nil]
       #
       # @since 2.0.0
       # @api private
-      def self.detect_format(content_type, configuration)
+      def self.detect_format(content_type, config)
         return if content_type.nil?
 
         ct = content_type.split(";").first
-        configuration.format_for(ct) || format_for(ct)
+        config.format_for(ct) || format_for(ct)
       end
 
       # @since 2.0.0
@@ -146,7 +146,7 @@ module Hanami
 
       # Transforms symbols to MIME Types
       # @example
-      #   restrict_mime_types(configuration, [:json])  #=> ["application/json"]
+      #   restrict_mime_types(config, [:json])  #=> ["application/json"]
       #
       # @return [Array<String>, nil]
       #
@@ -154,35 +154,71 @@ module Hanami
       #
       # @since 2.0.0
       # @api private
-      def self.restrict_mime_types(configuration, accepted_formats)
-        return if accepted_formats.empty?
+      def self.restrict_mime_types(config)
+        return if config.accepted_formats.empty?
 
-        mime_types = accepted_formats.map do |format|
-          format_to_mime_type(format, configuration)
+        mime_types = config.accepted_formats.map do |format|
+          format_to_mime_type(format, config)
         end
 
-        accepted_mime_types = mime_types & configuration.mime_types
+        accepted_mime_types = mime_types & config.mime_types
 
         return if accepted_mime_types.empty?
 
         accepted_mime_types
       end
 
-      # Use for checking the Content-Type header to make sure is valid based
-      # on the accepted_mime_types
+      # Yields if an action is configured with `accepted_formats`, the request has an `Accept`
+      # header, and none of the Accept types matches the accepted formats. The given block is
+      # expected to halt the request handling.
       #
-      # If no Content-Type is sent in the request it will check the default_request_format
+      # If any of these conditions are not met, then the request is acceptable and the method
+      # returns without yielding.
       #
-      # @return [TrueClass, FalseClass]
+      # @see Action#enforce_accepted_mime_types
+      # @see Action.accept
+      # @see Config#accepted_formats
       #
       # @since 2.0.0
       # @api private
-      def self.accepted_mime_type?(request, accepted_mime_types, configuration)
-        mime_type = request.env[Action::HTTP_CONTENT_TYPE] ||
-                    default_content_type(configuration) ||
-                    Action::DEFAULT_CONTENT_TYPE
+      def self.enforce_accept(request, config)
+        return unless request.accept_header?
 
-        !accepted_mime_types.find { |mt| ::Rack::Mime.match?(mt, mime_type) }.nil?
+        accept_types = ::Rack::Utils.q_values(request.accept).map(&:first)
+        return if accept_types.any? { |mime_type| accepted_mime_type?(mime_type, config) }
+
+        yield
+      end
+
+      # Yields if an action is configured with `accepted_formats`, the request has a `Content-Type`
+      # header (or a `default_requst_format` is configured), and the content type does not match the
+      # accepted formats. The given block is expected to halt the request handling.
+      #
+      # If any of these conditions are not met, then the request is acceptable and the method
+      # returns without yielding.
+      #
+      # @see Action#enforce_accepted_mime_types
+      # @see Action.accept
+      # @see Config#accepted_formats
+      #
+      # @since 2.0.0
+      # @api private
+      def self.enforce_content_type(request, config)
+        content_type = request.content_type || default_content_type(config)
+
+        return if content_type.nil?
+
+        return if accepted_mime_type?(content_type, config)
+
+        yield
+      end
+
+      # @since 2.0.0
+      # @api private
+      def self.accepted_mime_type?(mime_type, config)
+        config.accepted_mime_types.any? { |accepted_mime_type|
+          ::Rack::Mime.match?(accepted_mime_type, mime_type)
+        }
       end
 
       # Use for setting the content_type and charset if the response
@@ -193,14 +229,12 @@ module Hanami
       #
       # @since 2.0.0
       # @api private
-      def self.calculate_content_type_with_charset(configuration, request, accepted_mime_types)
-        charset      = self.charset(configuration.default_charset)
-        content_type = self.content_type(configuration, request, accepted_mime_types)
+      def self.calculate_content_type_with_charset(config, request, accepted_mime_types)
+        charset = self.charset(config.default_charset)
+        content_type = self.content_type(config, request, accepted_mime_types)
         content_type_with_charset(content_type, charset)
       end
 
-      # private
-
       # Patched version of <tt>Rack::Utils.best_q_match</tt>.
       #
       # @since 2.0.0

data/lib/hanami/action/params.rb

@@ -25,7 +25,7 @@ module Hanami
         # @since 1.1.0
         # @api private
         def initialize(errors = {})
-          super(errors)
+          super(errors.dup)
         end
 
         # Add an error to the param validations
@@ -160,9 +160,9 @@ module Hanami
       def initialize(env)
         @env = env
         super(_extract_params)
-        @result = validate
-        @params = _params
-        @errors = Errors.new(@result.messages)
+        validation = validate
+        @params = validation.to_h
+        @errors = Errors.new(validation.messages)
         freeze
       end
 
@@ -235,7 +235,7 @@ module Hanami
         errors.empty?
       end
 
-      # Serialize params to Hash
+      # Serialize validated params to Hash
       #
       # @return [::Hash]
       #
@@ -244,13 +244,6 @@ module Hanami
         @params
       end
       alias_method :to_hash, :to_h
-
-      private
-
-      # @api private
-      def _params
-        _router_params.merge(@result.output)
-      end
     end
   end
 end

data/lib/hanami/action/request.rb

@@ -1,8 +1,9 @@
 # frozen_string_literal: true
 
-require "rack/utils"
+require "hanami/action/flash"
 require "rack/mime"
 require "rack/request"
+require "rack/utils"
 require "securerandom"
 
 module Hanami
@@ -16,9 +17,11 @@ module Hanami
     class Request < ::Rack::Request
       attr_reader :params
 
-      def initialize(env, params)
+      def initialize(env:, params:, sessions_enabled: false)
         super(env)
+
         @params = params
+        @sessions_enabled = sessions_enabled
       end
 
       def id
@@ -26,6 +29,22 @@ module Hanami
         @id ||= @env[Action::REQUEST_ID] = SecureRandom.hex(Action::DEFAULT_ID_LENGTH)
       end
 
+      def session
+        unless @sessions_enabled
+          raise Hanami::Action::MissingSessionError.new("Hanami::Action::Request#session")
+        end
+
+        super
+      end
+
+      def flash
+        unless @sessions_enabled
+          raise Hanami::Action::MissingSessionError.new("Hanami::Action::Request#flash")
+        end
+
+        @flash ||= Flash.new(session[Flash::KEY])
+      end
+
       def accept?(mime_type)
         !!::Rack::Utils.q_values(accept).find do |mime, _|
           ::Rack::Mime.match?(mime_type, mime)