hanami 2.0.0.alpha3 → 2.0.0.alpha4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f322cd4a751d83369d2d20f0f209bfb1dca92a78f6a3dd7c4027ea672df84e36
-  data.tar.gz: 801be572c3df6e61bfaee8b72f0a164dcbe83216f33c72972c67334f9b2619cf
+  metadata.gz: 2188bc3aee5a164b6610c6bc97fad9f0bba0384bf11a80be27228e7f19dad4e0
+  data.tar.gz: 7fa39987132cf6bfda0b0986a36894d08297c1df06b31354cfbeae934d73a813
 SHA512:
-  metadata.gz: 244ab662705c248857bc4d4e3f42b1de6dc92003fb3c8fe6d3cd006194be272d1aac36f570baa319a971dfcdd6f24eb691c270fa57b852fdbc4da863bc1908d1
-  data.tar.gz: 3d6b72d227de112fbedefb7f8f6fbcb1e010fb37bf3d97e5826b6fe134dc0facd2a36bba0ad5e2118f731ee2bb1d18ae4f7307377c0fd31e5b81a3e307c56ae0
+  metadata.gz: f7b1aad0186fcdaa94593ba4ff5d01cf4f8d4431aaffba173c3c795c2c0c76993a27da3aa503b0ce59fd67467615c86c50a4ab227986e38dd0986e91c30766a5
+  data.tar.gz: cd2d8b82bc7f98e906686fdab7299282b1c1be4b29278c9ee5b0f9b3cefbb7d31fa83013a840b2b9fa2b8e2b2f3f8c0582ca3587b35ced91f65db6f853d67cf7

data/CHANGELOG.md

@@ -1,6 +1,75 @@
 # Hanami
 The web, with simplicity.
 
+## v2.0.0.alpha4 - 2021-12-07
+### Added
+- [Luca Guidi] Manage Content Security Policy (CSP) with "zero-defaults" policy. New API to change CSP values and to disable the feature.
+    ```ruby
+    # Read a CSP value
+
+    module MyApp
+      class Application < Hanami::Application
+        config.actions.content_security_policy[:base_uri] # => "'self'"
+      end
+    end
+    ```
+
+    ```ruby
+    # Override a default CSP value
+
+    module MyApp
+      class Application < Hanami::Application
+        # This line will generate the following CSP fragment
+        # plugin-types ;
+        config.actions.content_security_policy[:plugin_types] = nil
+      end
+    end
+    ```
+
+    ```ruby
+    # Append to a default CSP value
+
+    module MyApp
+      class Application < Hanami::Application
+        # This line will generate the following CSP fragment
+        # script-src 'self' https://my.cdn.test;
+        config.actions.content_security_policy[:script_src] += " https://my.cdn.test"
+      end
+    end
+    ```
+
+    ```ruby
+    # Add a custom CSP key. Useful when CSP standard evolves.
+
+    module MyApp
+      class Application < Hanami::Application
+        # This line will generate the following CSP fragment
+        # my-custom-setting 'self';
+        config.actions.content_security_policy[:my-custom-setting] = "'self'"
+      end
+    end
+    ```
+
+    ```ruby
+    # Delete a CSP key.
+
+    module MyApp
+      class Application < Hanami::Application
+        config.actions.content_security_policy.delete(:object_src)
+      end
+    end
+    ```
+
+    ```ruby
+    # Disable CSP feature.
+
+    module MyApp
+      class Application < Hanami::Application
+        config.actions.content_security_policy = false
+      end
+    end
+    ```
+
 ## v2.0.0.alpha3 - 2021-11-09
 ### Added
 - [Luca Guidi] Added `Hanami.shutdown` to stop all bootable components in the application container

data/lib/hanami/application/container/boot/routes_helper.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+Hanami.application.register_bootable :routes_helper do
+  start do
+    require "hanami/application/routes_helper"
+
+    register :routes_helper, Hanami::Application::RoutesHelper.new(Hanami.application.router)
+  end
+end

data/lib/hanami/application/routes.rb

@@ -33,7 +33,8 @@ module Hanami
       #
       # @yield DSL syntax to define application routes executed in the context
       # of {Hanami::Application::Router}
-      # @returns [Proc]
+      #
+      # @return [Proc]
       def self.define(&block)
         @_routes = block
       end

data/lib/hanami/application/routes_helper.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Hanami
+  class Application
+    # Hanami application routes helpers
+    #
+    # An instance of this class gets registered in the container
+    # (`routes_helper` key) once the Hanami application is booted. You can use
+    # it to get the route helpers for your application.
+    #
+    # @example
+    #   MyApp::Application["routes_helper"].path(:root) # => "/"
+    #
+    # @see Hanami::Router::UrlHelpers
+    # @since 2.0.0
+    class RoutesHelper
+      # @since 2.0.0
+      # @api private
+      def initialize(router)
+        @router = router
+      end
+
+      # @see Hanami::Router::UrlHelpers#path
+      def path(*args, **kwargs, &block)
+        @router.path(*args, **kwargs, &block)
+      end
+
+      # @see Hanami::Router::UrlHelpers#url
+      def url(*args, **kwargs, &block)
+        @router.url(*args, **kwargs, &block)
+      end
+    end
+  end
+end

data/lib/hanami/application/routing/resolver.rb

@@ -7,6 +7,8 @@ module Hanami
       #
       # @since 2.0.0
       class Resolver
+        ENDPOINT_KEY_NAMESPACE = "actions"
+
         require_relative "resolver/trie"
 
         # @since 2.0.0
@@ -21,7 +23,7 @@ module Hanami
         def initialize(slices:, inflector:)
           @slices = slices
           @inflector = inflector
-          @slices_registry = Trie.new
+          @slice_registry = Trie.new
         end
 
         # @api private
@@ -50,7 +52,7 @@ module Hanami
         # @api private
         # @since 2.0.0
         def register_slice_at_path(name, path)
-          slices_registry.add(path, name)
+          slice_registry.add(path, name)
         end
 
         private
@@ -65,16 +67,19 @@ module Hanami
 
         # @api private
         # @since 2.0.0
-        attr_reader :slices_registry
+        attr_reader :slice_registry
 
         # @api private
         # @since 2.0.0
         def resolve_string_identifier(path, identifier)
-          slice_name = slices_registry.find(path) or raise "missing slice for #{path.inspect} (#{identifier.inspect})"
+          slice_name = slice_registry.find(path) or raise "missing slice for #{path.inspect} (#{identifier.inspect})"
           slice = slices[slice_name]
-          action_key = "actions.#{identifier}"
+          endpoint_key = "#{ENDPOINT_KEY_NAMESPACE}.#{identifier}"
 
-          slice[action_key]
+          # Lazily resolve endpoint from the slice to reduce router initialization time,
+          # and break potential endless loops from the resolved endpoint itself requiring
+          # access to router-related concerns
+          -> (*args) { slice[endpoint_key].call(*args) }
         end
       end
     end

data/lib/hanami/application.rb

@@ -8,6 +8,7 @@ require "rack"
 require "zeitwerk"
 require_relative "slice"
 require_relative "application/autoloader/inflector_adapter"
+require_relative "application/router"
 require_relative "application/routes"
 require_relative "application/settings"
 
@@ -71,8 +72,6 @@ module Hanami
 
         autoloader.setup
 
-        load_routes
-
         @inited = true
         self
       end
@@ -148,6 +147,8 @@ module Hanami
 
         init
 
+        load_router
+
         container.finalize!(&block)
 
         slices.values.each(&:boot)
@@ -168,12 +169,6 @@ module Hanami
         @_settings ||= load_settings
       end
 
-      def routes
-        @_mutex.synchronize do
-          @_routes ||= load_routes
-        end
-      end
-
       MODULE_DELIMITER = "::"
       private_constant :MODULE_DELIMITER
 
@@ -216,6 +211,41 @@ module Hanami
         providers.detect { |provider| component_name.include?(provider.namespace.to_s) }
       end
 
+      def router
+        @_mutex.synchronize do
+          @_router ||= load_router
+        end
+      end
+
+      def load_router
+        Router.new(
+          routes: routes,
+          resolver: resolver,
+          **configuration.router.options,
+        ) do
+          use Hanami.application[:rack_monitor]
+
+          Hanami.application.config.for_each_middleware do |m, *args, &block|
+            use(m, *args, &block)
+          end
+        end
+      end
+
+      def routes
+        require File.join(configuration.root, configuration.router.routes_path)
+        routes_class = autodiscover_application_constant(configuration.router.routes_class_name)
+        routes_class.routes
+      rescue LoadError
+        proc {}
+      end
+
+      def resolver
+        config.router.resolver.new(
+          slices: slices,
+          inflector: inflector
+        )
+      end
+
       private
 
       def prepare_base_load_path
@@ -312,13 +342,6 @@ module Hanami
       end
       # rubocop:enable Metrics/AbcSize, Metrics/MethodLength
 
-      def load_routes
-        require File.join(configuration.root, configuration.router.routes_path)
-        routes_class = autodiscover_application_constant(configuration.router.routes_class_name)
-        routes_class.routes
-      rescue LoadError # rubocop:disable Lint/SuppressedException
-      end
-
       def load_settings
         prepare_base_load_path
         require File.join(configuration.root, configuration.settings_path)
@@ -342,24 +365,7 @@ module Hanami
 
         application.boot
 
-        resolver = application.config.router.resolver.new(
-          slices: application.slices,
-          inflector: application.inflector
-        )
-
-        router = Application::Router.new(
-          routes: application.routes,
-          resolver: resolver,
-          **application.configuration.router.options,
-        ) do
-          use application[:rack_monitor]
-
-          application.config.for_each_middleware do |m, *args, &block|
-            use(m, *args, &block)
-          end
-        end
-
-        @app = router.to_rack_app
+        @app = application.router.to_rack_app
       end
       # rubocop:enable Metrics/AbcSize, Metrics/MethodLength
 

data/lib/hanami/assets/application_configuration.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require "hanami/assets/configuration"
+require "dry/configurable"
+
+module Hanami
+  module Assets
+    # @since 2.0.0
+    # @api public
+    class ApplicationConfiguration
+      include Dry::Configurable
+
+      setting :server_url, default: "http://localhost:8080"
+
+      # @since 2.0.0
+      # @api private
+      def initialize(*)
+        super
+
+        @base_configuration = Assets::Configuration.new
+      end
+
+      # @since 2.0.0
+      # @api private
+      def finalize!
+      end
+
+      # Returns the list of available settings
+      #
+      # @return [Set]
+      #
+      # @since 2.0.0
+      # @api private
+      def settings
+        base_configuration.settings + self.class.settings
+      end
+
+      private
+
+      # @since 2.0.0
+      # @api private
+      attr_reader :base_configuration
+
+      # @since 2.0.0
+      # @api private
+      def method_missing(name, *args, &block)
+        if config.respond_to?(name)
+          config.public_send(name, *args, &block)
+        elsif base_configuration.respond_to?(name)
+          base_configuration.public_send(name, *args, &block)
+        else
+          super
+        end
+      end
+
+      # @since 2.0.0
+      # @api private
+      def respond_to_missing?(name, _incude_all = false)
+        config.respond_to?(name) || base_configuration.respond_to?(name) || super
+      end
+    end
+  end
+end

data/lib/hanami/assets/configuration.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require "dry/configurable"
+
+module Hanami
+  module Assets
+    # @since 2.0.0
+    # @api public
+    class Configuration
+      include Dry::Configurable
+
+      # Initialize the Configuration
+      #
+      # @yield [config] the configuration object
+      #
+      # @return [Configuration]
+      #
+      # @since 2.0.0
+      # @api private
+      def initialize(*)
+        super
+        yield self if block_given?
+      end
+
+      # Returns the list of available settings
+      #
+      # @return [Set]
+      #
+      # @since 2.0.0
+      # @api private
+      def settings
+        self.class.settings
+      end
+
+      private
+
+      # @since 2.0.0
+      # @api private
+      def method_missing(name, *args, &block)
+        if config.respond_to?(name)
+          config.public_send(name, *args, &block)
+        else
+          super
+        end
+      end
+
+      # @since 2.0.0
+      # @api private
+      def respond_to_missing?(name, _incude_all = false)
+        config.respond_to?(name) || super
+      end
+    end
+  end
+end

data/lib/hanami/configuration.rb

@@ -28,7 +28,7 @@ module Hanami
     attr_reader :actions
     attr_reader :middleware
     attr_reader :router
-    attr_reader :views
+    attr_reader :views, :assets
 
     attr_reader :environments
     private :environments
@@ -42,12 +42,22 @@ module Hanami
       self.root = Dir.pwd
       self.settings_store = Application::Settings::DotenvStore.new.with_dotenv_loaded
 
+      @assets = begin
+        require_path = "hanami/assets/application_configuration"
+        require require_path
+        Hanami::Assets::ApplicationConfiguration.new
+      rescue LoadError => e
+        raise e unless e.path == require_path
+        require_relative "configuration/null_configuration"
+        NullConfiguration.new
+      end
+
       # Config for actions (same for views, below) may not be available if the gem isn't
       # loaded; fall back to a null config object if it's missing
       @actions = begin
         require_path = "hanami/action/application_configuration"
         require require_path
-        Hanami::Action::ApplicationConfiguration.new
+        Hanami::Action::ApplicationConfiguration.new(assets_server_url: assets.server_url)
       rescue LoadError => e
         raise e unless e.path == require_path
         require_relative "configuration/null_configuration"
@@ -82,6 +92,7 @@ module Hanami
       apply_env_config
 
       # Finalize nested configurations
+      assets.finalize!
       actions.finalize!
       views.finalize!
       logger.finalize!

data/lib/hanami/version.rb

@@ -8,7 +8,7 @@ module Hanami
   module Version
     # @since 0.9.0
     # @api private
-    VERSION = "2.0.0.alpha3"
+    VERSION = "2.0.0.alpha4"
 
     # @since 0.9.0
     # @api private

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hanami
 version: !ruby/object:Gem::Version
-  version: 2.0.0.alpha3
+  version: 2.0.0.alpha4
 platform: ruby
 authors:
 - Luca Guidi
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-11-09 00:00:00.000000000 Z
+date: 2021-12-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -222,15 +222,19 @@ files:
 - lib/hanami/application/container/boot/logger.rb
 - lib/hanami/application/container/boot/rack_logger.rb
 - lib/hanami/application/container/boot/rack_monitor.rb
+- lib/hanami/application/container/boot/routes_helper.rb
 - lib/hanami/application/container/boot/settings.rb
 - lib/hanami/application/router.rb
 - lib/hanami/application/routes.rb
+- lib/hanami/application/routes_helper.rb
 - lib/hanami/application/routing/middleware/stack.rb
 - lib/hanami/application/routing/resolver.rb
 - lib/hanami/application/routing/resolver/node.rb
 - lib/hanami/application/routing/resolver/trie.rb
 - lib/hanami/application/settings.rb
 - lib/hanami/application/settings/dotenv_store.rb
+- lib/hanami/assets/application_configuration.rb
+- lib/hanami/assets/configuration.rb
 - lib/hanami/boot.rb
 - lib/hanami/cli/application/cli.rb
 - lib/hanami/cli/application/command.rb
@@ -272,7 +276,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.2.29
 signing_key:
 specification_version: 4
 summary: The web, with simplicity