hanami 2.0.0.beta3 → 2.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 52462a1be45d338394f82872ac25bd8fc6e34f5b90991e74928342d0905d377d
-  data.tar.gz: 221af8ef1ba7993d6eb0678c0536513fca19f68b83bcf13d2fa5664747b83b98
+  metadata.gz: 6a1a430f511f0bda44248e88d4fb2c87d10dc3d8fbabf092b895ff2a3bbb78db
+  data.tar.gz: 75c6e767584d34103505eb3637fc0fb72dde6118b35fa5f4a76a186681031e7a
 SHA512:
-  metadata.gz: f2e0f16b7bee12601ebe28645be73219dd97647d4dc2ddfa47af25ac974092afa8d4b4ec849e0f7866e266c6dd7f39ddf31aa19b857083fb1841f19b98affdbf
-  data.tar.gz: 1b2ad0280e15291bba6fdf5efaf75bb10555eba655087ea53a9c5c7e8a5522335e0e07e0f2bf81f2b2c4ce638c14a58bbe2d8c827a792a5d2fc17111245bb75a
+  metadata.gz: 306e3261fb72d114ddcb9128de3a3c9a499bff57f1b2c51fd3cee54e644248c3bd981f54b626d7e5549e1fa9c467d86156a7c2c3e4c14c869501e698d07f6423
+  data.tar.gz: a59bf43bf07700e282abe6e83919fd53a5e277b7efa5706b743a25537006eef76b49409bedf0af49cae8122bd39d5c396f705f1e148a01367565e1accb46d9a6

data/CHANGELOG.md

@@ -2,6 +2,45 @@
 
 The web, with simplicity.
 
+## v2.0.0.rc1 - 2022-11-08
+
+### Added
+
+- [Piotr Solnica] Use Zeitwerk to auto-load Hanami
+- [Tim Riley] Introduce `Hanami::Slice.stop` to properly shutdown all the application slices
+
+### Fixed
+
+- [Luca Guidi] Ensure to properly mount Rack middleware in routing scope and slice
+- [Tim Riley] Simplify and clarify usage of `Hanami::Config#enviroment`
+- [Tim Riley] Improve error message for missing action class
+- [Tim Riley] Expect nested slices to use parent’s namespace
+
+### Changed
+
+- [Piotr Solnica] Replace `Hanami::Logger` with `Dry::Logger`
+- [Tim Riley] Remove duplicated configuration `config.session` and keep `config.actions.sessions`
+
+## v2.0.0.beta4 - 2022-10-24
+
+### Added
+
+- [Peter Solnica] Improve middleware config by avoiding class names and requires: symbols instead of classes can be passed as middleware identifiers (`config.middleware.use(:body_parser, :json)`); constant namespaces can be configured for resolving symbols into class names (`config.middleware.namespaces = [Hanami::Middleware, MyStuff::Middlewares]`), with the first match winning; first-party middleware classes are required automatically. (#1215)
+
+### Fixed
+
+- [Luca Guidi] Do not attempt to load routes if hanami-router is not bundled (#1214)
+- [Marc Busqué] Ensure nested slices are considered when auto-configuring application components using `Hanami::SliceConfigurable` (#1212)
+- [Tim Riley] Ensure errors are raised during settings loading for any settings that are missing entirely from ENV (#1222)
+
+### Changed
+
+- [Tim Riley] Rename `Hanami::App.configuration` to `Hanami::App.config` and `Hanami::Configuration` to `Hanami::Config` (#1218)
+- [Tim Riley] Make `Hanami::App.settings` available as a class method again (#1213)
+- [Tim Riley] `config/settings.rb` in apps no longer has access to autoloaded constants (changed back to behavior pre-beta3) (#1213)
+- [Tim Riley] Auto-generate a nested `Types` module in `Hanami::Settings` subclasses if dry-types is available, for added convenience in type checking settings (#1213)
+- [Marc Busqué] Hide values from `Hanami::Settings#inspect` (values may contain sensitive data). Values can be inspected via `#inspect_values` (#1217)
+
 ## v2.0.0.beta3 - 2022-09-21
 
 ### Changed

data/hanami.gemspec

@@ -32,14 +32,15 @@ Gem::Specification.new do |spec|
   spec.metadata["allowed_push_host"] = "https://rubygems.org"
 
   spec.add_dependency "bundler",          ">= 1.16", "< 3"
-  spec.add_dependency "dry-configurable", "~> 0.15"
-  spec.add_dependency "dry-core",         "~> 0.7"
-  spec.add_dependency "dry-inflector",    "~> 0.2", ">= 0.2.1"
-  spec.add_dependency "dry-system",       "~> 0.25", ">= 0.25.0"
-  spec.add_dependency "dry-monitor",      "~> 0.6", ">= 0.6.3"
-  spec.add_dependency "hanami-cli",       "~> 2.0.beta"
-  spec.add_dependency "hanami-utils",     "~> 2.0.beta"
-  spec.add_dependency "zeitwerk",         "~> 2.4"
+  spec.add_dependency "dry-configurable", "~> 1.0", "< 2"
+  spec.add_dependency "dry-core",         "~> 1.0", "< 2"
+  spec.add_dependency "dry-inflector",    "~> 1.0", "< 2"
+  spec.add_dependency "dry-monitor",      "~> 1.0", "< 2"
+  spec.add_dependency "dry-system",       "~> 1.0.rc"
+  spec.add_dependency "dry-logger",       "~> 1.0.rc"
+  spec.add_dependency "hanami-cli",       "~> 2.0.rc"
+  spec.add_dependency "hanami-utils",     "~> 2.0.rc"
+  spec.add_dependency "zeitwerk",         "~> 2.6"
 
   spec.add_development_dependency "rspec",     "~> 3.8"
   spec.add_development_dependency "rack-test", "~> 1.1"

data/lib/hanami/app.rb

@@ -1,17 +1,13 @@
 # frozen_string_literal: true
 
-require_relative "configuration"
 require_relative "constants"
-require_relative "slice"
-require_relative "slice_name"
 
 module Hanami
-  # The Hanami app is a singular slice tasked with managing the core components of
-  # the app and coordinating overall app boot.
+  # The Hanami app is a singular slice tasked with managing the core components of the app and
+  # coordinating overall app boot.
   #
-  # For smaller apps, the app may be the only slice present, whereas larger apps
-  # may consist of many slices, with the app reserved for holding a small number
-  # of shared components only.
+  # For smaller apps, the app may be the only slice present, whereas larger apps may consist of many
+  # slices, with the app reserved for holding a small number of shared components only.
   #
   # @see Slice
   #
@@ -20,6 +16,8 @@ module Hanami
   class App < Slice
     @_mutex = Mutex.new
 
+    # @api private
+    # @since 2.0.0
     def self.inherited(subclass)
       super
 
@@ -29,11 +27,11 @@ module Hanami
 
       @_mutex.synchronize do
         subclass.class_eval do
-          @configuration = Hanami::Configuration.new(app_name: slice_name, env: Hanami.env)
+          @config = Hanami::Config.new(app_name: slice_name, env: Hanami.env)
 
-          # Prepare the load path (based on the default root of `Dir.pwd`) as early as
-          # possible, so you can make a `require` inside the body of an `App` subclass,
-          # which may be useful for certain kinds of app configuration.
+          # Prepare the load path (based on the default root of `Dir.pwd`) as early as possible, so
+          # you can make a `require` inside the body of an `App` subclass, which may be useful for
+          # certain kinds of app configuration.
           prepare_load_path
 
           load_dotenv
@@ -43,29 +41,41 @@ module Hanami
 
     # App class interface
     module ClassMethods
-      attr_reader :configuration
+      # Returns the app's config.
+      #
+      # @return [Hanami::Config]
+      #
+      # @api public
+      # @since 2.0.0
+      attr_reader :config
 
+      # Returns the app's {SliceName}.
+      #
+      # @return [Hanami::SliceName]
+      #
+      # @see Slice::ClassMethods#slice_name
+      #
+      # @api public
+      # @since 2.0.0
       def app_name
         slice_name
       end
 
-      # Prepares the $LOAD_PATH based on the app's configured root, prepending the `lib/`
-      # directory if it exists. If the lib directory is already added, this will do
-      # nothing.
+      # Prepares the $LOAD_PATH based on the app's configured root, prepending the `lib/` directory
+      # if it exists. If the lib directory is already added, this will do nothing.
       #
-      # In ordinary circumstances, you should never have to call this method: this method
-      # is called immediately upon subclassing {Hanami::App}, as a convenicence to put
-      # lib/ (under the default root of `Dir.pwd`) on the load path automatically. This is
-      # helpful if you need to require files inside the subclass body for performing
-      # certain app configuration steps.
+      # In ordinary circumstances, you should never have to call this method: this method is called
+      # immediately upon subclassing {Hanami::App}, as a convenicence to put lib/ (under the default
+      # root of `Dir.pwd`) on the load path automatically. This is helpful if you need to require
+      # files inside the subclass body for performing certain app configuration steps.
       #
-      # If you change your app's `config.root` and you need to require files from its
-      # `lib/` directory within your {App} subclass body, you should call
-      # {.prepare_load_path} explicitly after setting the new root.
+      # If you change your app's `config.root` and you need to require files from its `lib/`
+      # directory within your {App} subclass body, you should call {.prepare_load_path} explicitly
+      # after setting the new root.
       #
-      # Otherwise, this method is called again as part of the app {.prepare} step, so if
-      # you've changed your app's root and do _not_ need to require files within your {App}
-      # subclass body, then you don't need to call this method.
+      # Otherwise, this method is called again as part of the app {.prepare} step, so if you've
+      # changed your app's root and do _not_ need to require files within your {App} subclass body,
+      # then you don't need to call this method.
       #
       # @example
       #   module MyApp
@@ -124,12 +134,12 @@ module Hanami
         # Make app-wide notifications available as early as possible
         container.use(:notifications)
 
-        # Ensure all basic slice preparation is complete before we make adjustments below
-        # (which rely on the basic prepare steps having already run)
+        # Ensure all basic slice preparation is complete before we make adjustments below (which
+        # rely on the basic prepare steps having already run)
         super
 
-        # Run specific prepare steps for the app slice. Note also that some
-        # standard steps have been skipped via the empty method overrides below.
+        # Run specific prepare steps for the app slice. Note also that some standard steps have been
+        # skipped via the empty method overrides below.
         prepare_app_component_dirs
         prepare_app_providers
       end
@@ -150,9 +160,9 @@ module Hanami
           end
         end
 
-        # When auto-registering components in app/, ignore files in `app/lib/` (these will
-        # be auto-registered as above), as well as the configured no_auto_register_paths
-        no_auto_register_paths = ([LIB_DIR] + configuration.no_auto_register_paths)
+        # When auto-registering components in app/, ignore files in `app/lib/` (these will be
+        # auto-registered as above), as well as the configured no_auto_register_paths
+        no_auto_register_paths = ([LIB_DIR] + config.no_auto_register_paths)
           .map { |path|
             path.end_with?(File::SEPARATOR) ? path : "#{path}#{File::SEPARATOR}"
           }
@@ -178,14 +188,15 @@ module Hanami
           register_provider(:logger, source: Hanami::Providers::Logger)
         end
 
-        require_relative "providers/rack"
-        register_provider(:rack, source: Hanami::Providers::Rack, namespace: true)
+        if Hanami.bundled?("rack")
+          require_relative "providers/rack"
+          register_provider(:rack, source: Hanami::Providers::Rack, namespace: true)
+        end
       end
 
       def prepare_autoloader
-        # Component dirs are automatically pushed to the autoloader by dry-system's
-        # zeitwerk plugin. This method adds other dirs that are not otherwise configured
-        # as component dirs.
+        # Component dirs are automatically pushed to the autoloader by dry-system's zeitwerk plugin.
+        # This method adds other dirs that are not otherwise configured as component dirs.
 
         # Autoload classes from `lib/[app_namespace]/`
         if root.join(LIB_DIR, app_name.name).directory?

data/lib/hanami/assets/app_config.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+require "dry/configurable"
+
+module Hanami
+  # @api private
+  module Assets
+    # App config for assets.
+    #
+    # This is NOT RELEASED as of 2.0.0.
+    #
+    # @api private
+    class AppConfig
+      include Dry::Configurable
+
+      attr_reader :base_config
+      protected :base_config
+
+      setting :server_url, default: "http://localhost:8080"
+
+      def initialize(*)
+        super
+
+        @base_config = Assets::Config.new
+      end
+
+      def initialize_copy(source)
+        super
+        @base_config = source.base_config.dup
+      end
+
+      def finalize!
+      end
+
+      # Returns the list of available settings
+      #
+      # @return [Set]
+      #
+      # @api private
+      def settings
+        base_config.settings + self.class.settings
+      end
+
+      private
+
+      def method_missing(name, *args, &block)
+        if config.respond_to?(name)
+          config.public_send(name, *args, &block)
+        elsif base_config.respond_to?(name)
+          base_config.public_send(name, *args, &block)
+        else
+          super
+        end
+      end
+
+      def respond_to_missing?(name, _incude_all = false)
+        config.respond_to?(name) || base_config.respond_to?(name) || super
+      end
+    end
+  end
+end

data/lib/hanami/assets/{configuration.rb → config.rb}

@@ -4,16 +4,19 @@ require "dry/configurable"
 
 module Hanami
   module Assets
-    # @since 2.0.0
-    # @api public
-    class Configuration
+    # App config for assets.
+    #
+    # This is NOT RELEASED as of 2.0.0.
+    #
+    # @api private
+    class Config
       include Dry::Configurable
 
-      # Initialize the Configuration
+      # Initialize the Config
       #
-      # @yield [config] the configuration object
+      # @yield [config] the config object
       #
-      # @return [Configuration]
+      # @return [Config]
       #
       # @since 2.0.0
       # @api private
@@ -34,8 +37,6 @@ module Hanami
 
       private
 
-      # @since 2.0.0
-      # @api private
       def method_missing(name, *args, &block)
         if config.respond_to?(name)
           config.public_send(name, *args, &block)
@@ -44,8 +45,6 @@ module Hanami
         end
       end
 
-      # @since 2.0.0
-      # @api private
       def respond_to_missing?(name, _incude_all = false)
         config.respond_to?(name) || super
       end

data/lib/hanami/{configuration → config}/actions/content_security_policy.rb

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
 module Hanami
-  class Configuration
+  class Config
     class Actions
-      # Configuration for Content Security Policy in Hanami apps
+      # Config for Content Security Policy in Hanami apps
       #
       # @since 2.0.0
       class ContentSecurityPolicy
@@ -99,7 +99,7 @@ module Hanami
 
         # @since 2.0.0
         # @api private
-        def to_str
+        def to_s
           @policy.map do |key, value|
             "#{dasherize(key)} #{value}"
           end.join(";\n")

data/lib/hanami/config/actions/cookies.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Hanami
+  class Config
+    class Actions
+      # Wrapper for app-level config of HTTP cookies for Hanami actions.
+      #
+      # This decorates the hash of cookie options that is otherwise directly configurable on
+      # actions, and adds the `enabled?` method to allow app base action to determine whether to
+      # include the `Action::Cookies` module.
+      #
+      # @api public
+      # @since 2.0.0
+      class Cookies
+        # Returns the cookie options.
+        #
+        # @return [Hash]
+        #
+        # @api public
+        # @since 2.0.0
+        attr_reader :options
+
+        # Returns a new `Cookies`.
+        #
+        # You should not need to initialize this class directly. Instead use
+        # {Hanami::Config::Actions#cookies}.
+        #
+        # @api private
+        # @since 2.0.0
+        def initialize(options)
+          @options = options
+        end
+
+        # Returns true if any cookie options have been provided.
+        #
+        # @return [Boolean]
+        #
+        # @api public
+        # @since 2.0.0
+        def enabled?
+          !options.nil?
+        end
+
+        # Returns the cookie options.
+        #
+        # If no options have been provided, returns an empty hash.
+        #
+        # @return [Hash]
+        #
+        # @api public
+        def to_h
+          options.to_h
+        end
+      end
+    end
+  end
+end

data/lib/hanami/config/actions/sessions.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+require "hanami/utils/string"
+require "hanami/utils/class"
+
+module Hanami
+  class Config
+    class Actions
+      # Config for HTTP session middleware in Hanami actions.
+      #
+      # @api public
+      # @since 2.0.0
+      class Sessions
+        # Returns the configured session storage
+        #
+        # @return [Symbol]
+        #
+        # @api public
+        # @since 2.0.0
+        attr_reader :storage
+
+        # Returns the configured session storage options
+        #
+        # @return [Array]
+        #
+        # @api public
+        # @since 2.0.0
+        attr_reader :options
+
+        # Returns a new `Sessions`.
+        #
+        # You should not need to initialize this class directly. Instead use
+        # {Hanami::Config::Actions#sessions=}.
+        #
+        # @example
+        #   config.actions.sessions = :cookie, {secret: "xyz"}
+        #
+        # @api private
+        # @since 2.0.0
+        def initialize(storage = nil, *options)
+          @storage = storage
+          @options = options
+        end
+
+        # Returns true if sessions have been enabled.
+        #
+        # @return [Boolean]
+        #
+        # @api public
+        # @since 2.0.0
+        def enabled?
+          !storage.nil?
+        end
+
+        # Returns an array of the session storage middleware name and its options, or an empty array
+        # if sessions have not been enabled.
+        #
+        # @return [Array<(Symbol, Array)>]
+        #
+        # @api public
+        # @since 2.0.0
+        def middleware
+          return [] unless enabled?
+
+          [storage_middleware, options].flatten(1)
+        end
+
+        private
+
+        def storage_middleware
+          require_storage
+
+          name = Utils::String.classify(storage)
+          Utils::Class.load!(name, ::Rack::Session)
+        end
+
+        def require_storage
+          require "rack/session/#{storage}"
+        end
+      end
+    end
+  end
+end

data/lib/hanami/config/actions.rb

@@ -0,0 +1,164 @@
+# frozen_string_literal: true
+
+require "dry/configurable"
+
+module Hanami
+  class Config
+    # Hanami actions config
+    #
+    # This exposes all the settings from the standalone `Hanami::Action` class, pre-configured with
+    # sensible defaults for actions within a full Hanami app. It also provides additional settings
+    # for further integration of actions with other full stack app components.
+    #
+    # @since 2.0.0
+    # @api public
+    class Actions
+      include Dry::Configurable
+
+      # @!attribute [rw] cookies
+      #   Sets or returns a hash of cookie options for actions.
+      #
+      #   The hash is wrapped by {Hanami::Config::Actions::Cookies}, which also provides an
+      #   `enabled?` method, returning true in the case of any options provided.
+      #
+      #   @example
+      #     config.actions.cookies = {max_age: 300}
+      #
+      #   @return [Hanami::Config::Actions::Cookies]
+      #
+      #   @api public
+      #   @since 2.0.0
+      setting :cookies, default: {}, constructor: -> options { Cookies.new(options) }
+
+      # @!attribute [rw] sessions
+      #   Sets or returns the session store (and its options) for actions.
+      #
+      #   The given values are taken as an argument list to be passed to {Config::Sessions#initialize}.
+      #
+      #   The configured session store is used when setting up the app or slice
+      #   {Slice::ClassMethods#router router}.
+      #
+      #   @example
+      #     config.actions.sessions = :cookie, {secret: "xyz"}
+      #
+      #   @return [Config::Sessions]
+      #
+      #   @see Config::Sessions
+      #   @see Slice::ClassMethods#router
+      #
+      #   @api public
+      #   @since 2.0.0
+      setting :sessions, constructor: proc { |storage, *options| Sessions.new(storage, *options) }
+
+      # @!attribute [rw] csrf_protection
+      #   Sets or returns whether CSRF protection should be enabled for action classes.
+      #
+      #   Defaults to true if {#sessions} is enabled. You can override this by explicitly setting a
+      #   true or false value.
+      #
+      #   When true, this will include `Hanami::Action::CSRFProtection` in all action classes.
+      #
+      #   @return [Boolean]
+      #
+      #   @api public
+      #   @since 2.0.0
+      setting :csrf_protection
+
+      # Returns the Content Security Policy config for actions.
+      #
+      # The resulting policy is set as a default `"Content-Security-Policy"` response header.
+      #
+      # @return [Hanami::Config::Actions::ContentSecurityPolicy]
+      #
+      # @api public
+      # @since 2.0.0
+      attr_accessor :content_security_policy
+
+      # The following settings are for view and assets integration with actions, and are NOT
+      # publicly released as of 2.0.0. We'll make full documentation available when these become
+      # public in a subsequent release.
+
+      # @!attribute [rw] name_inference_base
+      #   @api private
+      setting :name_inference_base, default: "actions"
+
+      # @!attribute [rw] view_context_identifier
+      #   @api private
+      setting :view_context_identifier, default: "views.context"
+
+      # @!attribute [rw] view_name_inferrer
+      #   @api private
+      setting :view_name_inferrer, default: Slice::ViewNameInferrer
+
+      # @!attribute [rw] view_name_inference_base
+      #   @api private
+      setting :view_name_inference_base, default: "views"
+
+      # @api private
+      attr_reader :base_config
+      protected :base_config
+
+      # @api private
+      def initialize(*, **options)
+        super()
+
+        @base_config = Hanami::Action.config.dup
+        @content_security_policy = ContentSecurityPolicy.new do |csp|
+          if assets_server_url = options[:assets_server_url]
+            csp[:script_src] += " #{assets_server_url}"
+            csp[:style_src] += " #{assets_server_url}"
+          end
+        end
+
+        configure_defaults
+      end
+
+      # @api private
+      def initialize_copy(source)
+        super
+        @base_config = source.base_config.dup
+        @content_security_policy = source.content_security_policy.dup
+      end
+      private :initialize_copy
+
+      # @api private
+      def finalize!
+        # A nil value for `csrf_protection` means it has not been explicitly configured
+        # (neither true nor false), so we can default it to whether sessions are enabled
+        self.csrf_protection = sessions.enabled? if csrf_protection.nil?
+
+        if content_security_policy
+          default_headers["Content-Security-Policy"] = content_security_policy.to_s
+        end
+      end
+
+      private
+
+      # Apply defaults for base config
+      def configure_defaults
+        self.default_request_format = :html
+        self.default_response_format = :html
+
+        self.default_headers = {
+          "X-Frame-Options" => "DENY",
+          "X-Content-Type-Options" => "nosniff",
+          "X-XSS-Protection" => "1; mode=block"
+        }
+      end
+
+      def method_missing(name, *args, &block)
+        if config.respond_to?(name)
+          config.public_send(name, *args, &block)
+        elsif base_config.respond_to?(name)
+          base_config.public_send(name, *args, &block)
+        else
+          super
+        end
+      end
+
+      def respond_to_missing?(name, _incude_all = false)
+        config.respond_to?(name) || base_config.respond_to?(name) || super
+      end
+    end
+  end
+end