hanami 2.2.0 → 2.3.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7ebc4cbb51db37137a558abeeb3c4aa509d2a6d4db521458b465a427e503b098
-  data.tar.gz: fdd74d2e280be11ba0db6852a0dcfcd15df7629a1edb6e6b7067f623103d9fdd
+  metadata.gz: a8faef478dec45e673c25c67704b0fd7a363e784061412c64e96735040f2d07f
+  data.tar.gz: b88eac54b8ba6241645b616ba9eafd20d54edb888e7fca8abc9e310f414dabe5
 SHA512:
-  metadata.gz: 5c7fbba4c66f89f8426a675c88005b1c67a544f7051aec5835108a075631b253fde376b8a6b993a78257fb329e398dad45349f8380716ff0ca1d812b79624619
-  data.tar.gz: c5e66a40feaee584b0d6cc9d22aa31b01abcc4d8ec06a3fe09a9aca294f2cdf5d41c3bfa92a6da291a5c9015fac96f4986ac9535f8b85b3681b81708dd69dcdf
+  metadata.gz: 8233b2e453669ae1528c3cadd8032cbff3a7337c590bb0962d307ddd71bb8b18e28f56cc19a5644225efaf0ad0bfa2f5a008dd8fbae2615a9bc819906e47e1cc
+  data.tar.gz: 07551dada781667f44be90593599a0f505e9580d82d98c70df4e18e4288651e68fb26130d3504bf228dd2b7d2237af7494d7cfac86cd06ece733920657adfa83

data/CHANGELOG.md

@@ -1,6 +1,48 @@
 # Hanami
 
-The web, with simplicity.
+## [Unreleased]
+
+### Added
+
+### Changed
+
+### Deprecated
+
+### Removed
+
+### Fixed
+
+### Security
+
+## [v2.3.0.beta1] - 2025-10-03
+
+### Added
+
+- Add `config.console` settings to app. Set an alternative engine with e.g. `config.console.engine = :pry` (`:irb` is default). Add your own methods to the console with `config.console.include MyModule, AnotherModule`. (@alassek in #1540)
+- Support optional nonce in Rack requests, CSP header rules and view helpers (@svoop in #1500)
+- Check `ENV["APP_ENV"]` for the Hanami env if `ENV["HANAMI_ENV"]` is not set. The order of environment variable checks is now `HANAMI_ENV`->`APP_ENV`->`RACK_ENV` (@svoop in #1487).
+
+### Changed
+
+- Support both Rack v2 and v3. (@kyleplump in #1493)
+- Support single-character slice names. (@aaronmallen in #1528)
+
+### Fixed
+
+- Allow `include Deps` to be used in `Hanami::DB::Repo` subclasses. (@wuarmin in #1523)
+- Properly infer root relations for deeper `Hanami::DB::Repo` subclasses, such as in slices. (@wuarmin in #1478)
+- Delay loading `config/routes.rb` until after autoloading is setup, which means you can access your constants there. (@timriley in #1539)
+- Avoid warning from referencing deprecated `URI::DEFAULT_PARSER`. (@wuarmin in #1518)
+
+## v2.2.1 - 2024-11-12
+
+### Changed
+
+- [Tim Riley] Depend on matching minor version of hanami-cli (a version spec of `"~> 2.2.1"` instead of `"~> 2.2"`). This ensures that future bumps to the minor version of hanami-cli will not be inadvertently installed on user machines (#1471)
+
+### Fixed
+
+- [Tim Riley] Allow base operation class to load when a Hanami app is generated with `--skip-db` (i.e. when the "rom-sql" gem is not in the bundle) (#1475)
 
 ## v2.2.0 - 2024-11-05
 
@@ -1468,3 +1510,7 @@ end
 - [Luca Guidi] Introduced `Lotus::Configuration`
 - [Luca Guidi] Introduced `Lotus::Application`
 - [Luca Guidi] Official support for MRI 2.0
+
+
+[unreleased]: https://github.com/hanami/hanami/compare/v2.3.0.beta1...HEAD
+[v2.3.0.beta1] https://github.com/hanami/hanami/compare/v2.2.1...v2.3.0.beta1

data/README.md

@@ -1,12 +1,6 @@
 # Hanami :cherry_blossom:
 
-The web, with simplicity.
-
-## Version
-
-**This branch contains the code for `hanami`: 2.2**
-
-## Frameworks
+**A flexible framework for maintainable Ruby apps.**
 
 Hanami is a **full-stack** Ruby web framework. It's made up of smaller, single-purpose libraries.
 
@@ -14,8 +8,8 @@ This repository is for the full-stack framework, which provides the glue that ti
 
 * [**Hanami::Router**](https://github.com/hanami/router) - Rack compatible HTTP router for Ruby
 * [**Hanami::Controller**](https://github.com/hanami/controller) - Full featured, fast and testable actions for Rack
-* [**Hanami::Validations**](https://github.com/hanami/validations) - Parameter validations & coercion for actions
 * [**Hanami::View**](https://github.com/hanami/view) - Presentation with a separation between views and templates
+* [**Hanami::DB**](https://github.com/hanami/db) - Database integration, complete with migrations, repositories, relations, and structs
 * [**Hanami::Assets**](https://github.com/hanami/assets) - Assets management for Ruby
 
 These components are designed to be used independently or together in a Hanami application.
@@ -24,12 +18,10 @@ These components are designed to be used independently or together in a Hanami a
 
 [![Gem Version](https://badge.fury.io/rb/hanami.svg)](https://badge.fury.io/rb/hanami)
 [![CI](https://github.com/hanami/hanami/actions/workflows/ci.yml/badge.svg)](https://github.com/hanami/hanami/actions?query=workflow%3Aci+branch%3Amain)
-[![Test Coverage](https://codecov.io/gh/hanami/hanami/branch/main/graph/badge.svg)](https://codecov.io/gh/hanami/hanami)
-[![Depfu](https://badges.depfu.com/badges/ba000e0f69e6ef1c44cd3038caaa1841/overview.svg)](https://depfu.com/github/hanami/hanami?project=Bundler)
 
 ## Installation
 
-__Hanami__ supports Ruby (MRI) 3.1+.
+Hanami supports Ruby (MRI) 3.1+.
 
 ```shell
 gem install hanami
@@ -40,7 +32,8 @@ gem install hanami
 ```shell
 hanami new bookshelf
 cd bookshelf && bundle
-bundle exec hanami server # visit http://localhost:2300
+bundle exec hanami dev
+# Now visit http://localhost:2300
 ```
 
 Please follow along with the [Getting Started guide](https://guides.hanamirb.org/getting-started/).
@@ -49,30 +42,22 @@ Please follow along with the [Getting Started guide](https://guides.hanamirb.org
 
 You can give back to Open Source, by supporting Hanami development via [GitHub Sponsors](https://github.com/sponsors/hanami).
 
-### Supporters
-
-  * [Trung Lê](https://github.com/runlevel5)
-  * [James Carlson](https://github.com/jxxcarlson)
-  * [Creditas](https://www.creditas.com.br/)
-
 ## Contact
 
-* Home page: http://hanamirb.org
-* Community: http://hanamirb.org/community
-* Guides: https://guides.hanamirb.org
-* Snippets: https://snippets.hanamirb.org
-* Mailing List: http://hanamirb.org/mailing-list
-* API Doc: https://gemdocs.org/gems/hanami/latest
-* Bugs/Issues: https://github.com/hanami/hanami/issues
-* Stack Overflow: http://stackoverflow.com/questions/tagged/hanami
-* Forum: https://discourse.hanamirb.org
-* **Chat**: http://chat.hanamirb.org
+* [Home page](http://hanamirb.org)
+* [Community](http://hanamirb.org/community)
+* [Guides](https://guides.hanamirb.org)
+* [Issues](https://github.com/hanami/hanami/issues)
+* [Forum](https://discourse.hanamirb.org)
+* [Chat](https://discord.gg/KFCxDmk3JQ)
 
 ## Community
 
-We strive for an inclusive and helpful community. We have a [Code of Conduct](http://hanamirb.org/community/#code-of-conduct) to handle controversial cases. In general, we expect **you** to be **nice** with other people. Our hope is for a great software and a great Community.
+We care about building a friendly, inclusive and helpful community. We welcome people of all backgrounds, genders and experience levels, and respect you all equally.
+
+We do not tolerate nazis, transphobes, racists, or any kind of bigotry. See our [code of conduct](http://hanamirb.org/community/#code-of-conduct) for more.
 
-## Contributing [![Open Source Helpers](https://www.codetriage.com/hanami/hanami/badges/users.svg)](https://www.codetriage.com/hanami/hanami)
+## Contributing
 
 1. Fork it ( https://github.com/hanami/hanami/fork )
 2. Create your feature branch (`git checkout -b my-new-feature`)
@@ -110,14 +95,14 @@ $ bundle exec rspec path/to/spec.rb
 
 ### Development Requirements
 
-  * Ruby >= 3.1
-  * Bundler
-  * Node.js (MacOS)
+* Ruby >= 3.1
+* Bundler
+* Node.js
 
 ## Versioning
 
-__Hanami__ uses [Semantic Versioning 2.0.0](http://semver.org)
+Hanami uses [Semantic Versioning 2.0.0](http://semver.org).
 
 ## Copyright
 
-Copyright © 2014–2024 Hanami Team – Released under MIT License.
+Copyright © 2014–2025 Hanami Team – Released under MIT License.

data/hanami.gemspec

@@ -38,12 +38,13 @@ Gem::Specification.new do |spec|
   spec.add_dependency "dry-monitor",      "~> 1.0", ">= 1.0.1", "< 2"
   spec.add_dependency "dry-system",       "~> 1.1"
   spec.add_dependency "dry-logger",       "~> 1.0", "< 2"
-  spec.add_dependency "hanami-cli",       "~> 2.2"
+  spec.add_dependency "hanami-cli",       "~> 2.3.0.beta1"
   spec.add_dependency "hanami-utils",     "~> 2.2"
   spec.add_dependency "json",             ">= 2.7.2"
   spec.add_dependency "zeitwerk",         "~> 2.6"
+  spec.add_dependency "rack-session"
 
   spec.add_development_dependency "rspec",     "~> 3.8"
-  spec.add_development_dependency "rack-test", "~> 1.1"
+  spec.add_development_dependency "rack-test", "~> 2.0"
   spec.add_development_dependency "rake",      "~> 13.0"
 end

data/lib/hanami/app.rb

@@ -168,6 +168,8 @@ module Hanami
       end
 
       def prepare_autoloader
+        autoloader.tag = "hanami.app.#{slice_name.name}"
+
         # Component dirs are automatically pushed to the autoloader by dry-system's zeitwerk plugin.
         # This method adds other dirs that are not otherwise configured as component dirs.
 

data/lib/hanami/config/actions/content_security_policy.rb

@@ -96,6 +96,29 @@ module Hanami
           @policy.delete(key)
         end
 
+        # Returns true if 'nonce' is used in any of the policies.
+        #
+        # @return [Boolean]
+        #
+        # @api public
+        # @since x.x.x
+        def nonce?
+          @policy.any? { _2.match?(/'nonce'/) }
+        end
+
+        # Returns an array of middleware name to support 'nonce' in
+        # policies, or an empty array if 'nonce' is not used.
+        #
+        # @return [Array<(Symbol, Array)>]
+        #
+        # @api public
+        # @since x.x.x
+        def middleware
+          return [] unless nonce?
+
+          [Hanami::Middleware::ContentSecurityPolicyNonce]
+        end
+
         # @since 2.0.0
         # @api private
         def to_s

data/lib/hanami/config/actions.rb

@@ -74,6 +74,23 @@ module Hanami
       # @since 2.0.0
       attr_accessor :content_security_policy
 
+      # Returns the proc to generate Content Security Policy nonce values.
+      #
+      # The current Rack request object is provided as an optional argument
+      # to the proc, enabling the generation of nonces based on session IDs.
+      #
+      # @example Independent random nonce (default)
+      #   -> { SecureRandom.urlsafe_base64(16) }
+      #
+      # @example Session dependent nonce
+      #   ->(request) { Digest::SHA256.base64digest(request.session[:uuid])[0, 16] }
+      #
+      # @return [Proc]
+      #
+      # @api public
+      # @since x.x.x
+      setting :content_security_policy_nonce_generator, default: -> { SecureRandom.urlsafe_base64(16) }
+
       # @!attribute [rw] method_override
       #   Sets or returns whether HTTP method override should be enabled for action classes.
       #
@@ -138,6 +155,10 @@ module Hanami
         end
       end
 
+      # @api public
+      # @since x.x.x
+      def content_security_policy? = !!@content_security_policy
+
       private
 
       # Apply defaults for base config

data/lib/hanami/config/console.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+require "dry/configurable"
+
+module Hanami
+  class Config
+    # Hanami console config
+    #
+    # @since 2.3.0
+    # @api public
+    class Console
+      include Dry::Configurable
+
+      # @!attribute [rw] engine
+      #  Sets or returns the interactive console engine to be used by `hanami console`.
+      #  Supported values are `:irb` (default) and `:pry`.
+      #
+      #  @example
+      #    config.console.engine = :pry
+      #
+      #  @return [Symbol]
+      #
+      #  @api public
+      #  @since 2.3.0
+      setting :engine, default: :irb
+
+      # Returns the complete list of extensions to be used in the console
+      #
+      # @example
+      #   config.console.include MyExtension, OtherExtension
+      #   config.console.include ThirdExtension
+      #
+      #   config.console.extensions
+      #   # => [MyExtension, OtherExtension, ThirdExtension]
+      #
+      # @return [Array<Module>]
+      #
+      # @api public
+      # @since 2.3.0
+      def extensions = @extensions.dup.freeze
+
+      # Define a module extension to be included in the console
+      #
+      # @param mod [Module] one or more modules to be included in the console
+      # @return [void]
+      #
+      # @api public
+      # @since 2.3.0
+      def include(*mod)
+        @extensions.concat(mod).uniq!
+      end
+
+      # @api private
+      def initialize
+        @extensions = []
+      end
+
+      private
+
+      # @api private
+      def initialize_copy(source)
+        super
+        @extensions = [*source.extensions]
+      end
+
+      def method_missing(name, *args, &block)
+        if config.respond_to?(name)
+          config.public_send(name, *args, &block)
+        else
+          super
+        end
+      end
+
+      def respond_to_missing?(name, _include_all = false)
+        config.respond_to?(name) || super
+      end
+    end
+  end
+end

data/lib/hanami/config/logger.rb

@@ -101,7 +101,7 @@ module Hanami
       #   Sets or returns a hash of options to pass to the {logger_constructor} when initializing
       #   the logger.
       #
-      #   Defaults to `[]`
+      #   Defaults to `{}`
       #
       #   @return [Hash]
       #

data/lib/hanami/config.rb

@@ -6,6 +6,7 @@ require "dry/configurable"
 require "dry/inflector"
 
 require_relative "constants"
+require_relative "config/console"
 
 module Hanami
   # Hanami app config
@@ -184,6 +185,18 @@ module Hanami
       "Hanami::Router::NotFoundError" => :not_found,
     )
 
+    # @!attribute [rw] console
+    #   Returns the app's console config
+    # 
+    #   @example
+    #     config.console.engine # => :irb
+    # 
+    #   @return [Hanami::Config::Console]
+    # 
+    #   @api public
+    #   @since 2.3.0
+    setting :console, default: Hanami::Config::Console.new
+
     # Returns the app or slice's {Hanami::SliceName slice_name}.
     #
     # This is useful for default config values that depend on this name.

data/lib/hanami/constants.rb

@@ -56,4 +56,7 @@ module Hanami
   # @api private
   RB_EXT_REGEXP = %r{.rb$}
   private_constant :RB_EXT_REGEXP
+
+  # @api private
+  CONTENT_SECURITY_POLICY_NONCE_REQUEST_KEY = "hanami.content_security_policy_nonce"
 end

data/lib/hanami/extensions/db/repo.rb

@@ -69,7 +69,8 @@ module Hanami
           resolve_rom = method(:resolve_rom)
 
           define_method(:new) do |**kwargs|
-            super(container: kwargs.fetch(:container) { resolve_rom.() })
+            container = kwargs.delete(:container) || resolve_rom.()
+            super(container: container, **kwargs)
           end
         end
 
@@ -77,14 +78,18 @@ module Hanami
           slice["db.rom"]
         end
 
-        def root_for_repo_class(repo_class)
-          return unless repo_class.to_s.end_with?("Repo")
+        REPO_CLASS_NAME_REGEX = /^(?<name>.+)_(repo|repository)$/
 
-          slice.inflector.demodulize(repo_class)
+        def root_for_repo_class(repo_class)
+          repo_class_name = slice.inflector.demodulize(repo_class)
             .then { slice.inflector.underscore(_1) }
-            .then { _1.gsub(/_repo$/, "") }
+
+          repo_class_match = repo_class_name.match(REPO_CLASS_NAME_REGEX)
+          return unless repo_class_match
+
+          repo_class_match[:name]
             .then { slice.inflector.pluralize(_1) }
-            .then { _1.to_sym }
+            .then(&:to_sym)
         end
 
         def struct_namespace

data/lib/hanami/extensions/operation.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require "dry/operation"
-require "dry/operation/extensions/rom"
 
 module Hanami
   module Extensions
@@ -38,6 +37,7 @@ module Hanami
           return unless subclass.superclass == self
           return unless Hanami.bundled?("hanami-db")
 
+          require "dry/operation/extensions/rom"
           subclass.include Dry::Operation::Extensions::ROM
         end
       end

data/lib/hanami/extensions/view/context.rb

@@ -172,6 +172,16 @@ module Hanami
               @request
             end
 
+            # Returns true if the view is rendered from within an action and a request is available.
+            #
+            # @return [Boolean]
+            #
+            # @api public
+            # @since x.x.x
+            def request?
+              !!@request
+            end
+
             # Returns the app's routes helper.
             #
             # @return [Hanami::Slice::RoutesHelper] the routes helper