hanami 2.2.1 → 2.3.0.beta1

data/lib/hanami/middleware/content_security_policy_nonce.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require "rack"
+require "securerandom"
+require_relative "../constants"
+
+module Hanami
+  module Middleware
+    # Generates a random per request nonce value like `mSMnSwfVZVe+LyQy1SPCGw==`, stores it as
+    # `"hanami.content_security_policy_nonce"` in the Rack environment, and replaces all occurrences
+    # of `'nonce'` in the `Content-Security-Policy header with the actual nonce value for the
+    # request, e.g. `'nonce-mSMnSwfVZVe+LyQy1SPCGw=='`.
+    #
+    # @see Hanami::Middleware::ContentSecurityPolicyNonce
+    #
+    # @api private
+    # @since x.x.x
+    class ContentSecurityPolicyNonce
+      # @api private
+      # @since x.x.x
+      def initialize(app)
+        @app = app
+      end
+
+      # @api private
+      # @since x.x.x
+      def call(env)
+        return @app.call(env) unless Hanami.app.config.actions.content_security_policy?
+
+        args = nonce_generator.arity == 1 ? [Rack::Request.new(env)] : []
+        request_nonce = nonce_generator.call(*args)
+
+        env[CONTENT_SECURITY_POLICY_NONCE_REQUEST_KEY] = request_nonce
+
+        _, headers, _ = response = @app.call(env)
+
+        headers["Content-Security-Policy"] = sub_nonce(headers["Content-Security-Policy"], request_nonce)
+
+        response
+      end
+
+      private
+
+      def nonce_generator
+        Hanami.app.config.actions.content_security_policy_nonce_generator
+      end
+
+      def sub_nonce(string, nonce)
+        string&.gsub("'nonce'", "'nonce-#{nonce}'")
+      end
+    end
+  end
+end

data/lib/hanami/slice.rb

@@ -729,7 +729,9 @@ module Hanami
       # @api public
       # @since 2.0.0
       def routes
-        @routes ||= load_routes
+        return @routes if instance_variable_defined?(:@routes)
+
+        @routes = load_routes
       end
 
       # Returns the slice's router, if or nil if no routes are defined.
@@ -925,7 +927,7 @@ module Hanami
         # Check here for the `routes` definition only, not `router` itself, because the
         # `router` requires the slice to be prepared before it can be loaded, and at this
         # point we're still in the process of preparing.
-        if routes
+        if routes?
           require_relative "providers/routes"
           register_provider(:routes, source: Providers::Routes)
         end
@@ -954,9 +956,10 @@ module Hanami
       end
 
       def prepare_autoloader
-        # Component dirs are automatically pushed to the autoloader by dry-system's
-        # zeitwerk plugin. This method adds other dirs that are not otherwise configured
-        # as component dirs.
+        autoloader.tag = "hanami.slices.#{slice_name.to_s}"
+
+        # Component dirs are automatically pushed to the autoloader by dry-system's zeitwerk plugin.
+        # This method adds other dirs that are not otherwise configured as component dirs.
 
         # Everything in the slice root can be autoloaded except `config/` and `slices/`,
         # which are framework-managed directories
@@ -977,11 +980,19 @@ module Hanami
         slices.freeze
       end
 
+      def routes?
+        return false unless Hanami.bundled?("hanami-router")
+
+        return true if namespace.const_defined?(ROUTES_CLASS_NAME)
+
+        root.join("#{ROUTES_PATH}#{RB_EXT}").file?
+      end
+
       def load_routes
         return false unless Hanami.bundled?("hanami-router")
 
         if root.directory?
-          routes_require_path = File.join(root, ROUTES_PATH)
+          routes_require_path = root.join(ROUTES_PATH).to_s
 
           begin
             require_relative "./routes"
@@ -1050,6 +1061,11 @@ module Hanami
             if config.actions.sessions.enabled?
               use(*config.actions.sessions.middleware)
             end
+
+            if config.actions.content_security_policy && # rubocop:disable Style/SafeNavigation
+               config.actions.content_security_policy.nonce?
+              use(*config.actions.content_security_policy.middleware)
+            end
           end
 
           if Hanami.bundled?("hanami-assets") && config.assets.serve

data/lib/hanami/slice_registrar.rb

@@ -5,7 +5,7 @@ require_relative "constants"
 module Hanami
   # @api private
   class SliceRegistrar
-    VALID_SLICE_NAME_RE = /^[a-z][a-z0-9_]+$/
+    VALID_SLICE_NAME_RE = /^[a-z][a-z0-9_]*$/
     SLICE_DELIMITER = CONTAINER_KEY_DELIMITER
 
     attr_reader :parent, :slices

data/lib/hanami/version.rb

@@ -7,7 +7,7 @@ module Hanami
   # @api private
   module Version
     # @api public
-    VERSION = "2.2.1"
+    VERSION = "2.3.0.beta1"
 
     # @since 0.9.0
     # @api private

data/lib/hanami.rb

@@ -138,7 +138,15 @@ module Hanami
     end
   end
 
-  # Returns the Hanami app environment as loaded from the `HANAMI_ENV` environment variable.
+  # Returns the Hanami app environment as determined from the environment.
+  #
+  # Checks the following environment variables in order:
+  #
+  # - `HANAMI_ENV`
+  # - `APP_ENV`
+  # - `RACK_ENV`
+  #
+  # Defaults to `:development` if no environment variable is set.
   #
   # @example
   #   Hanami.env # => :development
@@ -148,7 +156,7 @@ module Hanami
   # @api public
   # @since 2.0.0
   def self.env(e: ENV)
-    e.fetch("HANAMI_ENV") { e.fetch("RACK_ENV", "development") }.to_sym
+    (e["HANAMI_ENV"] || e["APP_ENV"] || e["RACK_ENV"] || :development).to_sym
   end
 
   # Returns true if {.env} matches any of the given names

data/spec/integration/assets/cross_slice_assets_helpers_spec.rb

@@ -123,7 +123,6 @@ RSpec.describe "Cross-slice assets via helpers", :app_integration do
     compile_assets!
 
     output = Admin::Slice["views.posts.show"].call.to_s
-
     expect(output).to match(%r{<link href="/assets/app-[A-Z0-9]{8}.css" type="text/css" rel="stylesheet">})
     expect(output).to match(%r{<script src="/assets/app-[A-Z0-9]{8}.js" type="text/javascript"></script>})
   end

data/spec/integration/assets/serve_static_assets_spec.rb

@@ -62,7 +62,7 @@ RSpec.describe "Serve Static Assets", :app_integration do
       get "/assets/../../config/app.rb"
 
       expect(last_response.status).to eq(404)
-      expect(last_response.body).to match(/Not Found/i)
+      expect(last_response.body).to match("Hanami::Router::NotFoundError")
     end
   end
 

data/spec/integration/container/autoloader_spec.rb

@@ -70,11 +70,13 @@ RSpec.describe "App autoloader", :app_integration do
       expect(NonApp::Thing).to be
 
       expect(TestApp::NBAJam::GetThatOuttaHere).to be
+      expect(TestApp::App.autoloader.tag).to eq("hanami.app.test_app")
 
       expect(Admin::Slice["operations.create_game"]).to be_an_instance_of(Admin::Operations::CreateGame)
       expect(Admin::Slice["operations.create_game"].call).to be_an_instance_of(Admin::Entities::Game)
 
       expect(Admin::Entities::Quarter).to be
+      expect(Admin::Slice.autoloader.tag).to eq("hanami.slices.admin")
     end
   end
 end

data/spec/integration/db/db_spec.rb

@@ -10,7 +10,7 @@ RSpec.describe "DB", :app_integration do
     ENV.replace(@env)
   end
 
-  it "sets up ROM and reigsters relations" do
+  it "sets up ROM and registers relations" do
     with_tmp_directory(Dir.mktmpdir) do
       write "config/app.rb", <<~RUBY
         require "hanami"

data/spec/integration/db/logging_spec.rb

@@ -235,4 +235,67 @@ RSpec.describe "DB / Logging", :app_integration do
       end
     end
   end
+
+  describe "in production" do
+    it "logs SQL queries" do
+      with_tmp_directory(Dir.mktmpdir) do
+        write "config/app.rb", <<~RUBY
+          require "hanami"
+
+          module TestApp
+            class App < Hanami::App
+            end
+          end
+        RUBY
+
+        write "app/relations/posts.rb", <<~RUBY
+          module TestApp
+            module Relations
+              class Posts < Hanami::DB::Relation
+                schema :posts, infer: true
+              end
+            end
+          end
+        RUBY
+
+        ENV["DATABASE_URL"] = "sqlite::memory"
+        ENV["HANAMI_ENV"] = "production"
+
+        require "hanami/setup"
+
+        logger_stream = StringIO.new
+        Hanami.app.config.logger.stream = logger_stream
+
+        require "hanami/prepare"
+
+        Hanami.app.prepare :db
+
+        # Manually run a migration and add a test record
+        gateway = Hanami.app["db.gateway"]
+        migration = gateway.migration do
+          change do
+            create_table :posts do
+              primary_key :id
+              column :title, :text, null: false
+            end
+
+            create_table :authors do
+              primary_key :id
+            end
+          end
+        end
+        migration.apply(gateway, :up)
+        gateway.connection.execute("INSERT INTO posts (title) VALUES ('Together breakfast')")
+
+        relation = Hanami.app["relations.posts"]
+        expect(relation.select(:title).to_a).to eq [{:title=>"Together breakfast"}]
+
+        logger_stream.rewind
+        log_lines = logger_stream.read.split("\n")
+
+        expect(log_lines.length).to eq 1
+        expect(log_lines.first).to match /Loaded :sqlite in \d+ms SELECT `posts`.`title` FROM `posts` ORDER BY `posts`.`id`/
+      end
+    end
+  end
 end

data/spec/integration/db/repo_spec.rb

@@ -114,6 +114,13 @@ RSpec.describe "DB / Repo", :app_integration do
         end
       RUBY
 
+      write "app/repo.rb", <<~RUBY
+        module TestApp
+          class Repo < Hanami::DB::Repo
+          end
+        end
+      RUBY
+
       ENV["DATABASE_URL"] = "sqlite::memory"
 
       write "slices/admin/db/struct.rb", <<~RUBY
@@ -137,7 +144,7 @@ RSpec.describe "DB / Repo", :app_integration do
 
       write "slices/admin/repo.rb", <<~RUBY
         module Admin
-          class Repo < Hanami::DB::Repo
+          class Repo < TestApp::Repo
           end
         end
       RUBY
@@ -172,7 +179,7 @@ RSpec.describe "DB / Repo", :app_integration do
 
       write "slices/main/repo.rb", <<~RUBY
         module Main
-          class Repo < Hanami::DB::Repo
+          class Repo < TestApp::Repo
           end
         end
       RUBY
@@ -186,6 +193,15 @@ RSpec.describe "DB / Repo", :app_integration do
         end
       RUBY
 
+      write "slices/main/repositories/post_repository.rb", <<~RUBY
+        module Main
+          module Repositories
+            class PostRepository < Repo
+            end
+          end
+        end
+      RUBY
+
       require "hanami/prepare"
 
       Admin::Slice.prepare :db
@@ -204,12 +220,81 @@ RSpec.describe "DB / Repo", :app_integration do
       migration.apply(gateway, :up)
       gateway.connection.execute("INSERT INTO posts (title) VALUES ('Together breakfast')")
 
+      expect(Admin::Slice["repos.post_repo"].root).to eql Admin::Slice["relations.posts"]
       expect(Admin::Slice["repos.post_repo"].posts).to eql Admin::Slice["relations.posts"]
       expect(Admin::Slice["repos.post_repo"].posts.by_pk(1).one!.class).to be < Admin::Structs::Post
 
       expect(Main::Slice["repos.post_repo"].posts).to eql Main::Slice["relations.posts"]
+      expect(Main::Slice["repositories.post_repository"].posts).to eql Main::Slice["relations.posts"]
       # Slice struct namespace used even when no concrete struct classes are defined
       expect(Main::Slice["repos.post_repo"].posts.by_pk(1).one!.class).to be < Main::Structs::Post
     end
   end
+
+  specify "repos resolve registered container dependencies with Deps[]" do
+    with_tmp_directory(Dir.mktmpdir) do
+      write "config/app.rb", <<~RUBY
+        require "hanami"
+
+        module TestApp
+          class App < Hanami::App
+            Hanami.app.register("dependency") { -> { "Hello dependency!" } }
+          end
+        end
+      RUBY
+
+      write "app/repo.rb", <<~RUBY
+        module TestApp
+          class Repo < Hanami::DB::Repo
+          end
+        end
+      RUBY
+
+      write "app/relations/posts.rb", <<~RUBY
+        module TestApp
+          module Relations
+            class Posts < Hanami::DB::Relation
+              schema :posts, infer: true
+            end
+          end
+        end
+      RUBY
+
+      write "app/repos/post_repo.rb", <<~RUBY
+        module TestApp
+          module Repos
+            class PostRepo < Repo
+              include Deps["dependency"]
+
+              def test
+                dependency.call
+              end
+
+            end
+          end
+        end
+      RUBY
+
+      ENV["DATABASE_URL"] = "sqlite::memory"
+
+      require "hanami/prepare"
+
+      Hanami.app.prepare :db
+
+      # Manually run a migration and add a test record
+      gateway = Hanami.app["db.gateway"]
+      migration = gateway.migration do
+        change do
+          create_table :posts do
+            primary_key :id
+            column :title, :text, null: false
+          end
+        end
+      end
+      migration.apply(gateway, :up)
+
+      repo = Hanami.app["repos.post_repo"]
+      expect(repo.test).to eq "Hello dependency!"
+    end
+  end
 end

data/spec/integration/logging/exception_logging_spec.rb

@@ -73,7 +73,12 @@ RSpec.describe "Logging / Exception logging", :app_integration do
       expect(logs.lines.length).to be > 10
       expect(logs).to match %r{GET 500 \d+(µs|ms) 127.0.0.1 /}
       expect(logs).to include("unhandled (TestApp::Actions::Test::UnhandledError)")
-      expect(logs).to include("app/actions/test.rb:7:in `handle'")
+
+      if RUBY_VERSION < "3.4"
+        expect(logs).to include("app/actions/test.rb:7:in `handle'")
+      else
+        expect(logs).to include("app/actions/test.rb:7:in 'TestApp::Actions::Test#handle'")
+      end
     end
 
     it "re-raises the exception" do

data/spec/integration/rack_app/middleware_spec.rb

@@ -507,7 +507,7 @@ RSpec.describe "Hanami web app", :app_integration do
       write "lib/test_app/middleware/api_version.rb", <<~RUBY
         module TestApp
           module Middleware
-            class ApiVersion
+            class APIVersion
               def self.inspect
                 "<Middleware::API::Version>"
               end
@@ -530,7 +530,7 @@ RSpec.describe "Hanami web app", :app_integration do
       write "lib/test_app/middleware/api_deprecation.rb", <<~RUBY
         module TestApp
           module Middleware
-            class ApiDeprecation
+            class APIDeprecation
               def self.inspect
                 "<Middleware::API::Deprecation>"
               end
@@ -578,13 +578,6 @@ RSpec.describe "Hanami web app", :app_integration do
       RUBY
 
       write "config/routes.rb", <<~RUBY
-        require "test_app/middleware/elapsed"
-        require "test_app/middleware/authentication"
-        require "test_app/middleware/rate_limiter"
-        require "test_app/middleware/api_version"
-        require "test_app/middleware/api_deprecation"
-        require "test_app/middleware/scope_identifier"
-
         module TestApp
           class Routes < Hanami::Routes
             use TestApp::Middleware::Elapsed
@@ -609,8 +602,8 @@ RSpec.describe "Hanami web app", :app_integration do
               root to: ->(*) { [200, {"Content-Length" => "3"}, ["API"]] }
 
               slice :api_v1, at: "/v1" do
-                use TestApp::Middleware::ApiVersion
-                use TestApp::Middleware::ApiDeprecation
+                use TestApp::Middleware::APIVersion
+                use TestApp::Middleware::APIDeprecation
                 use TestApp::Middleware::ScopeIdentifier, "API-V1"
 
                 root to: "home.show"

data/spec/integration/view/helpers/form_helper_spec.rb

@@ -156,7 +156,7 @@ RSpec.describe "Helpers / FormHelper", :app_integration do
         module TestApp
           class App < Hanami::App
             config.logger.stream = StringIO.new
-            config.actions.sessions = :cookie, {secret: "xyz"}
+            config.actions.sessions = :cookie, {secret: "wxyz"*16} # Rack demands >=64 characters
           end
         end
       RUBY