hanami 2.2.1 → 2.3.0.beta2

data/spec/integration/assets/serve_static_assets_spec.rb

@@ -62,7 +62,7 @@ RSpec.describe "Serve Static Assets", :app_integration do
       get "/assets/../../config/app.rb"
 
       expect(last_response.status).to eq(404)
-      expect(last_response.body).to match(/Not Found/i)
+      expect(last_response.body).to match("Hanami::Router::NotFoundError")
     end
   end
 

data/spec/integration/container/autoloader_spec.rb

@@ -70,11 +70,13 @@ RSpec.describe "App autoloader", :app_integration do
       expect(NonApp::Thing).to be
 
       expect(TestApp::NBAJam::GetThatOuttaHere).to be
+      expect(TestApp::App.autoloader.tag).to eq("hanami.app.test_app")
 
       expect(Admin::Slice["operations.create_game"]).to be_an_instance_of(Admin::Operations::CreateGame)
       expect(Admin::Slice["operations.create_game"].call).to be_an_instance_of(Admin::Entities::Game)
 
       expect(Admin::Entities::Quarter).to be
+      expect(Admin::Slice.autoloader.tag).to eq("hanami.slices.admin")
     end
   end
 end

data/spec/integration/db/db_spec.rb

@@ -10,7 +10,7 @@ RSpec.describe "DB", :app_integration do
     ENV.replace(@env)
   end
 
-  it "sets up ROM and reigsters relations" do
+  it "sets up ROM and registers relations" do
     with_tmp_directory(Dir.mktmpdir) do
       write "config/app.rb", <<~RUBY
         require "hanami"

data/spec/integration/db/logging_spec.rb

@@ -235,4 +235,67 @@ RSpec.describe "DB / Logging", :app_integration do
       end
     end
   end
+
+  describe "in production" do
+    it "logs SQL queries" do
+      with_tmp_directory(Dir.mktmpdir) do
+        write "config/app.rb", <<~RUBY
+          require "hanami"
+
+          module TestApp
+            class App < Hanami::App
+            end
+          end
+        RUBY
+
+        write "app/relations/posts.rb", <<~RUBY
+          module TestApp
+            module Relations
+              class Posts < Hanami::DB::Relation
+                schema :posts, infer: true
+              end
+            end
+          end
+        RUBY
+
+        ENV["DATABASE_URL"] = "sqlite::memory"
+        ENV["HANAMI_ENV"] = "production"
+
+        require "hanami/setup"
+
+        logger_stream = StringIO.new
+        Hanami.app.config.logger.stream = logger_stream
+
+        require "hanami/prepare"
+
+        Hanami.app.prepare :db
+
+        # Manually run a migration and add a test record
+        gateway = Hanami.app["db.gateway"]
+        migration = gateway.migration do
+          change do
+            create_table :posts do
+              primary_key :id
+              column :title, :text, null: false
+            end
+
+            create_table :authors do
+              primary_key :id
+            end
+          end
+        end
+        migration.apply(gateway, :up)
+        gateway.connection.execute("INSERT INTO posts (title) VALUES ('Together breakfast')")
+
+        relation = Hanami.app["relations.posts"]
+        expect(relation.select(:title).to_a).to eq [{:title=>"Together breakfast"}]
+
+        logger_stream.rewind
+        log_lines = logger_stream.read.split("\n")
+
+        expect(log_lines.length).to eq 1
+        expect(log_lines.first).to match /Loaded :sqlite in \d+ms SELECT `posts`.`title` FROM `posts` ORDER BY `posts`.`id`/
+      end
+    end
+  end
 end

data/spec/integration/db/repo_spec.rb

@@ -114,6 +114,13 @@ RSpec.describe "DB / Repo", :app_integration do
         end
       RUBY
 
+      write "app/repo.rb", <<~RUBY
+        module TestApp
+          class Repo < Hanami::DB::Repo
+          end
+        end
+      RUBY
+
       ENV["DATABASE_URL"] = "sqlite::memory"
 
       write "slices/admin/db/struct.rb", <<~RUBY
@@ -137,7 +144,7 @@ RSpec.describe "DB / Repo", :app_integration do
 
       write "slices/admin/repo.rb", <<~RUBY
         module Admin
-          class Repo < Hanami::DB::Repo
+          class Repo < TestApp::Repo
           end
         end
       RUBY
@@ -172,7 +179,7 @@ RSpec.describe "DB / Repo", :app_integration do
 
       write "slices/main/repo.rb", <<~RUBY
         module Main
-          class Repo < Hanami::DB::Repo
+          class Repo < TestApp::Repo
           end
         end
       RUBY
@@ -186,6 +193,15 @@ RSpec.describe "DB / Repo", :app_integration do
         end
       RUBY
 
+      write "slices/main/repositories/post_repository.rb", <<~RUBY
+        module Main
+          module Repositories
+            class PostRepository < Repo
+            end
+          end
+        end
+      RUBY
+
       require "hanami/prepare"
 
       Admin::Slice.prepare :db
@@ -204,12 +220,81 @@ RSpec.describe "DB / Repo", :app_integration do
       migration.apply(gateway, :up)
       gateway.connection.execute("INSERT INTO posts (title) VALUES ('Together breakfast')")
 
+      expect(Admin::Slice["repos.post_repo"].root).to eql Admin::Slice["relations.posts"]
       expect(Admin::Slice["repos.post_repo"].posts).to eql Admin::Slice["relations.posts"]
       expect(Admin::Slice["repos.post_repo"].posts.by_pk(1).one!.class).to be < Admin::Structs::Post
 
       expect(Main::Slice["repos.post_repo"].posts).to eql Main::Slice["relations.posts"]
+      expect(Main::Slice["repositories.post_repository"].posts).to eql Main::Slice["relations.posts"]
       # Slice struct namespace used even when no concrete struct classes are defined
       expect(Main::Slice["repos.post_repo"].posts.by_pk(1).one!.class).to be < Main::Structs::Post
     end
   end
+
+  specify "repos resolve registered container dependencies with Deps[]" do
+    with_tmp_directory(Dir.mktmpdir) do
+      write "config/app.rb", <<~RUBY
+        require "hanami"
+
+        module TestApp
+          class App < Hanami::App
+            Hanami.app.register("dependency") { -> { "Hello dependency!" } }
+          end
+        end
+      RUBY
+
+      write "app/repo.rb", <<~RUBY
+        module TestApp
+          class Repo < Hanami::DB::Repo
+          end
+        end
+      RUBY
+
+      write "app/relations/posts.rb", <<~RUBY
+        module TestApp
+          module Relations
+            class Posts < Hanami::DB::Relation
+              schema :posts, infer: true
+            end
+          end
+        end
+      RUBY
+
+      write "app/repos/post_repo.rb", <<~RUBY
+        module TestApp
+          module Repos
+            class PostRepo < Repo
+              include Deps["dependency"]
+
+              def test
+                dependency.call
+              end
+
+            end
+          end
+        end
+      RUBY
+
+      ENV["DATABASE_URL"] = "sqlite::memory"
+
+      require "hanami/prepare"
+
+      Hanami.app.prepare :db
+
+      # Manually run a migration and add a test record
+      gateway = Hanami.app["db.gateway"]
+      migration = gateway.migration do
+        change do
+          create_table :posts do
+            primary_key :id
+            column :title, :text, null: false
+          end
+        end
+      end
+      migration.apply(gateway, :up)
+
+      repo = Hanami.app["repos.post_repo"]
+      expect(repo.test).to eq "Hello dependency!"
+    end
+  end
 end

data/spec/integration/logging/exception_logging_spec.rb

@@ -73,7 +73,12 @@ RSpec.describe "Logging / Exception logging", :app_integration do
       expect(logs.lines.length).to be > 10
       expect(logs).to match %r{GET 500 \d+(µs|ms) 127.0.0.1 /}
       expect(logs).to include("unhandled (TestApp::Actions::Test::UnhandledError)")
-      expect(logs).to include("app/actions/test.rb:7:in `handle'")
+
+      if RUBY_VERSION < "3.4"
+        expect(logs).to include("app/actions/test.rb:7:in `handle'")
+      else
+        expect(logs).to include("app/actions/test.rb:7:in 'TestApp::Actions::Test#handle'")
+      end
     end
 
     it "re-raises the exception" do

data/spec/integration/rack_app/body_parser_spec.rb

@@ -65,7 +65,8 @@ RSpec.describe "Hanami web app", :app_integration do
 
       module TestApp
         class App < Hanami::App
-          config.actions.formats.add :json, ["application/json+scim"]
+          config.actions.formats.register :json, "application/json+scim"
+          config.actions.formats.accept :json
           config.middleware.use :body_parser, [json: "application/json+scim"]
           config.logger.stream = StringIO.new
         end

data/spec/integration/rack_app/middleware_spec.rb

@@ -507,7 +507,7 @@ RSpec.describe "Hanami web app", :app_integration do
       write "lib/test_app/middleware/api_version.rb", <<~RUBY
         module TestApp
           module Middleware
-            class ApiVersion
+            class APIVersion
               def self.inspect
                 "<Middleware::API::Version>"
               end
@@ -530,7 +530,7 @@ RSpec.describe "Hanami web app", :app_integration do
       write "lib/test_app/middleware/api_deprecation.rb", <<~RUBY
         module TestApp
           module Middleware
-            class ApiDeprecation
+            class APIDeprecation
               def self.inspect
                 "<Middleware::API::Deprecation>"
               end
@@ -578,13 +578,6 @@ RSpec.describe "Hanami web app", :app_integration do
       RUBY
 
       write "config/routes.rb", <<~RUBY
-        require "test_app/middleware/elapsed"
-        require "test_app/middleware/authentication"
-        require "test_app/middleware/rate_limiter"
-        require "test_app/middleware/api_version"
-        require "test_app/middleware/api_deprecation"
-        require "test_app/middleware/scope_identifier"
-
         module TestApp
           class Routes < Hanami::Routes
             use TestApp::Middleware::Elapsed
@@ -609,8 +602,8 @@ RSpec.describe "Hanami web app", :app_integration do
               root to: ->(*) { [200, {"Content-Length" => "3"}, ["API"]] }
 
               slice :api_v1, at: "/v1" do
-                use TestApp::Middleware::ApiVersion
-                use TestApp::Middleware::ApiDeprecation
+                use TestApp::Middleware::APIVersion
+                use TestApp::Middleware::APIDeprecation
                 use TestApp::Middleware::ScopeIdentifier, "API-V1"
 
                 root to: "home.show"

data/spec/integration/rack_app/rack_app_spec.rb

@@ -305,7 +305,7 @@ RSpec.describe "Hanami web app", :app_integration do
       expect { Hanami.app.rack_app }.to raise_error do |exception|
         expect(exception).to be_kind_of(Hanami::Routes::MissingActionError)
         expect(exception.message).to include("Could not find action with key \"actions.missing.action\" in TestApp::App")
-        expect(exception.message).to match(%r{define the action class TestApp::Actions::Missing::Action.+actions/missing/action.rb})
+        expect(exception.message).to include("define the action class TestApp::Actions::Missing::Action in app/actions/missing/action.rb")
       end
     end
   end
@@ -337,7 +337,7 @@ RSpec.describe "Hanami web app", :app_integration do
       expect { Hanami.app.rack_app }.to raise_error do |exception|
         expect(exception).to be_kind_of(Hanami::Routes::MissingActionError)
         expect(exception.message).to include("Could not find action with key \"actions.missing.action\" in Admin::Slice")
-        expect(exception.message).to match(%r{define the action class Admin::Actions::Missing::Action.+slices/admin/actions/missing/action.rb})
+        expect(exception.message).to include("define the action class Admin::Actions::Missing::Action in slices/admin/actions/missing/action.rb")
       end
     end
   end

data/spec/integration/view/helpers/form_helper_spec.rb

@@ -156,7 +156,7 @@ RSpec.describe "Helpers / FormHelper", :app_integration do
         module TestApp
           class App < Hanami::App
             config.logger.stream = StringIO.new
-            config.actions.sessions = :cookie, {secret: "xyz"}
+            config.actions.sessions = :cookie, {secret: "wxyz"*16} # Rack demands >=64 characters
           end
         end
       RUBY

data/spec/integration/web/content_security_policy_nonce_spec.rb

@@ -0,0 +1,251 @@
+# frozen_string_literal: true
+
+require "rack/test"
+
+RSpec.describe "Web / Content security policy nonce", :app_integration do
+  include Rack::Test::Methods
+
+  let(:app) { Hanami.app }
+
+  before do
+    with_directory(@dir = make_tmp_directory) do
+      write "config/routes.rb", <<~RUBY
+        module TestApp
+          class Routes < Hanami::Routes
+            get "index", to: "index"
+          end
+        end
+      RUBY
+
+      write "app/actions/index.rb", <<~RUBY
+        module TestApp
+          module Actions
+            class Index < Hanami::Action
+            end
+          end
+        end
+      RUBY
+
+      write "app/views/index.rb", <<~RUBY
+        module TestApp
+          module Views
+            class Index < Hanami::View
+              config.layout = false
+            end
+          end
+        end
+      RUBY
+
+      write "app/templates/index.html.erb", <<~HTML
+        <!DOCTYPE html>
+        <html lang="en">
+          <head>
+            <%= stylesheet_tag "app", class: "nonce-true", nonce: true %>
+            <%= stylesheet_tag "app", class: "nonce-false", nonce: false %>
+            <%= stylesheet_tag "app", class: "nonce-explicit", nonce: "explicit" %>
+            <%= stylesheet_tag "app", class: "nonce-generated" %>
+            <%= stylesheet_tag "https://example.com/app.css", class: "nonce-absolute" %>
+          </head>
+          <body>
+            <style nonce="<%= content_security_policy_nonce %>"></style>
+            <%= javascript_tag "app", class: "nonce-true", nonce: true %>
+            <%= javascript_tag "app", class: "nonce-false", nonce: false %>
+            <%= javascript_tag "app", class: "nonce-explicit", nonce: "explicit" %>
+            <%= javascript_tag "app", class: "nonce-generated" %>
+            <%= javascript_tag "https://example.com/app.js", class: "nonce-absolute" %>
+          </body>
+        </html>
+      HTML
+
+      write "package.json", <<~JSON
+        {
+          "type": "module"
+        }
+      JSON
+
+      write "config/assets.js", <<~JS
+        import * as assets from "hanami-assets";
+        await assets.run();
+      JS
+
+      write "app/assets/js/app.js", <<~JS
+        import "../css/app.css";
+      JS
+
+      write "app/assets/css/app.css", ""
+
+      before_prepare if respond_to?(:before_prepare)
+      require "hanami/prepare"
+      compile_assets!
+    end
+  end
+
+  describe "HTML request" do
+    context "CSP enabled" do
+      def before_prepare
+        write "config/app.rb", <<~RUBY
+          require "hanami"
+
+          module TestApp
+            class App < Hanami::App
+              config.actions.content_security_policy[:script_src] = "'self' 'nonce'"
+
+              config.logger.stream = File::NULL
+            end
+          end
+        RUBY
+      end
+
+      it "sets unique and per-request hanami.content_security_policy_nonce in Rack env" do
+        previous_nonces = []
+        3.times do
+          get "/index"
+          nonce = last_request.env["hanami.content_security_policy_nonce"]
+
+          expect(nonce).to match(/\A[A-Za-z0-9\-_]{22}\z/)
+          expect(previous_nonces).not_to include nonce
+
+          previous_nonces << nonce
+        end
+      end
+
+      it "accepts custom nonce generator proc without arguments" do
+        Hanami.app.config.actions.content_security_policy_nonce_generator = -> { "foobar" }
+
+        get "/index"
+
+        expect(last_request.env["hanami.content_security_policy_nonce"]).to eql("foobar")
+      end
+
+      it "accepts custom nonce generator proc with Rack request as argument" do
+        Hanami.app.config.actions.content_security_policy_nonce_generator = ->(request) { request }
+
+        get "/index"
+
+        expect(last_request.env["hanami.content_security_policy_nonce"]).to be_a(Rack::Request)
+      end
+
+      it "substitutes 'nonce' in the CSP header" do
+        get "/index"
+        nonce = last_request.env["hanami.content_security_policy_nonce"]
+
+        expect(last_response.get_header("Content-Security-Policy")).to match(/script-src 'self' 'nonce-#{nonce}'/)
+      end
+
+      it "behaves the same with explicitly added middleware" do
+        Hanami.app.config.middleware.use Hanami::Middleware::ContentSecurityPolicyNonce
+        get "/index"
+
+        expect(last_request.env["hanami.content_security_policy_nonce"]).to match(/\A[A-Za-z0-9\-_]{22}\z/)
+      end
+
+      describe "content_security_policy_nonce" do
+        it "renders the current nonce" do
+          get "/index"
+          nonce = last_request.env["hanami.content_security_policy_nonce"]
+
+          expect(last_response.body).to include(%(<style nonce="#{nonce}">))
+        end
+      end
+
+      describe "stylesheet_tag" do
+        it "renders the correct nonce unless remote URL or nonce set to false" do
+          get "/index"
+          nonce = last_request.env["hanami.content_security_policy_nonce"]
+
+          expect(last_response.body).to include(%(<link href="/assets/app-KUHJPSX7.css" type="text/css" rel="stylesheet" nonce="#{nonce}" class="nonce-true">))
+          expect(last_response.body).to include(%(<link href="/assets/app-KUHJPSX7.css" type="text/css" rel="stylesheet" class="nonce-false">))
+          expect(last_response.body).to include(%(<link href="/assets/app-KUHJPSX7.css" type="text/css" rel="stylesheet" nonce="explicit" class="nonce-explicit">))
+          expect(last_response.body).to include(%(<link href="/assets/app-KUHJPSX7.css" type="text/css" rel="stylesheet" nonce="#{nonce}" class="nonce-generated">))
+          expect(last_response.body).to include(%(<link href="https://example.com/app.css" type="text/css" rel="stylesheet" class="nonce-absolute">))
+        end
+      end
+
+      describe "javascript_tag" do
+        it "renders the correct nonce unless remote URL or nonce set to false" do
+          get "/index"
+          nonce = last_request.env["hanami.content_security_policy_nonce"]
+
+          expect(last_response.body).to include(%(<script src="/assets/app-LSLFPUMX.js" type="text/javascript" nonce="#{nonce}" class="nonce-true"></script>))
+          expect(last_response.body).to include(%(<script src="/assets/app-LSLFPUMX.js" type="text/javascript" class="nonce-false"></script>))
+          expect(last_response.body).to include(%(<script src="/assets/app-LSLFPUMX.js" type="text/javascript" nonce="explicit" class="nonce-explicit"></script>))
+          expect(last_response.body).to include(%(<script src="/assets/app-LSLFPUMX.js" type="text/javascript" nonce="#{nonce}" class="nonce-generated"></script>))
+          expect(last_response.body).to include(%(<script src="https://example.com/app.js" type="text/javascript" class="nonce-absolute"></script>))
+        end
+      end
+    end
+
+    context "CSP disabled" do
+      def before_prepare
+        write "config/app.rb", <<~RUBY
+          require "hanami"
+
+          module TestApp
+            class App < Hanami::App
+              config.actions.content_security_policy = false
+
+              config.logger.stream = File::NULL
+            end
+          end
+        RUBY
+      end
+
+      it "does not set hanami.content_security_policy_nonce in Rack env" do
+        get "/index"
+
+        expect(last_request.env).to_not have_key "hanami.content_security_policy_nonce"
+      end
+
+      it "does not produce a CSP header" do
+        get "/index"
+
+        expect(last_response.headers).to_not have_key "Content-Security-Policy"
+      end
+
+      it "disables the content_security_policy_nonce helper" do
+        get "/index"
+
+        expect(last_response.body).to match(/<style nonce="">/)
+      end
+
+      it "behaves the same with explicitly added middleware" do
+        Hanami.app.config.middleware.use Hanami::Middleware::ContentSecurityPolicyNonce
+        get "/index"
+
+        expect(last_response.headers).to_not have_key "Content-Security-Policy"
+      end
+
+      describe "content_security_policy_nonce" do
+        it "renders nothing" do
+          get "/index"
+
+          expect(last_response.body).to include(%(<style nonce="">))
+        end
+      end
+
+      describe "stylesheet_tag" do
+        it "renders the correct explicit nonce only" do
+          get "/index"
+
+          expect(last_response.body).to include(%(<link href="/assets/app-KUHJPSX7.css" type="text/css" rel="stylesheet" class="nonce-true">))
+          expect(last_response.body).to include(%(<link href="/assets/app-KUHJPSX7.css" type="text/css" rel="stylesheet" class="nonce-false">))
+          expect(last_response.body).to include(%(<link href="/assets/app-KUHJPSX7.css" type="text/css" rel="stylesheet" nonce="explicit" class="nonce-explicit">))
+          expect(last_response.body).to include(%(<link href="/assets/app-KUHJPSX7.css" type="text/css" rel="stylesheet" class="nonce-generated">))
+          expect(last_response.body).to include(%(<link href="https://example.com/app.css" type="text/css" rel="stylesheet" class="nonce-absolute">))
+        end
+      end
+
+      describe "javascript_tag" do
+        it "renders the correct explicit nonce only" do
+          get "/index"
+
+          expect(last_response.body).to include(%(<script src="/assets/app-LSLFPUMX.js" type="text/javascript" class="nonce-true"></script>))
+          expect(last_response.body).to include(%(<script src="/assets/app-LSLFPUMX.js" type="text/javascript" class="nonce-false"></script>))
+          expect(last_response.body).to include(%(<script src="/assets/app-LSLFPUMX.js" type="text/javascript" nonce="explicit" class="nonce-explicit"></script>))
+          expect(last_response.body).to include(%(<script src="/assets/app-LSLFPUMX.js" type="text/javascript" class="nonce-generated"></script>))
+          expect(last_response.body).to include(%(<script src="https://example.com/app.js" type="text/javascript" class="nonce-absolute"></script>))
+        end
+      end
+    end
+  end
+end

data/spec/support/app_integration.rb

@@ -118,7 +118,8 @@ RSpec.configure do |config|
     Hanami.instance_variable_set(:@_bundled, {})
     Hanami.remove_instance_variable(:@_app) if Hanami.instance_variable_defined?(:@_app)
 
-    # Clear cached DB gateways across slices
+    # Disconnect and clear cached DB gateways across slices
+    Hanami::Providers::DB.cache.values.map(&:disconnect)
     Hanami::Providers::DB.cache.clear
 
     $LOAD_PATH.replace(@load_paths)

data/spec/unit/hanami/config/actions/content_security_policy_spec.rb

@@ -28,6 +28,7 @@ RSpec.describe Hanami::Config::Actions, "#content_security_policy" do
       ].join(";")
 
       expect(content_security_policy.to_s).to eq(expected)
+      expect(content_security_policy.nonce?).to be(false)
     end
   end
 
@@ -68,6 +69,12 @@ RSpec.describe Hanami::Config::Actions, "#content_security_policy" do
       expect(content_security_policy[:a_custom_key]).to eq("foo")
       expect(content_security_policy.to_s).to match("a-custom-key foo")
     end
+
+    it "uses 'nonce' in value" do
+      content_security_policy[:javascript_src] = "'self' 'nonce'"
+
+      expect(content_security_policy.nonce?).to be(true)
+    end
   end
 
   context "with CSP enabled" do

data/spec/unit/hanami/config/actions_spec.rb

@@ -23,9 +23,9 @@ RSpec.describe Hanami::Config, "#actions" do
     end
 
     it "configures base actions settings using custom methods" do
-      expect { actions.formats.add(:json, "app/json") }
+      expect { actions.formats.register(:json, "app/json") }
         .to change { actions.formats.mapping }
-        .to include("app/json" => :json)
+        .to include(json: have_attributes(media_type: "app/json"))
     end
 
     it "can be finalized" do

data/spec/unit/hanami/config/console_spec.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require "hanami/config"
+
+RSpec.describe Hanami::Config, "#console" do
+  let(:config) { described_class.new(app_name: app_name, env: :development) }
+  let(:app_name) { "MyApp::App" }
+
+  subject(:console) { config.console }
+
+  it "is a full console configuration" do
+    is_expected.to be_an_instance_of(Hanami::Config::Console)
+
+    is_expected.to respond_to(:engine)
+    is_expected.to respond_to(:include)
+    is_expected.to respond_to(:extensions)
+  end
+
+  it "can be finalized" do
+    is_expected.to respond_to(:finalize!)
+  end
+end