jets 1.9.32 → 2.0.0

data/lib/jets/controller/base.rb

@@ -10,6 +10,8 @@ class Jets::Controller
     include Params
     include Rendering
     include ActiveSupport::Rescuable
+    include Jets::Router::Helpers
+    include ForgeryProtection
 
     delegate :headers, to: :request
     delegate :set_header, to: :response
@@ -78,6 +80,20 @@ class Jets::Controller
       JSON.dump(data)
     end
 
+    def controller_paths
+      paths = []
+      klass = self.class
+      while klass != Jets::Controller::Base
+        paths << klass.controller_path
+        klass = klass.superclass
+      end
+      paths
+    end
+
+    def self.controller_path
+      name.sub(/Controller$/, "".freeze).underscore
+    end
+
     def self.process(event, context={}, meth)
       controller = new(event, context, meth)
       # Using send because process! is private method in Jets::RackController so

data/lib/jets/controller/error.rb

@@ -0,0 +1,4 @@
+class Jets::Controller
+  class Error < RuntimeError #:nodoc:
+  end
+end

data/lib/jets/controller/error/invalid_authenticity_token.rb

@@ -0,0 +1,6 @@
+class Jets::Controller
+  class Error
+    class InvalidAuthenticityToken < Error #:nodoc:
+    end
+  end
+end

data/lib/jets/controller/forgery_protection.rb

@@ -0,0 +1,43 @@
+class Jets::Controller
+  module ForgeryProtection
+    extend ActiveSupport::Concern
+
+    included do
+      config = Jets.config
+      default_protect_from_forgery = config.dig(:controllers, :default_protect_from_forgery)
+      if default_protect_from_forgery
+        protect_from_forgery
+      end
+    end
+
+    class_methods do
+      def protect_from_forgery(options = {})
+        before_action :verify_authenticity_token, options
+      end
+
+      def skip_forgery_protection
+        skip_before_action :verify_authenticity_token
+      end
+
+      def forgery_protection_enabled?
+        # Example:
+        #
+        #    before_actions [[:verify_authenticity_token, {}], [:set_post, {:only=>[:show, :edit, :update, :delete]}
+        #
+        before_actions.map { |a| a[0] }.include?(:verify_authenticity_token)
+      end
+    end
+
+    # Instance methods
+    def verify_authenticity_token
+      return true if ENV['TEST'] || request.get? || request.head?
+
+      token = session[:authenticity_token]
+      verified = !token.nil? && (token == params[:authenticity_token] || token == request.headers["x-csrf-token"])
+
+      unless verified
+        raise Error::InvalidAuthenticityToken
+      end
+    end
+  end
+end

data/lib/jets/controller/middleware/local.rb

@@ -1,6 +1,6 @@
 require 'kramdown'
 
-# Handles mimicking of API Gateway to Lambda function call locally
+# Handles mimicing of API Gateway to Lambda function call locally
 module Jets::Controller::Middleware
   class Local
     extend Memoist
@@ -35,7 +35,7 @@ module Jets::Controller::Middleware
         # This can only really get called with the local server.
         run_polymophic_function
       else # Normal Jets request
-        mimick_aws_lambda!(env, mimic.vars) unless on_aws?(env)
+        mimic_aws_lambda!(env, mimic.vars) unless on_aws?(env)
         @app.call(env)
       end
     end
@@ -60,7 +60,7 @@ module Jets::Controller::Middleware
     end
 
     # Modifies env the in the same way real call from AWS lambda would modify env
-    def mimick_aws_lambda!(env, vars)
+    def mimic_aws_lambda!(env, vars)
       env.merge!(vars)
       env
     end

data/lib/jets/controller/middleware/local/route_matcher.rb

@@ -89,7 +89,7 @@ class Jets::Controller::Middleware::Local
       # posts/:id/edit => posts\/(.*)\/edit
 
       regexp_string = route_path.split('/').map do |s|
-                        s.include?(':') ? Jets::Route::CAPTURE_REGEX : s
+                        s.include?(':') ? Jets::Router::Route::CAPTURE_REGEX : s
                       end.join('\/')
       # make sure beginning and end of the string matches
       regexp_string = "^#{regexp_string}$"

data/lib/jets/controller/middleware/main.rb

@@ -18,6 +18,7 @@ module Jets::Controller::Middleware
     end
 
     def call
+      ENV['JETS_HOST'] = jets_host # Dirty to use what's essentially a global variable but unsure how else to achieve
       dup.call!
     end
 
@@ -29,7 +30,7 @@ module Jets::Controller::Middleware
     # Common setup logical at this point of middleware processing right before
     # calling any controller actions.
     def setup
-      # We already recreated a mimicke rack env earlier as part of the very first
+      # We already recreated a mimic rack env earlier as part of the very first
       # middleware layer. However, by the time the rack env reaches the main middleware
       # it could had been updated by other middlewares. We update the env here again.
       @controller.request.set_env!(@env)
@@ -38,6 +39,11 @@ module Jets::Controller::Middleware
       @controller.session = @env['rack.session'] || {}
     end
 
+    def jets_host
+      default = "#{@env['rack.url_scheme']}://#{@env['HTTP_HOST']}"
+      Jets.config.helpers.host || default
+    end
+
     def self.call(env)
       instance = new(env)
       instance.call

data/lib/jets/controller/rack/adapter.rb

@@ -77,7 +77,7 @@ module Jets::Controller::Rack
     #
     # Passes a these special variables so we have access to them in the middleware.
     # The controller instance is called in the Main middleware.
-    # The lambda.* info is used by the Rack::Local middleware to create a mimicked
+    # The lambda.* info is used by the Rack::Local middleware to create a mimiced
     # controller for the local server.
     #
     def rack_vars(vars)

data/lib/jets/controller/rack/env.rb

@@ -29,7 +29,7 @@ module Jets::Controller::Rack
         'QUERY_STRING' => query_string,
         'REMOTE_ADDR' => headers['X-Forwarded-For'],
         'REMOTE_HOST' => headers['Host'],
-        'REQUEST_METHOD' => @event['httpMethod'],
+        'REQUEST_METHOD' => @event['httpMethod'] || 'GET', # useful to default to GET when testing with Lambda console
         'REQUEST_PATH' => @event['path'],
         'REQUEST_URI' => request_uri,
         'SCRIPT_NAME' => "",

data/lib/jets/controller/rendering/rack_renderer.rb

@@ -26,11 +26,12 @@ module Jets::Controller::Rendering
       # x-jets-base64 to convert this Rack triplet to a API Gateway hash structure later
       headers["x-jets-base64"] = base64 ? 'yes' : 'no' # headers values must be Strings
 
-      # Rails rendering does heavy lifting
       if drop_content_info?(status)
         body = StringIO.new
       else
-
+        # Rails rendering does heavy lifting
+        # _prefixes provided by jets/overrides/rails/action_controller.rb
+        ActionController::Base._prefixes = @controller.controller_paths
         renderer = ActionController::Base.renderer.new(renderer_options)
         body = renderer.render(render_options)
         body = StringIO.new(body)
@@ -39,16 +40,6 @@ module Jets::Controller::Rendering
       [status, headers, body] # triplet
     end
 
-    # Example: posts/index
-    def default_template_name
-      "#{template_namespace}/#{@controller.meth}"
-    end
-
-    # PostsController => "posts" is the namespace
-    def template_namespace
-      @controller.class.to_s.sub('Controller','').underscore.pluralize
-    end
-
     # default options:
     #   https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/renderer.rb#L41-L47
     def renderer_options
@@ -74,6 +65,41 @@ module Jets::Controller::Rendering
       options
     end
 
+    def render_options
+      # normalize the template option
+      template = @options[:template]
+      if template and !template.include?('/')
+        template = "#{template_namespace}/#{template}"
+      end
+      template ||= default_template_name
+      # ready to override @options[:template]
+      @options[:template] = template if @options[:template]
+
+      render_options = {
+        template: template, # weird: template needs to be set no matter because it
+          # sets the name which is used in lookup_context.rb:209:in `normalize_name'
+        layout: @options[:layout],
+        assigns: controller_instance_variables,
+        # prefixes: ["posts"],
+      }
+      types = %w[json inline plain file xml body action].map(&:to_sym)
+      types.each do |type|
+        render_options[type] = @options[type] if @options[type]
+      end
+
+      render_options
+    end
+
+    # Example: posts/index
+    def default_template_name
+      "#{template_namespace}/#{@controller.meth}"
+    end
+
+    # PostsController => "posts" is the namespace
+    def template_namespace
+      @controller.class.to_s.sub('Controller','').underscore.pluralize
+    end
+
     # Takes headers and adds HTTP_ to front of the keys because that is what rack
     # does to the headers passed from a request. This seems to be the standard
     # when testing with curl and inspecting the headers in a Rack app.  Example:
@@ -110,30 +136,7 @@ module Jets::Controller::Rendering
       results
     end
 
-    def render_options
-      # nomralize the template option
-      template = @options[:template]
-      if template and !template.include?('/')
-        template = "#{template_namespace}/#{template}"
-      end
-      template ||= default_template_name
-      # ready to override @options[:template]
-      @options[:template] = template if @options[:template]
-
-      render_options = {
-        template: template, # weird: template needs to be set no matter because it
-          # sets the name which is used in lookup_context.rb:209:in `normalize_name'
-        layout: @options[:layout],
-        assigns: controller_instance_variables,
-      }
-      types = %w[json inline plain file xml body action].map(&:to_sym)
-      types.each do |type|
-        render_options[type] = @options[type] if @options[type]
-      end
-
-      render_options
-    end
-
+    # Pass controller instance variables from jets-based controller to ActionView scope
     def controller_instance_variables
       instance_vars = @controller.instance_variables.inject({}) do |vars, v|
         k = v.to_s.sub(/^@/,'') # @var => var
@@ -141,6 +144,9 @@ module Jets::Controller::Rendering
         vars
       end
       instance_vars[:event] = event
+      # jets internal variables
+      # So ActionView has access back to the jets controller
+      instance_vars[:_jets] = { controller: @controller }
       instance_vars
     end
 
@@ -199,7 +205,8 @@ module Jets::Controller::Rendering
         # Assign local variable because scope in the `:action_view do` block changes
         app_helper_classes = find_app_helper_classes
         ActiveSupport.on_load :action_view do
-          include ApplicationHelper # include first
+          include Jets::Router::Helpers # internal routes helpers
+          include ApplicationHelper  # include first
           app_helper_classes.each do |helper_class|
             include helper_class
           end

data/lib/jets/controller/stage.rb

@@ -8,7 +8,8 @@ class Jets::Controller
       return @url unless add_stage?
 
       stage_name = Jets::Resource::ApiGateway::Deployment.stage_name
-      "/#{stage_name}#{@url}"
+      stage_name_with_slashes = "/#{stage_name}/" # use to prevent stage name being added twice if url_for is called twice on the same string
+      @url.include?(stage_name_with_slashes) ? @url : "/#{stage_name}#{@url}"
     end
 
     def add_stage?

data/lib/jets/generator.rb

@@ -1,21 +1,85 @@
 # Piggy back off of Rails Generators.
 class Jets::Generator
-  def self.invoke(generator, *args)
-    new(generator, *args).run(:invoke)
-  end
+  class << self
+    def invoke(generator, *args)
+      new(generator, *args).run(:invoke)
+    end
+
+    def revoke(generator, *args)
+      new(generator, *args).run(:revoke)
+    end
+
+    def help(args=ARGV)
+      require_generators
+
+      # `jets generate -h` results in:
+      #
+      #     args = ["generate", "-h"]
+      #
+      args = args[1..-1] || []
+      help_flags = Thor::HELP_MAPPINGS + ["help"]
+      args.pop if help_flags.include?(args.last)
+      subcommand = args[0]
+
+      out = capture_stdout do
+        if subcommand
+          # Using invoke because it ensure the generator is configured properly
+          invoke(subcommand) # sub-level: jets generate scaffold -h
+        else
+          puts Jets::Commands::Help.text(:generate) # to trigger the regular Thor help
+          # Note: How to call the original top-level help menu from Rails. Keeping around in case its useful later:
+          # Rails::Generators.help # top-level: jets generate -h
+        end
+      end
+      out.gsub('rails','jets').gsub('Rails','Jets')
+    end
 
-  def self.revoke(generator, *args)
-    new(generator, *args).run(:revoke)
+    def capture_stdout
+      stdout_old = $stdout
+      io = StringIO.new
+      $stdout = io
+      yield
+      $stdout = stdout_old
+      io.string
+    end
+
+    def require_generators
+      # lazy require so Rails const is only defined when using generators
+      require "rails/generators"
+      require "rails/configuration"
+      require_active_job_generator
+    end
+
+    def require_active_job_generator
+      require "active_job"
+      require "rails/generators/job/job_generator"
+      # Override the source_root
+      Rails::Generators::JobGenerator.class_eval do
+        def self.source_root
+          File.expand_path("../generator/templates/active_job/job/templates", __FILE__)
+        end
+      end
+    end
   end
 
   def initialize(generator, *args)
     @generator, @args = generator, args
+    @args << '--pretend' if noop?
+  end
+
+  # Used to delegate noop option to Rails generator pretend option.  Both work:
+  #
+  #     jets generate scaffold user title:string --noop
+  #     jets generate scaffold user title:string --pretend
+  #
+  # Grabbing directly from the ARGV because think its cleaner than passing options from
+  # Thor all the way down.
+  def noop?
+    ARGV.include?('--noop')
   end
 
   def run(behavior=:invoke)
-    # lazy require so Rails const is only defined when using generators
-    require "rails/generators"
-    require "rails/configuration"
+    self.class.require_generators
     Rails::Generators.configure!(config)
     Rails::Generators.invoke(@generator, @args, behavior: behavior, destination_root: Jets.root)
   end

data/lib/jets/generator/templates/active_job/job/templates/application_job.rb.tt

@@ -0,0 +1,6 @@
+<% module_namespacing do -%>
+class ApplicationJob < Jets::Job::Base
+  # Adjust to increase the default timeout for all Job classes
+  class_timeout 60
+end
+<% end -%>

data/lib/jets/generator/templates/active_job/job/templates/job.rb.tt

@@ -0,0 +1,8 @@
+<% module_namespacing do -%>
+class <%= class_name %>Job < ApplicationJob
+  rate "10 hours" # every 10 hours
+  def dig
+    puts "done digging"
+  end
+end
+<% end -%>

data/lib/jets/generator/templates/erb/scaffold/_form.html.erb

@@ -1,17 +1,12 @@
-<%% editing = @event["path"].include?("edit") %>
-<%% action = editing ? "/<%= plural_table_name %>/#{<%= singular_table_name %>.id}" : "/<%= plural_table_name %>" %>
-<%%= form_tag(action) do %>
-<%% if editing -%>
-  <input type="hidden" name="_method" value="put" />
-<%% end -%>
+<%%= form_with(model: <%= model_resource_name %>, local: true) do |form| %>
   <%% if <%= singular_table_name %>.errors.any? %>
     <div id="error_explanation">
       <h2><%%= pluralize(<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>
 
       <ul>
-      <%% <%= singular_table_name %>.errors.full_messages.each do |message| %>
-        <li><%%= message %></li>
-      <%% end %>
+        <%% <%= singular_table_name %>.errors.full_messages.each do |message| %>
+          <li><%%= message %></li>
+        <%% end %>
       </ul>
     </div>
   <%% end %>
@@ -19,21 +14,21 @@
 <% attributes.each do |attribute| -%>
   <div class="field">
 <% if attribute.password_digest? -%>
-    <%%= label_tag :password %>
-    <%%= password_field_tag :password, <%= singular_table_name %>.<%= attribute.column_name %> %>
+    <%%= form.label :password %>
+    <%%= form.password_field :password %>
   </div>
 
   <div class="field">
-    <%%= label_tag :password_confirmation %>
-    <%%= password_field_tag :password_confirmation, <%= singular_table_name %>.<%= attribute.column_name %> %>
+    <%%= form.label :password_confirmation %>
+    <%%= form.password_field :password_confirmation %>
 <% else -%>
-    <%%= label_tag :<%= attribute.column_name %> %>
-    <%%= <%= attribute.field_type %>_tag "<%= "#{singular_table_name}[#{attribute.column_name}]" %>"<%= ", 'yes'" if attribute.field_type =~ /check_box/ %>, <%= singular_table_name %>.<%= attribute.column_name %> %>
+    <%%= form.label :<%= attribute.column_name %> %>
+    <%%= form.<%= attribute.field_type %> :<%= attribute.column_name %> %>
 <% end -%>
   </div>
 
 <% end -%>
   <div class="actions">
-    <%%= submit_tag("Submit") %>
+    <%%= form.submit %>
   </div>
 <%% end %>