panda-core 0.11.0 → 0.12.5

data/lib/panda/core/engine.rb

@@ -1,82 +1,86 @@
-require "rubygems"
-require "stringio"
-require "rails/engine"
+# frozen_string_literal: true
+
+require "rails"
 require "omniauth"
 
-# Silence ActiveSupport::Configurable deprecation from omniauth-rails_csrf_protection
-# This gem uses the deprecated module but hasn't been updated yet
-# Issue: https://github.com/cookpad/omniauth-rails_csrf_protection/issues/23
-# This can be removed once the gem is updated or Rails 8.2 is released
-#
-# We suppress the warning by temporarily redirecting stderr since
-# ActiveSupport::Deprecation.silence was removed in Rails 8.1
-original_stderr = $stderr
-$stderr = StringIO.new
-begin
-  require "omniauth/rails_csrf_protection"
-ensure
-  $stderr = original_stderr
-end
+require "panda/core/middleware"
+require "panda/core/module_registry"
 
-# Load shared configuration modules
+# Shared engine mixins
 require_relative "shared/inflections_config"
 require_relative "shared/generator_config"
 
-# Load engine configuration modules
+# Engine mixins
 require_relative "engine/autoload_config"
-require_relative "engine/middleware_config"
 require_relative "engine/importmap_config"
 require_relative "engine/omniauth_config"
 require_relative "engine/phlex_config"
 require_relative "engine/admin_controller_config"
-
-# Load module registry
-require_relative "module_registry"
+require_relative "engine/route_config"
 
 module Panda
   module Core
     class Engine < ::Rails::Engine
       isolate_namespace Panda::Core
 
-      # Include shared configuration modules
+      #
+      # Include shared behaviours
+      #
       include Shared::InflectionsConfig
       include Shared::GeneratorConfig
 
-      # Include engine-specific configuration modules
+      #
+      # Include engine-level concerns
+      #
       include AutoloadConfig
-      include MiddlewareConfig
       include ImportmapConfig
       include OmniauthConfig
       include PhlexConfig
       include AdminControllerConfig
+      include RouteConfig
 
-      initializer "panda_core.config" do |app|
-        # Configuration is already initialized with defaults in Configuration class
+      #
+      # Misc configuration point
+      #
+      initializer "panda_core.configuration" do
+        # Intentionally quiet — used as a stable anchor point
       end
 
-      # Static asset middleware for serving public files and JavaScript modules
-      # Must run before Propshaft to intercept /panda/* requests, but we can't
-      # guarantee Propshaft is in the host application, so just insert it
-      # high up in the middleware stack
-      initializer "panda.core.static_assets" do |app|
-        # Serve public assets (CSS, images, etc.)
-        app.config.middleware.insert_before ActionDispatch::Static, Rack::Static,
+      #
+      # Static asset handling for:
+      #   /panda-core-assets
+      #
+      initializer "panda_core.static_assets" do |app|
+        Panda::Core::Middleware.use(
+          app,
+          Rack::Static,
           urls: ["/panda-core-assets"],
           root: Panda::Core::Engine.root.join("public"),
           header_rules: [
-            # Disable caching in development for instant CSS updates
-            [:all, {"Cache-Control" => Rails.env.development? ? "no-cache, no-store, must-revalidate" : "public, max-age=31536000"}]
+            [
+              :all,
+              {
+                "Cache-Control" =>
+                  Rails.env.development? ?
+                    "no-cache, no-store, must-revalidate" :
+                    "public, max-age=31536000"
+              }
+            ]
           ]
+        )
 
-        # Use ModuleRegistry's custom middleware to serve JavaScript from all registered modules
-        # This middleware checks all modules and serves from the first matching location
-        app.config.middleware.insert_before ActionDispatch::Static, Panda::Core::ModuleRegistry::JavaScriptMiddleware
+        Panda::Core::Middleware.use(
+          app,
+          Panda::Core::ModuleRegistry::JavaScriptMiddleware
+        )
       end
     end
   end
 end
 
-# Register Core module with ModuleRegistry for JavaScript serving
+#
+# Register engine with ModuleRegistry
+#
 Panda::Core::ModuleRegistry.register(
   gem_name: "panda-core",
   engine: "Panda::Core::Engine",
@@ -85,6 +89,7 @@ Panda::Core::ModuleRegistry.register(
     components: "app/components/panda/core/**/*.rb",
     helpers: "app/helpers/panda/core/**/*.rb",
     views: "app/views/panda/core/**/*.erb",
+    layouts: "app/views/layouts/panda/core/**/*.erb",
     javascripts: "app/assets/javascript/panda/core/**/*.js"
   }
 )

data/lib/panda/core/middleware.rb

@@ -0,0 +1,146 @@
+# frozen_string_literal: true
+
+require "action_dispatch"
+
+module Rails
+  module Configuration
+    # Add a tiny compatibility layer so the proxy can be inspected and reset in tests.
+    class MiddlewareStackProxy
+      include Enumerable
+
+      def clear
+        operations.clear
+        delete_operations.clear
+        self
+      end
+
+      def each(&block)
+        to_stack.each { |mw| block.call(wrap_middleware(mw)) }
+      end
+
+      def to_a
+        map(&:itself)
+      end
+
+      def [](index)
+        to_a[index]
+      end
+
+      def first
+        to_a.first
+      end
+
+      def last
+        to_a.last
+      end
+
+      def size
+        to_a.size
+      end
+
+      private
+
+      def to_stack
+        ActionDispatch::MiddlewareStack.new.tap do |stack|
+          merge_into(stack)
+        end
+      end
+
+      def wrap_middleware(middleware)
+        args, kwargs = split_args_and_kwargs(middleware.args)
+        MiddlewareEntry.new(middleware.klass, args, kwargs, middleware.block)
+      end
+
+      def split_args_and_kwargs(args)
+        return [args, {}] unless args.last.is_a?(Hash)
+
+        [args[0...-1], args.last]
+      end
+
+      MiddlewareEntry = Struct.new(:klass, :args, :kwargs, :block)
+    end
+  end
+end
+
+module Panda
+  module Core
+    module Middleware
+      EXECUTOR = "ActionDispatch::Executor"
+
+      def self.use(app, klass, *args, **kwargs, &block)
+        app.config.middleware.use(klass, *args, **kwargs, &block)
+      end
+
+      def self.insert_before(app, priority_targets, klass, *args, **kwargs, &block)
+        stack = build_stack(app)
+        target = resolve_target(stack, priority_targets, :insert_before)
+        insertion_point = target || fallback_before(stack)
+        app.config.middleware.insert_before(insertion_point, klass, *args, **kwargs, &block)
+      end
+
+      def self.insert_after(app, priority_targets, klass, *args, **kwargs, &block)
+        stack = build_stack(app)
+        target = resolve_target(stack, priority_targets, :insert_after)
+        insertion_point = target || fallback_after(stack)
+        app.config.middleware.insert_after(insertion_point, klass, *args, **kwargs, &block)
+      end
+
+      #
+      # Helpers
+      #
+      def self.resolve_target(app_or_stack, priority_targets, _operation)
+        stack = normalize_stack(app_or_stack)
+        priority_targets.find { |candidate| middleware_exists?(stack, candidate) }
+      end
+      private_class_method :resolve_target
+
+      def self.middleware_exists?(app_or_stack, candidate)
+        stack = normalize_stack(app_or_stack)
+        stack.any? { |mw| middleware_matches?(mw.klass, candidate) }
+      end
+      private_class_method :middleware_exists?
+
+      def self.middleware_matches?(klass, candidate)
+        klass == candidate || klass.name == candidate.to_s
+      end
+      private_class_method :middleware_matches?
+
+      def self.fallback_before(stack)
+        executor_index = index_for(stack, EXECUTOR)
+        executor_index || 0
+      end
+      private_class_method :fallback_before
+
+      def self.fallback_after(stack)
+        executor_index = index_for(stack, EXECUTOR)
+        return executor_index + 1 if executor_index
+
+        stack_size = stack.size
+        stack_size.zero? ? 0 : stack_size - 1
+      end
+      private_class_method :fallback_after
+
+      def self.index_for(stack, target)
+        stack.each_with_index do |middleware, idx|
+          return idx if middleware_matches?(middleware.klass, target)
+        end
+        nil
+      end
+      private_class_method :index_for
+
+      def self.build_stack(app)
+        app.config.middleware.to_a
+      end
+      private_class_method :build_stack
+
+      def self.normalize_stack(app_or_stack)
+        if app_or_stack.respond_to?(:config) && app_or_stack.config.respond_to?(:middleware)
+          build_stack(app_or_stack)
+        else
+          app_or_stack
+        end
+      end
+      private_class_method :normalize_stack
+    end
+  end
+end

data/lib/panda/core/module_registry.rb

@@ -343,6 +343,10 @@ module Panda
         private
 
         def find_javascript_file(relative_path)
+          # Build list of paths to try - include .js extension fallback
+          paths_to_try = [relative_path]
+          paths_to_try << "#{relative_path}.js" unless relative_path.end_with?(".js")
+
           # Check each registered module's JavaScript directory
           ModuleRegistry.modules.each do |gem_name, info|
             next unless ModuleRegistry.send(:engine_available?, info[:engine])
@@ -350,24 +354,28 @@ module Panda
             root = ModuleRegistry.send(:engine_root, info[:engine])
             next unless root
 
-            # Check in app/javascript/panda/ (primary location)
-            candidate = root.join("app/javascript/panda", relative_path)
-            return candidate.to_s if candidate.exist? && candidate.file?
+            paths_to_try.each do |path|
+              # Check in app/javascript/panda/ (primary location)
+              candidate = root.join("app/javascript/panda", path)
+              return candidate.to_s if candidate.exist? && candidate.file?
 
-            # Fallback to public/panda/ (for CI environments where assets are copied)
-            public_candidate = root.join("public/panda", relative_path)
-            return public_candidate.to_s if public_candidate.exist? && public_candidate.file?
+              # Fallback to public/panda/ (for CI environments where assets are copied)
+              public_candidate = root.join("public/panda", path)
+              return public_candidate.to_s if public_candidate.exist? && public_candidate.file?
+            end
           end
 
           # Also check Rails.root if available (for dummy apps in CI)
           if defined?(Rails.root)
-            # Check app/javascript/panda/ in Rails.root
-            rails_candidate = Rails.root.join("app/javascript/panda", relative_path)
-            return rails_candidate.to_s if rails_candidate.exist? && rails_candidate.file?
-
-            # Fallback to public/panda/ in Rails.root
-            rails_public_candidate = Rails.root.join("public/panda", relative_path)
-            return rails_public_candidate.to_s if rails_public_candidate.exist? && rails_public_candidate.file?
+            paths_to_try.each do |path|
+              # Check app/javascript/panda/ in Rails.root
+              rails_candidate = Rails.root.join("app/javascript/panda", path)
+              return rails_candidate.to_s if rails_candidate.exist? && rails_candidate.file?
+
+              # Fallback to public/panda/ in Rails.root
+              rails_public_candidate = Rails.root.join("public/panda", path)
+              return rails_public_candidate.to_s if rails_public_candidate.exist? && rails_public_candidate.file?
+            end
           end
 
           nil

data/lib/panda/core/testing/rails_helper.rb

@@ -104,11 +104,6 @@ RSpec.configure do |config|
     ActionMailer::Base.logger = nil if defined?(ActionMailer)
   end
 
-  # Suppress Rails command output during generator tests
-  config.before(:each, type: :generator) do
-    allow(Rails::Command).to receive(:invoke).and_return(true)
-  end
-
   # Force all examples to run
   config.filter_run_including({})
   config.run_all_when_everything_filtered = true
@@ -169,14 +164,28 @@ RSpec.configure do |config|
   OmniAuth.config.test_mode = true if defined?(OmniAuth)
 
   # DatabaseCleaner configuration
+  config.around(:each) do |example|
+    DatabaseCleaner.strategy = (example.metadata[:type] == :system) ? :truncation : :transaction
+    DatabaseCleaner.cleaning do
+      example.run
+    end
+  end
+
+  config.before(:each, type: :system) do
+    driven_by :panda_cuprite
+  end
+
+  config.use_transactional_fixtures = false
+
   config.before(:suite) do
     # Allow DATABASE_URL in CI environment
-    if ENV["DATABASE_URL"]
+    if ENV["DATABASE_URL"] &&
+        ENV["SKIP_DB_CLEAN_WITH_DATABASE_URL"].nil? &&
+        ENV["ACT"] != "true"
       DatabaseCleaner.allow_remote_database_url = true
+      DatabaseCleaner.clean_with(:truncation)
     end
 
-    DatabaseCleaner.clean_with :truncation
-
     # Hook for gems to add custom suite setup
     # Gems can define Panda::Testing.before_suite_hook and it will be called here
     if defined?(Panda::Testing) && Panda::Testing.respond_to?(:before_suite_hook)

data/lib/panda/core/testing/support/authentication_helpers.rb

@@ -4,18 +4,18 @@ module Panda
   module Core
     module AuthenticationHelpers
       # Create test users with fixed IDs for consistent fixture references
-      def create_admin_user
+      def create_admin_user(attributes = {})
         Panda::Core::User.find_or_create_by!(id: "8f481fcb-d9c8-55d7-ba17-5ea5d9ed8b7a") do |user|
-          user.email = "admin@test.example.com"
-          user.name = "Admin User"
+          user.email = attributes[:email] || "admin@test.example.com"
+          user.name = attributes[:name] || "Admin User"
           user.admin = true
         end
       end
 
-      def create_regular_user
+      def create_regular_user(attributes = {})
         Panda::Core::User.find_or_create_by!(id: "9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d") do |user|
-          user.email = "user@test.example.com"
-          user.name = "Regular User"
+          user.email = attributes[:email] || "user@test.example.com"
+          user.name = attributes[:name] || "Regular User"
           user.admin = false
         end
       end

data/lib/panda/core/testing/support/authentication_test_helpers.rb

@@ -22,12 +22,7 @@ module Panda
           user.email = attributes[:email] || "admin@example.com"
           user.name = attributes[:name] || "Admin User"
           user.image_url = attributes[:image_url] || default_image_url
-          # Use is_admin for the actual column, but support both for compatibility
-          if user.respond_to?(:is_admin=)
-            user.is_admin = attributes.fetch(:admin, true)
-          elsif user.respond_to?(:admin=)
-            user.admin = attributes.fetch(:admin, true)
-          end
+          user.admin = attributes[:admin] || true
           # Only set OAuth fields if they exist on the model
           user.uid = attributes[:uid] || "admin_oauth_uid_123" if user.respond_to?(:uid=)
           user.provider = attributes[:provider] || "google_oauth2" if user.respond_to?(:provider=)
@@ -42,12 +37,7 @@ module Panda
           user.email = attributes[:email] || "user@example.com"
           user.name = attributes[:name] || "Regular User"
           user.image_url = attributes[:image_url] || default_image_url(dark: true)
-          # Use is_admin for the actual column, but support both for compatibility
-          if user.respond_to?(:is_admin=)
-            user.is_admin = attributes.fetch(:admin, false)
-          elsif user.respond_to?(:admin=)
-            user.admin = attributes.fetch(:admin, false)
-          end
+          user.admin = attributes[:admin] || false
           # Only set OAuth fields if they exist on the model
           user.uid = attributes[:uid] || "user_oauth_uid_456" if user.respond_to?(:uid=)
           user.provider = attributes[:provider] || "google_oauth2" if user.respond_to?(:provider=)

data/lib/panda/core/testing/support/system/browser_console_logger.rb

@@ -9,8 +9,7 @@ module BrowserConsoleLogger
 
       if respond_to?(:page) && page.driver.is_a?(Capybara::Cuprite::Driver)
         begin
-          # Access the console logger via the CupriteSetup module
-          console_logger = Panda::Core::Testing::CupriteSetup.console_logger
+          console_logger = Panda::Core::Testing::CupriteSetup.console_logger if defined?(Panda::Core::Testing::CupriteSetup)
 
           unless console_logger
             puts "\n⚠️  Console logger not available"

data/lib/panda/core/testing/support/system/chrome_path.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Panda
+  module Core
+    module Testing
+      module Support
+        module System
+          module ChromePath
+            def self.resolve
+              @resolved ||= begin
+                candidates = [
+                  # Linux (Debian/Ubuntu + your CI image)
+                  "/usr/bin/chromium",
+                  "/usr/bin/chromium-browser",
+                  "/usr/bin/google-chrome",
+                  "/opt/google/chrome/google-chrome",
+                  "/opt/google/chrome/chrome",
+
+                  # macOS Homebrew paths (Chromium)
+                  "/opt/homebrew/bin/chromium",
+                  "/usr/local/bin/chromium",
+
+                  # macOS Google Chrome
+                  "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome",
+                  "/Applications/Chromium.app/Contents/MacOS/Chromium",
+                  "/Applications/Microsoft Edge.app/Contents/MacOS/Microsoft Edge"
+                ]
+
+                candidates.find { |path| File.executable?(path) } ||
+                  raise("Could not find a Chrome/Chromium binary on this system")
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/panda/core/testing/support/system/cuprite_helpers.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "pathname"
+
 # Helper methods for Cuprite-based system tests
 #
 # This module provides utility methods for working with Cuprite in system tests:
@@ -16,6 +18,83 @@ module Panda
   module Core
     module Testing
       module CupriteHelpers
+        # Resolve the configured Capybara artifacts directory
+        def capybara_artifacts_dir
+          Pathname.new(Capybara.save_path || Rails.root.join("tmp/capybara"))
+        end
+
+        # Save a PNG screenshot for the current page.
+        #
+        def save_screenshot!(name = nil)
+          name ||= example.metadata[:full_description].parameterize
+          path = capybara_artifacts_dir.join("#{name}.png")
+
+          FileUtils.mkdir_p(File.dirname(path))
+          page.save_screenshot(path, full: true) # rubocop:disable Lint/Debugger
+          puts "📸 Saved screenshot: #{path}"
+
+          path
+        end
+
+        #
+        # Record a small MP4 video of the test — uses Cuprite's Chrome DevTools API
+        #
+        def record_video!(name = nil, seconds: 3)
+          name ||= example.metadata[:full_description].parameterize
+          path = capybara_artifacts_dir.join("#{name}.mp4")
+
+          FileUtils.mkdir_p(File.dirname(path))
+
+          session = page.driver.browser
+          client = session.client
+
+          # Enable screencast
+          client.command("Page.startScreencast", format: "png", quality: 80, maxWidth: 1280, maxHeight: 800)
+
+          frames = []
+
+          start = Time.now
+          while Time.now - start < seconds
+            message = client.listen
+            if message["method"] == "Page.screencastFrame"
+              frames << message["params"]["data"]
+              client.command("Page.screencastFrameAck", sessionId: message["params"]["sessionId"])
+            end
+          end
+
+          # Stop
+          client.command("Page.stopScreencast")
+
+          # Convert frames to MP4 using ffmpeg
+          Dir.mktmpdir do |dir|
+            png_dir = File.join(dir, "frames")
+            FileUtils.mkdir_p(png_dir)
+
+            frames.each_with_index do |data, i|
+              File.binwrite(File.join(png_dir, "frame-%05d.png" % i), Base64.decode64(data))
+            end
+
+            system <<~CMD
+              ffmpeg -y -framerate 8 -pattern_type glob -i '#{png_dir}/*.png' -c:v libx264 -pix_fmt yuv420p '#{path}'
+            CMD
+          end
+
+          puts "🎥 Saved video: #{path}"
+          path
+        rescue => e
+          puts "⚠️ Failed to record video: #{e.message}"
+          nil
+        end
+
+        def save_html!(name = nil)
+          name ||= example.metadata[:full_description].parameterize
+          path = capybara_artifacts_dir.join("#{name}.html")
+          FileUtils.mkdir_p(File.dirname(path))
+          File.write(path, page.html)
+          puts "📝 Saved HTML snapshot: #{path}"
+          path
+        end
+
         # Ensure page is loaded and stable before interacting
         def ensure_page_loaded
           # Check if we're on about:blank and need to reload