radical 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a2836f72234086fb3981b282d57216a2d324ecdd2f14e3b38a1ce57b2757be3
-  data.tar.gz: 14de9ad7784177b1ee837c9b12d2888ffdf50ea268bbcdffc0f3d6a54238a312
+  metadata.gz: 3d14c9a576701105d60a08c6339a19aeebc080b6a4fd6f7235d8c5dec82ea287
+  data.tar.gz: b03f1d945e0f441401d99375062423dff70fa9c50cc394e470444d253faa46c4
 SHA512:
-  metadata.gz: 15fd6c727f86820b1644a984d3d125ed02d65aa7aed4f1cfb292a216fda7a6d9b2f232bb680c9ab05417bddf410c6a75495dce74edd2fc278f7a9b7589d0da4b
-  data.tar.gz: 82c51dc592446f8a4492ba36e11e947aa20a8f937ae78b541d952a4156a88fac25b25eaec3d2de583a88a42cccd5de18297ec7b2eeba4f9eb69a7b2cb11bfeb4
+  metadata.gz: cbdbdd7c8a1a56755ef772bbd7ce24a197111d97d44be0d1c1f6a56be24361d1f80469583f4969c0d8b8d9500ce92a66333e71539e8a79b845f249659b72a6ec
+  data.tar.gz: d3425aef0d2a3d87788b7169ba81b67b8c71faed045227aaff586a699ad46482d0770cfaacf0a738d787bb28b20be42c47b7d88ef79eda5632af5abe91da1e1b

data/CHANGELOG.md

@@ -6,6 +6,26 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 
 # [Unreleased]
 
+# 1.2.0 (2021-12-17)
+
+- *Breaking* Support only one level of nested resources, make them shallow only
+- *Breaking* Move `db/migrations` to `migrations`
+- *Breaking* Change `<%== f.button 'Save' %>` to `<%== f.submit 'Save' %>`
+- *Breaking* Change the form helpers from `model[name]` to just `name`, it's cleaner.
+- Add `Radical.env.[development?|production?|test?]`
+- Add `_path` support for nested resource routes
+- Add a random secret to the session cookie on startup
+- Add asset concatention + compression (no minification yet)
+- Remove dependence on rack-flash3
+- Add security headers
+- Add session configuration with `session` method in `App`
+- Move all `_path` method definitions to `Radical::Controller`
+- Add `exe/rad`
+- Add `rad g mvc Todo(s) name:text done_at:integer` generators
+- Add attrs to form helpers
+- Add `rad g app` generator
+- Add migrate/rollback `rad` commands
+
 # 1.1.0 (2021-12-06)
 
 - *Breaking* `root`, `resource` and `resources` methods no longer take class constants

data/Gemfile

@@ -1,5 +1,7 @@
-source "https://rubygems.org"
+# frozen_string_literal: true
 
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+source 'https://rubygems.org'
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 
 gemspec

data/README.md

@@ -28,7 +28,7 @@ class Home < Radical::Controller
 end
 
 class Routes < Radical::Routes
-  root 'Home'
+  root :Home
 end
 
 class App < Radical::App

data/exe/rad

@@ -0,0 +1,41 @@
+#!/usr/bin/env ruby
+
+require_relative '../lib/radical/generator'
+require_relative '../lib/radical/database'
+require 'optparse'
+
+@options = {}
+
+OptionParser.new do |opts|
+  opts.on('-v', '--verbose', 'Show extra information') do
+    @options[:verbose] = true
+  end
+
+  opts.on('-h', '--help', 'Show help information') do
+    @options[:help] = true
+  end
+end.parse!
+
+generate = Radical::Generator.new(ARGV[2], ARGV.drop(3)) if %w[g generate].include?(ARGV.first)
+
+case ARGV[0..1]
+when %w[g mvc], %w[generate mvc]
+  generate.mvc
+when %w[g model], %w[generate model]
+  generate.migration
+  generate.model
+when %w[g controller], %w[generate controller]
+  generate.controller
+when %w[g views], %w[generate views]
+  generate.views
+when %w[g migration], %w[generate migration]
+  generate.migration(model: false)
+when %w[g app]
+  generate.app
+when %w[migrate]
+  Radical::Database.migrate!
+when %w[rollback]
+  Radical::Database.rollback!
+else
+  puts 'Command not supported'
+end

data/lib/radical/app.rb

@@ -1,11 +1,16 @@
 # frozen_string_literal: true
 
+require 'securerandom'
 require 'rack'
-require 'rack/flash'
 require 'rack/csrf'
 
-require_relative 'routes'
+require_relative 'asset'
+require_relative 'assets'
+require_relative 'asset_compiler'
 require_relative 'env'
+require_relative 'flash'
+require_relative 'routes'
+require_relative 'security_headers'
 
 # The main entry point for a Radical application
 #
@@ -34,7 +39,38 @@ module Radical
   class App
     class << self
       def routes(route_class)
-        @routes ||= route_class
+        @routes = route_class
+      end
+
+      def assets(&block)
+        @assets = Assets.new
+
+        block.call(@assets)
+      end
+
+      def compile_assets
+        @assets.compile
+      end
+
+      def serve_assets
+        @serve_assets = true
+      end
+
+      def security_headers(headers = {})
+        @security_headers = headers
+      end
+
+      def session(options = {})
+        defaults = {
+          path: '/',
+          secret: session_secret,
+          http_only: true,
+          same_site: :lax,
+          secure: env.production?,
+          expire_after: 2_592_000 # 30 days
+        }
+
+        @session = defaults.merge(options)
       end
 
       def env
@@ -44,6 +80,10 @@ module Radical
       def app
         router = @routes.router
         env = self.env
+        assets = @assets
+        serve_assets = @serve_assets
+        security_headers = @security_headers || {}
+        session = @session || self.session
 
         @app ||= Rack::Builder.app do
           use Rack::CommonLogger
@@ -51,23 +91,29 @@ module Radical
           use Rack::Runtime
           use Rack::MethodOverride
           use Rack::ContentLength
-          use Rack::Deflater
           use Rack::ETag
+          use Rack::Deflater
           use Rack::Head
           use Rack::ConditionalGet
           use Rack::ContentType
-          use Rack::Session::Cookie, path: '/',
-                                     secret: ENV['SESSION_SECRET'],
-                                     http_only: true,
-                                     same_site: :lax,
-                                     secure: env.production?,
-                                     expire_after: 2_592_000 # 30 days
+          use Rack::Session::Cookie, session
           use Rack::Csrf, raise: env.development?, skip: router.routes.values.flatten.select { |a| a.is_a?(Class) }.uniq.map(&:skip_csrf_actions).flatten(1)
-          use Rack::Flash, sweep: true
+          use Flash
+          use SecurityHeaders, security_headers
+
+          if serve_assets || env.development?
+            use Rack::Static, urls: ['/assets', '/public'],
+                              header_rules: [
+                                [/\.(?:css\.gz)$/, { 'Content-Type' => 'text/css', 'Content-Encoding' => 'gzip' }],
+                                [/\.(?:js\.gz)$/, { 'Content-Type' => 'application/javascript', 'Content-Encoding' => 'gzip' }],
+                                [/\.(?:css\.br)$/, { 'Content-Type' => 'text/css', 'Content-Encoding' => 'br' }],
+                                [/\.(?:js\.br)$/, { 'Content-Type' => 'application/javascript', 'Content-Encoding' => 'br' }]
+                              ]
+          end
 
           run lambda { |rack_env|
             begin
-              router.route(Rack::Request.new(rack_env)).finish
+              router.route(Rack::Request.new(rack_env), options: { assets: assets }).finish
             rescue ModelNotFound
               raise unless env.production?
 
@@ -80,6 +126,12 @@ module Radical
       def call(env)
         app.call(env)
       end
+
+      private
+
+      def session_secret
+        @session_secret ||= (ENV['SESSION_SECRET'] || SecureRandom.hex(32))
+      end
     end
   end
 end

data/lib/radical/asset.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Radical
+  class Asset
+    attr_reader :path
+
+    def initialize(filename, path:)
+      @filename = filename
+      @path = path
+    end
+
+    def full_path
+      File.join(path, @filename)
+    end
+
+    def content
+      File.read(full_path)
+    end
+
+    def ext
+      File.extname(@filename)
+    end
+  end
+end

data/lib/radical/asset_compiler.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'brotli'
+require 'digest'
+require 'zlib'
+
+module Radical
+  class AssetCompiler
+    def self.gzip(filename, content)
+      # nil, 31 == support for gunzip
+      File.write(filename, Zlib::Deflate.new(nil, 31).deflate(content, Zlib::FINISH))
+    end
+
+    def self.compile(assets, path:, compressor: :none)
+      s = assets.map(&:content).join("\n")
+      ext = assets.first.ext
+
+      # hash the contents of each concatenated asset
+      hash = Digest::SHA1.hexdigest s
+
+      # use hash to bust the cache
+      name = "#{hash}#{ext}"
+      filename = File.join(path, name)
+
+      case compressor
+      when :gzip
+        name = "#{name}.gz"
+        gzip("#{filename}.gz", s)
+      when :brotli
+        name = "#{name}.br"
+        File.write("#{filename}.br", Brotli.deflate(s, mode: :text, quality: 11))
+      else
+        File.write(filename, s)
+      end
+
+      # output asset path for browser
+      "/assets/#{name}"
+    end
+  end
+end

data/lib/radical/assets.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Radical
+  class Assets
+    attr_accessor :assets_path, :compiled, :assets
+
+    def initialize
+      @assets = {
+        css: [],
+        js: []
+      }
+      @compressor = :none
+      @assets_path = File.join(__dir__, 'assets')
+      @compiled = {}
+    end
+
+    def css(filenames)
+      @assets[:css] = filenames
+    end
+
+    def js(filenames)
+      @assets[:js] = filenames
+    end
+
+    def prepend_assets_path(path)
+      @assets_path = File.join(path, 'assets')
+    end
+
+    def brotli
+      @compressor = :brotli
+    end
+
+    def gzip
+      @compressor = :gzip
+    end
+
+    def compile
+      css = @assets[:css].map { |f| Asset.new(f, path: File.join(@assets_path, 'css')) }
+      js = @assets[:js].map { |f| Asset.new(f, path: File.join(@assets_path, 'js')) }
+
+      @compiled[:css] = AssetCompiler.compile(css, path: @assets_path, compressor: @compressor)
+      @compiled[:js] = AssetCompiler.compile(js, path: @assets_path, compressor: @compressor)
+    end
+  end
+end

data/lib/radical/controller.rb

@@ -31,7 +31,7 @@ module Radical
 
       sig { returns(String) }
       def route_name
-        to_s.split('::').last.gsub(/Controller$/, '').gsub(/([A-Z])/, '_\1')[1..-1].downcase
+        Strings.snake_case to_s.split('::').last.gsub(/Controller$/, '')
       end
 
       sig { params(actions: Symbol).void }
@@ -72,9 +72,12 @@ module Radical
       end
     end
 
-    sig { params(request: Rack::Request).void }
-    def initialize(request)
+    attr_reader :options
+
+    sig { params(request: Rack::Request, options: T.nilable(Hash)).void }
+    def initialize(request, options: {})
       @request = request
+      @options = options
     end
 
     sig { params(status: T.any(Symbol, Integer)).returns(Rack::Response) }
@@ -92,14 +95,14 @@ module Radical
       @request.params
     end
 
-    sig { params(name: T.any(String, Symbol)).returns(String) }
-    def view(name)
-      View.render(self.class.route_name, name, self)
+    sig { params(name: T.any(String, Symbol), locals: T.nilable(Hash)).returns(String) }
+    def view(name, locals = {})
+      View.render(self.class.route_name, name, self, { locals: locals })
     end
 
-    sig { params(name: T.any(String, Symbol)).returns(String) }
-    def partial(name)
-      View.render(self.class.route_name, "_#{name}", self, layout: false)
+    sig { params(name: T.any(String, Symbol), locals: T.nilable(Hash)).returns(String) }
+    def partial(name, locals = {})
+      View.render(self.class.route_name, "_#{name}", self, { locals: locals, layout: false })
     end
 
     sig { params(options: Hash, block: T.proc.void).returns(String) }
@@ -130,17 +133,55 @@ module Radical
       @request.env['rack.session']
     end
 
+    def assets_path(type)
+      assets = options[:assets]
+
+      if Env.production?
+        compiled_assets_path(assets, type)
+      else
+        not_compiled_assets_path(assets, type)
+      end
+    end
+
+    def compiled_assets_path(assets, type)
+      if type == :css
+        link_tag(assets.compiled[:css])
+      else
+        script_tag(assets.compiled[:js])
+      end
+    end
+
+    def not_compiled_assets_path(assets, type)
+      if type == :css
+        assets.assets[:css].map do |asset|
+          link_tag("/assets/#{type}/#{asset}")
+        end.join("\n")
+      else
+        assets.assets[:js].map do |asset|
+          script_tag("/assets/#{type}/#{asset}")
+        end.join("\n")
+      end
+    end
+
     private
 
     def emit(tag)
-      @output = '' if @output.nil?
+      @output = String.new if @output.nil?
       @output << tag.to_s
     end
 
     def capture(block)
-      @output = eval('_buf', block.binding)
+      @output = eval '_buf', block.binding
       yield
       @output
     end
+
+    def script_tag(src)
+      "<script type=\"application/javascript\" src=\"#{src}\"></script>"
+    end
+
+    def link_tag(href)
+      "<link rel=\"stylesheet\" type=\"text/css\" href=\"#{href}\" />"
+    end
   end
 end

data/lib/radical/database.rb

@@ -80,7 +80,7 @@ module Radical
       end
 
       def migrations
-        Dir[File.join(migrations_path || '.', 'db', 'migrations', '*.rb')].sort
+        Dir[File.join(migrations_path || '.', 'migrations', '*.rb')].sort
       end
 
       def version(filename)

data/lib/radical/flash.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module Radical
+  class Flash
+    class SessionUnavailable < StandardError; end
+
+    SESSION_KEY = 'rack.session'
+    FLASH_KEY = '__FLASH__'
+
+    class FlashHash
+      def initialize(session)
+        raise SessionUnavailable, 'No session variable found. Requires Rack::Session' unless session
+
+        @session = session
+      end
+
+      def [](key)
+        hash[key] ||= session.delete(key)
+      end
+
+      def []=(key, value)
+        hash[key] = session[key] = value
+      end
+
+      def mark!
+        @flagged = session.keys
+      end
+
+      def clear!
+        @flagged.each { |k| session.delete(k) }
+        @flagged.clear
+      end
+
+      private
+
+      def hash
+        @hash ||= {}
+      end
+
+      def session
+        @session[FLASH_KEY] ||= {}
+      end
+    end
+
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      flash_hash ||= FlashHash.new(env[SESSION_KEY])
+
+      flash_hash.mark!
+
+      res = @app.call(env)
+
+      flash_hash.clear!
+
+      res
+    end
+  end
+end

data/lib/radical/form.rb

@@ -4,34 +4,63 @@ require 'rack/csrf'
 
 module Radical
   class Form
+    SELF_CLOSING_TAGS = %w[
+      area
+      base
+      br
+      col
+      embed
+      hr
+      img
+      input
+      keygen
+      link
+      meta
+      param
+      source
+      track
+      wbr
+    ].freeze
+
     def initialize(options, controller)
       @model = options[:model]
       @controller = controller
-      @route_name = @controller.class.route_name
-      @override_method = options[:method]&.upcase || (@model.saved? ? 'PATCH' : 'POST')
+      @override_method = options[:method]&.upcase || (@model&.saved? ? 'PATCH' : 'POST')
       @method = %w[GET POST].include?(@override_method) ? @override_method : 'POST'
+      @action = options[:action] || action_from(model: @model, controller: controller)
+    end
+
+    def text(name, attrs = {})
+      attrs.merge!(type: 'text', name: name, value: @model&.public_send(name))
 
-      @action = if @model.saved?
-                  @controller.public_send(:"#{@route_name}_path", @model)
-                else
-                  @controller.public_send(:"#{@route_name}_path")
-                end
+      tag 'input', attrs
     end
 
-    def text(name)
-      "<input type=text name=#{@route_name}[#{name}] value=\"#{@model.public_send(name)}\" />"
+    def number(name, attrs = {})
+      attrs.merge!(type: 'number', name: name, value: @model&.public_send(name))
+
+      tag 'input', attrs
     end
 
-    def button(name)
-      "<button type=submit>#{name}</button>"
+    def button(attrs = {}, &block)
+      tag 'button', attrs, &block
     end
 
-    def submit(value)
-      "<input type=submit value=#{value} />"
+    def submit(value_or_attrs = {})
+      attrs = {}
+
+      case value_or_attrs
+      when String
+        attrs[:value] = value_or_attrs
+      when Hash
+        attrs = value_or_attrs || {}
+      end
+
+      tag 'input', attrs.merge('type' => 'submit')
     end
 
     def open_tag
-      "<form action=#{@action} method=#{@method}>"
+      "<form #{html_attributes(action: @action, method: @method)}>"
     end
 
     def csrf_tag
@@ -39,11 +68,40 @@ module Radical
     end
 
     def rack_override_tag
-      "<input type=hidden name=_method value=#{@override_method} />" unless %w[GET POST].include?(@override_method)
+      attrs = { value: @override_method, type: 'hidden', name: '_method' }
+
+      tag('input', attrs) unless %w[GET POST].include?(@override_method)
     end
 
     def close_tag
       '</form>'
     end
+
+    private
+
+    def tag(name, attrs, &block)
+      attr_string = attrs.empty? ? '' : " #{html_attributes(attrs)}"
+      open_tag = "<#{name}"
+      self_closing = SELF_CLOSING_TAGS.include?(name)
+      end_tag = self_closing ? ' />' : "</#{name}>"
+
+      "#{open_tag}#{attr_string}#{self_closing ? '' : '>'}#{block&.call}#{end_tag}"
+    end
+
+    def html_attributes(options = {})
+      options.transform_keys(&:to_s).sort_by { |k, _| k }.map { |k, v| "#{k}=\"#{v}\"" }.join(' ')
+    end
+
+    def action_from(controller:, model:)
+      return if model.nil?
+
+      route_name = controller.class.route_name
+
+      if model.saved?
+        controller.send(:"#{route_name}_path", model)
+      else
+        controller.send(:"#{route_name}_path")
+      end
+    end
   end
 end

data/lib/radical/generator/app/.env

@@ -0,0 +1,5 @@
+<<-RB
+  RADICAL_ENV=development
+  SESSION_SECRET=#{SecureRandom.hex(32)}
+  DATABASE_URL=development.sqlite3
+RB

data/lib/radical/generator/app/Gemfile

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+gem 'radical', '~> 1.0'

data/lib/radical/generator/app/app.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'radical'
+
+def require_all(*args)
+  args.each do |arg|
+    file = File.join(__dir__, arg)
+
+    if File.exist?("#{file}.rb")
+      require file
+    else
+      Dir[File.join(file, '*.rb')].sort.each do |f|
+        require f
+      end
+    end
+  end
+end
+
+require_all(
+  'models/model',
+  'models',
+  'controllers/controller',
+  'controllers',
+  'routes'
+)
+
+# the main entry point into the application
+class App < Radical::App
+  routes Routes
+
+  assets do |a|
+    a.css []
+    a.js []
+  end
+
+  compile_assets if Radical.env.production?
+end

data/lib/radical/generator/app/config.ru

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+require_relative 'app'
+
+run App