rails-doctor 0.2.0 → 0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f6d4db14cadca4a355a495d14a6e005e9d34dd7c4b9e338c686f23614e66c02b
-  data.tar.gz: 47fa1a18bcdb0f011e371aebfbb18d75cd8b24e6c6a08f91e2f7ea74359b47a7
+  metadata.gz: ed3ab8bad2609f892947c536cb38286fd793a80954c3d319fa420a5fbe60363d
+  data.tar.gz: 5c56138a1015010e73aef14fee3dd8711db17fa65ad859d1278de14fe2770bcf
 SHA512:
-  metadata.gz: 4acb580364cf3d04eeef44162668ada9642264c918f8a3918d14c8fad47708e1c0003ade9e419b25c9804701cf48cdc47efbc78c403d67c9745569c147224cfd
-  data.tar.gz: 431f3efe7bb6d6a1e82ecdc2993f85776f79ffe8ebb3175e88bf1fd54728366dff9ba778b87d0b8fa965a3ce6a6c6ee1a66aacca0ba3a86b9b1308ea597abbc9
+  metadata.gz: a27e13091f164d1cf8381f2ff0a812425bc10aae66929f91e1c582f08381c247ae48348a98a265d4c25a9a9d746d6d63cf17913c070048362883c6d060e9d494
+  data.tar.gz: 0c5f55e894a9da56d9c13ceb31026c73034b44228d7cde6a167b4b58307d2ead1c72880b6bbd44d4d4a1d06d1c332a4efa3022fbfa545664dc420f8ac118eab5

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 0.3
+
+- Reduced Rails route-check false positives for `resources` `only:`/`except:` options, namespace and `scope module:` blocks, inherited Devise controller actions, and private controller helper methods.
+- Made `rails-doctor init --install` run Bundler through the active Ruby executable so rbenv/asdf/shimmed environments use the same Ruby context as Rails Doctor.
+- Added npm install steps to generated GitHub Actions workflows when a `package-lock.json` is present, improving Rails app support for npm-managed frontend assets.
+
 ## 0.2.0
 
 - Improved Rails schema parsing for inline indexes, single-column indexes, scoped uniqueness validations, partial unique indexes, and string-backed foreign keys.

data/examples/github-actions/rails-doctor.yml

@@ -23,6 +23,13 @@ jobs:
         with:
           ruby-version: ${{ matrix.ruby }}
           bundler-cache: true
+      - uses: actions/setup-node@v4
+        if: ${{ hashFiles('package-lock.json') != '' }}
+        with:
+          node-version: "22"
+          cache: npm
+      - run: npm ci
+        if: ${{ hashFiles('package-lock.json') != '' }}
       - run: bundle exec rails-doctor --profile ci --base origin/${{ github.base_ref || 'main' }} --format markdown --output tmp/rails-doctor/summary.md
       - run: bundle exec rails-doctor --profile ci --base origin/${{ github.base_ref || 'main' }} --format json --output tmp/rails-doctor/report.json
       - run: bundle exec rails-doctor --profile ci --base origin/${{ github.base_ref || 'main' }} --format html --output tmp/rails-doctor/report.html

data/lib/rails_doctor/checks/rails_checks.rb

@@ -1,9 +1,28 @@
 # frozen_string_literal: true
 
+begin
+  require "active_support/inflector"
+rescue LoadError
+  nil
+end
+
 module RailsDoctor
   module Checks
     class RailsChecks
       NAME = "rails_checks"
+      RESTFUL_ACTIONS = %w[index show new create edit update destroy].freeze
+      SINGULAR_RESTFUL_ACTIONS = %w[show new create edit update destroy].freeze
+      DEVISE_INHERITED_ACTIONS = {
+        "Devise::ConfirmationsController" => %w[new create show],
+        "Devise::OmniauthCallbacksController" => %w[failure passthru],
+        "Devise::PasswordsController" => %w[new create edit update],
+        "Devise::RegistrationsController" => %w[cancel create destroy edit new update],
+        "Devise::SessionsController" => %w[create destroy new],
+        "Devise::UnlocksController" => %w[new create show]
+      }.freeze
+      FALLBACK_IRREGULAR_PLURALS = {
+        "person" => "people"
+      }.freeze
 
       attr_reader :project, :config, :runner, :profile, :changed_files
 
@@ -153,9 +172,11 @@ module RailsDoctor
           end
 
           controller_source = File.read(controller_file)
-          defined_actions = controller_source.scan(/^\s*def\s+([a-zA-Z_]\w*[!?=]?)/).flatten
+          defined_actions = controller_actions(controller_source)
           actions.each do |action|
             unless defined_actions.include?(action)
+              next if inherited_route_action?(controller_source, action)
+
               findings << Finding.new(
                 severity: "high",
                 category: "routing",
@@ -377,19 +398,180 @@ module RailsDoctor
 
         source = File.read(path)
         route_map = Hash.new { |hash, key| hash[key] = [] }
+        block_stack = []
 
-        source.scan(/to:\s*["']([a-zA-Z0-9_\/]+)#([a-zA-Z_]\w*)["']/).each do |controller, action|
-          route_map[controller] << action
-        end
+        route_lines(source).each do |line|
+          next if line.empty? || line.start_with?("#")
+
+          if line.match?(/\Aend\b/)
+            block_stack.pop
+            next
+          end
+
+          module_stack = block_stack.filter_map { |frame| frame[:module] }
+          add_explicit_routes(route_map, line, module_stack)
+          add_resource_routes(route_map, line, module_stack)
 
-        source.scan(/resources\s+:([a-zA-Z_]\w*)/).each do |resource|
-          controller = resource.first
-          route_map[controller].concat(%w[index show new create edit update destroy])
+          block_stack << route_block_frame(line) if route_block_opens?(line)
         end
 
         route_map.transform_values { |actions| actions.uniq.sort }
       end
 
+      def route_lines(source)
+        lines = []
+        buffer = nil
+
+        source.each_line do |raw_line|
+          line = raw_line.strip
+
+          if buffer
+            buffer = "#{buffer} #{line}"
+            if route_statement_complete?(buffer)
+              lines << buffer
+              buffer = nil
+            end
+          elsif route_statement_start?(line) && !route_statement_complete?(line)
+            buffer = line
+          else
+            lines << line
+          end
+        end
+
+        lines << buffer if buffer
+        lines
+      end
+
+      def route_statement_start?(line)
+        line.match?(/\A(?:get|post|put|patch|delete|match|root|namespace|scope|resource|resources)\b/)
+      end
+
+      def route_statement_complete?(line)
+        return false if line.end_with?(",")
+
+        bracket_balanced?(line, "[", "]") &&
+          bracket_balanced?(line, "{", "}") &&
+          bracket_balanced?(line, "(", ")")
+      end
+
+      def bracket_balanced?(line, left, right)
+        line.count(left) == line.count(right)
+      end
+
+      def route_block_opens?(line)
+        line.match?(/\bdo\b/) || line.match?(/\A(?:if|unless|case|begin)\b/)
+      end
+
+      def add_explicit_routes(route_map, line, module_stack)
+        line.scan(/to:\s*["'](\/?)([a-zA-Z0-9_\/]+)#([a-zA-Z_]\w*)["']/).each do |absolute, controller, action|
+          modules = absolute == "/" ? [] : route_modules(line, module_stack)
+          route_map[controller_with_modules(controller, modules)] << action
+        end
+      end
+
+      def add_resource_routes(route_map, line, module_stack)
+        line.scan(/\b(resource|resources)\s+:([a-zA-Z_]\w*)(.*)$/).each do |kind, resource, options|
+          singular = kind == "resource"
+          controller = route_option_value(options, "controller") || (singular ? pluralize(resource) : resource)
+          absolute = controller.start_with?("/")
+          modules = absolute ? [] : route_modules(options, module_stack)
+          route_map[controller_with_modules(controller.delete_prefix("/"), modules)].concat(resource_actions(options, singular: singular))
+        end
+      end
+
+      def route_block_frame(line)
+        { module: route_namespace_module(line) || route_scope_module(line) }.compact
+      end
+
+      def route_namespace_module(line)
+        match = line.match(/\bnamespace\s+(?::([a-zA-Z_]\w*)|["']([^"']+)["'])/)
+        match && (match[1] || match[2])
+      end
+
+      def route_scope_module(line)
+        route_option_value(line, "module") if line.match?(/\bscope\b/)
+      end
+
+      def route_modules(options, module_stack)
+        module_stack + [route_option_value(options, "module")].compact
+      end
+
+      def controller_with_modules(controller, modules)
+        prefix = modules.reject(&:empty?).join("/")
+        return controller if prefix.empty?
+        return controller if controller == prefix || controller.start_with?("#{prefix}/")
+
+        "#{prefix}/#{controller}"
+      end
+
+      def resource_actions(options, singular:)
+        actions = singular ? SINGULAR_RESTFUL_ACTIONS.dup : RESTFUL_ACTIONS.dup
+        only = route_action_option(options, "only")
+        except = route_action_option(options, "except")
+        actions &= only if only
+        actions -= except if except
+        actions
+      end
+
+      def route_action_option(options, key)
+        percent_list = /%[iIwW](?:\[[^\]]*\]|\([^\)]*\)|\{[^\}]*\}|<[^>]*>)/
+        match = options.match(/\b#{Regexp.escape(key)}:\s*(\[[^\]]*\]|#{percent_list}|:[a-zA-Z_]\w*|["'][^"']+["'])/)
+        return unless match
+
+        extract_route_actions(match[1])
+      end
+
+      def extract_route_actions(value)
+        if value.start_with?("%i", "%I", "%w", "%W")
+          value[/\A%[iIwW].(.*).\z/, 1].to_s.split(/\s+/)
+        elsif value.start_with?("[")
+          value.scan(/:([a-zA-Z_]\w*)/).flatten + value.scan(/["']([a-zA-Z_]\w*)["']/).flatten
+        else
+          [value.delete_prefix(":").delete_prefix("\"").delete_suffix("\"").delete_prefix("'").delete_suffix("'")]
+        end.uniq
+      end
+
+      def route_option_value(options, key)
+        match = options.match(/\b#{Regexp.escape(key)}:\s*(?::([a-zA-Z_]\w*)|["']([^"']+)["'])/)
+        match && (match[1] || match[2])
+      end
+
+      def controller_actions(source)
+        visibility = :public
+        actions = []
+        all_methods = []
+        non_public_methods = []
+        public_methods = []
+
+        source.each_line do |line|
+          if line.match?(/^\s*(private|protected)\s*(?:#.*)?$/)
+            visibility = :non_public
+          elsif line.match?(/^\s*public\s*(?:#.*)?$/)
+            visibility = :public
+          elsif (match = line.match(/^\s*(?:private|protected)\s+(.+)/))
+            non_public_methods.concat(visibility_method_names(match[1]))
+          elsif (match = line.match(/^\s*public\s+(.+)/))
+            public_methods.concat(visibility_method_names(match[1]))
+          elsif visibility == :public && (match = line.match(/^\s*def\s+([a-zA-Z_]\w*[!?=]?)/))
+            all_methods << match[1]
+            actions << match[1]
+          elsif (match = line.match(/^\s*def\s+([a-zA-Z_]\w*[!?=]?)/))
+            all_methods << match[1]
+          end
+        end
+
+        ((actions - non_public_methods) + (all_methods & public_methods)).uniq
+      end
+
+      def visibility_method_names(source)
+        source.scan(/:([a-zA-Z_]\w*[!?=]?)/).flatten + source.scan(/["']([a-zA-Z_]\w*[!?=]?)["']/).flatten
+      end
+
+      def inherited_route_action?(source, action)
+        superclass = source[/<\s*(Devise::[A-Za-z0-9_:]+Controller)/, 1]
+        DEVISE_INHERITED_ACTIONS.fetch(superclass, []).include?(action)
+      end
+
       def explicit_response?(source, action)
         body = source[/^\s*def\s+#{Regexp.escape(action)}\b(.*?)^\s*end/m, 1].to_s
         body.match?(/\b(render|redirect_to|head|respond_to|send_data|send_file)\b/)
@@ -414,7 +596,10 @@ module RailsDoctor
       end
 
       def pluralize(value)
+        return ActiveSupport::Inflector.pluralize(value) if defined?(ActiveSupport::Inflector)
+        return FALLBACK_IRREGULAR_PLURALS.fetch(value) if FALLBACK_IRREGULAR_PLURALS.key?(value)
         return value.sub(/y\z/, "ies") if value.end_with?("y")
+        return "#{value}es" if value.match?(/(?:s|x|z|ch|sh)\z/)
         return value if value.end_with?("s")
 
         "#{value}s"

data/lib/rails_doctor/init/runner.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 require "fileutils"
+require "rbconfig"
+require "shellwords"
 require "yaml"
 
 module RailsDoctor
@@ -133,6 +135,13 @@ module RailsDoctor
                   with:
                     ruby-version: ${{ matrix.ruby }}
                     bundler-cache: true
+                - uses: actions/setup-node@v4
+                  if: ${{ hashFiles('package-lock.json') != '' }}
+                  with:
+                    node-version: "22"
+                    cache: npm
+                - run: npm ci
+                  if: ${{ hashFiles('package-lock.json') != '' }}
                 - run: bundle exec rails-doctor --profile ci --base origin/${{ github.base_ref || 'main' }} --format markdown --output tmp/rails-doctor/summary.md
                 - run: bundle exec rails-doctor --profile ci --base origin/${{ github.base_ref || 'main' }} --format json --output tmp/rails-doctor/report.json
                 - run: bundle exec rails-doctor --profile ci --base origin/${{ github.base_ref || 'main' }} --format html --output tmp/rails-doctor/report.html
@@ -180,10 +189,14 @@ module RailsDoctor
       def install_command(gems, group: nil)
         grouped = group ? { group => gems } : gems.group_by { |gem| RECOMMENDED_GEMS.fetch(gem) }
         grouped.map do |target_group, target_gems|
-          "bundle add #{target_gems.join(" ")} --group=#{target_group}"
+          "#{bundle_command} add #{target_gems.join(" ")} --group=#{target_group}"
         end.join(" && ")
       end
 
+      def bundle_command
+        "#{Shellwords.escape(RbConfig.ruby)} -S bundle"
+      end
+
       def deep_profile?
         options.fetch(:profile, "recommended").to_s == "deep"
       end

data/lib/rails_doctor/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RailsDoctor
-  VERSION = "0.2.0"
+  VERSION = "0.3"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails-doctor
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: '0.3'
 platform: ruby
 authors:
 - Josh Saint Jacque