ruact 0.0.2 → 0.0.3

data/spec/ruact/controller_spec.rb

@@ -2,6 +2,18 @@
 
 require "spec_helper"
 require "active_support/concern"
+# Re-run-5 (2026-05-15) — the `:current_user` inherited-helper clobber
+# test creates a `Class.new(ActionController::Base)`, which requires
+# `action_controller` to be loaded. Pre-Re-run-5 this test was the
+# first thing in the suite to demand-load `action_controller`,
+# which had the side effect of triggering `Rails::Application`'s
+# class definition AFTER spec_helper's `require "ruact"` ran — so
+# `Ruact::Railtie` never got loaded into the process and downstream
+# specs that depend on the Railtie's `to_prepare` hook would behave
+# inconsistently. Loading both explicitly here makes the order
+# deterministic.
+require "action_controller"
+require "ruact"
 require "ruact/controller"
 
 module Ruact
@@ -24,37 +36,37 @@ module Ruact
     let(:fake_request) { Struct.new(:headers, :format).new({}, nil) }
     let(:controller)   { test_class.new(fake_request) }
 
-    describe "#rsc_manifest" do
+    describe "#ruact_manifest" do
       it "reads from Ruact.manifest (AC#6)" do
         test_manifest = ClientManifest.from_hash({})
         allow(Ruact).to receive(:manifest).and_return(test_manifest)
-        expect(controller.send(:rsc_manifest)).to be test_manifest
+        expect(controller.send(:ruact_manifest)).to be test_manifest
       end
     end
 
-    describe "#rsc_request?" do
+    describe "#ruact_request?" do
       it "returns true when Accept: text/x-component" do
         fake_request.headers["Accept"] = "text/x-component"
-        expect(controller.send(:rsc_request?)).to be true
+        expect(controller.send(:ruact_request?)).to be true
       end
 
       it "returns true when Accept header includes text/x-component alongside other types" do
         fake_request.headers["Accept"] = "text/x-component, */*"
-        expect(controller.send(:rsc_request?)).to be true
+        expect(controller.send(:ruact_request?)).to be true
       end
 
-      it "returns true when RSC-Request: 1 header is set" do
-        fake_request.headers["RSC-Request"] = "1"
-        expect(controller.send(:rsc_request?)).to be true
+      it "returns true when Ruact-Request: 1 header is set" do
+        fake_request.headers["Ruact-Request"] = "1"
+        expect(controller.send(:ruact_request?)).to be true
       end
 
       it "returns false when Accept: text/html" do
         fake_request.headers["Accept"] = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
-        expect(controller.send(:rsc_request?)).to be false
+        expect(controller.send(:ruact_request?)).to be false
       end
 
       it "returns false when no Accept header is set" do
-        expect(controller.send(:rsc_request?)).to be false
+        expect(controller.send(:ruact_request?)).to be false
       end
     end
 
@@ -63,43 +75,43 @@ module Ruact
       let(:json_format) { Class.new { def html? = false }.new }
 
       before do
-        allow(controller).to receive(:rsc_template_exists?).and_return(true)
-        allow(controller).to receive(:rsc_render)
+        allow(controller).to receive(:ruact_template_exists?).and_return(true)
+        allow(controller).to receive(:ruact_render)
       end
 
-      it "calls rsc_render when format is HTML and template exists (AC#1)" do
+      it "calls ruact_render when format is HTML and template exists (AC#1)" do
         allow(fake_request).to receive(:format).and_return(html_format)
         controller.send(:default_render)
-        expect(controller).to have_received(:rsc_render)
+        expect(controller).to have_received(:ruact_render)
       end
 
-      it "calls rsc_render for RSC requests (text/x-component) even without html? (AC#1)" do
+      it "calls ruact_render for RSC requests (text/x-component) even without html? (AC#1)" do
         allow(fake_request).to receive(:format).and_return(json_format)
-        fake_request.headers["RSC-Request"] = "1"
+        fake_request.headers["Ruact-Request"] = "1"
         controller.send(:default_render)
-        expect(controller).to have_received(:rsc_render)
+        expect(controller).to have_received(:ruact_render)
       end
 
-      it "does NOT call rsc_render when format is not HTML and not RSC (AC#5, AC#6 — FR26)" do
+      it "does NOT call ruact_render when format is not HTML and not RSC (AC#5, AC#6 — FR26)" do
         allow(fake_request).to receive(:format).and_return(json_format)
-        allow(controller).to receive(:rsc_render)
+        allow(controller).to receive(:ruact_render)
         begin
           controller.send(:default_render)
         rescue StandardError
           nil
         end
-        expect(controller).not_to have_received(:rsc_render)
+        expect(controller).not_to have_received(:ruact_render)
       end
 
-      it "does NOT call rsc_render when no template exists" do
-        allow(controller).to receive(:rsc_template_exists?).and_return(false)
+      it "does NOT call ruact_render when no template exists" do
+        allow(controller).to receive(:ruact_template_exists?).and_return(false)
         allow(fake_request).to receive(:format).and_return(html_format)
         begin
           controller.send(:default_render)
         rescue StandardError
           nil
         end
-        expect(controller).not_to have_received(:rsc_render)
+        expect(controller).not_to have_received(:ruact_render)
       end
     end
 
@@ -130,7 +142,7 @@ module Ruact
         end
       end
 
-      let(:rsc_ctrl) do
+      let(:ruact_ctrl) do
         redirect_test_class.new(Struct.new(:headers, :host).new({ "Accept" => "text/x-component" }, "localhost"))
       end
       let(:html_ctrl) do
@@ -138,12 +150,12 @@ module Ruact
       end
 
       context "when RSC request with same-origin URL (AC #1, #5)" do
-        before { allow(rsc_ctrl).to receive(:url_for).and_return("/posts/1") }
+        before { allow(ruact_ctrl).to receive(:url_for).and_return("/posts/1") }
 
         it "calls render with a Flight redirect row (not a 302)" do
-          allow(rsc_ctrl).to receive(:render)
-          rsc_ctrl.send(:redirect_to, "/posts/1")
-          expect(rsc_ctrl).to have_received(:render).with(
+          allow(ruact_ctrl).to receive(:render)
+          ruact_ctrl.send(:redirect_to, "/posts/1")
+          expect(ruact_ctrl).to have_received(:render).with(
             plain: "0:{\"redirectUrl\":\"/posts/1\",\"redirectType\":\"push\"}\n",
             content_type: "text/x-component"
           )
@@ -151,19 +163,19 @@ module Ruact
 
         it "redirect row matches the flight fixture (AC #5)" do
           rendered_plain = nil
-          allow(rsc_ctrl).to receive(:render) { |opts| rendered_plain = opts[:plain] }
-          rsc_ctrl.send(:redirect_to, "/posts/1")
+          allow(ruact_ctrl).to receive(:render) { |opts| rendered_plain = opts[:plain] }
+          ruact_ctrl.send(:redirect_to, "/posts/1")
           expect(rendered_plain).to match_flight_fixture("redirect_row")
         end
       end
 
       context "when RSC request with external URL (AC #3)" do
-        before { allow(rsc_ctrl).to receive(:url_for).and_return("https://external.com/page") }
+        before { allow(ruact_ctrl).to receive(:url_for).and_return("https://external.com/page") }
 
         it "does NOT emit a redirect row (falls back to super)" do
-          allow(rsc_ctrl).to receive(:render)
-          rsc_ctrl.send(:redirect_to, "https://external.com/page")
-          expect(rsc_ctrl).not_to have_received(:render)
+          allow(ruact_ctrl).to receive(:render)
+          ruact_ctrl.send(:redirect_to, "https://external.com/page")
+          expect(ruact_ctrl).not_to have_received(:render)
         end
       end
 
@@ -178,36 +190,412 @@ module Ruact
       end
     end
 
-    describe "#rsc_html_shell" do
+    describe "#ruact_html_shell" do
       # vite_tags requires Rails.env — stub it so we can test the shell structure.
       before { allow(controller).to receive(:vite_tags).and_return("") }
 
       let(:payload) { "0:[\"$\",\"div\",null,{}]\n" }
 
       it "returns a string containing window.__FLIGHT_DATA" do
-        html = controller.send(:rsc_html_shell, payload)
+        html = controller.send(:ruact_html_shell, payload)
         expect(html).to include("__FLIGHT_DATA")
       end
 
       it "wraps the payload in an IIFE push" do
-        html = controller.send(:rsc_html_shell, payload)
+        html = controller.send(:ruact_html_shell, payload)
         expect(html).to include("d.push(")
       end
 
       it "contains a root div#root element" do
-        html = controller.send(:rsc_html_shell, payload)
+        html = controller.send(:ruact_html_shell, payload)
         expect(html).to include('<div id="root">')
       end
 
       it "escapes </script> in the payload to prevent XSS breakout" do
         dangerous_payload = "0:\"</script><script>alert(1)</script>\"\n"
-        html = controller.send(:rsc_html_shell, dangerous_payload)
+        html = controller.send(:ruact_html_shell, dangerous_payload)
         # The HTML must contain exactly ONE </script> — the real closing tag of the script block.
         # If the payload's </script> leaked through, there would be more than one.
         occurrences = html.scan("</script>")
         count = occurrences.length
         expect(count).to eq(1), "Expected 1 </script> (closing tag), found #{count}"
       end
+
+      # Story 8.3 review R7 — the shell must surface the host's CSRF token
+      # as a `<meta name="csrf-token">` tag so the JS runtime can forward
+      # it as `X-CSRF-Token` on every `_makeRef` call. Without this,
+      # standalone server actions (Story 8.3 AC5) — for which the gem
+      # enforces CSRF itself via `protect_from_forgery with: :exception,
+      # if: :dispatching_standalone?` — can never authenticate, because
+      # the document has no token for the runtime to read.
+      context "Story 8.3 — CSRF meta tag injection", :story_8_3 do
+        # The bare `test_class` above is a minimal `include Ruact::Controller`
+        # consumer with no `form_authenticity_token` surface (no Rails
+        # request-forgery-protection module mixed in). Define a real method
+        # on the class so `respond_to?(:form_authenticity_token, true)` is
+        # true AND `verify_partial_doubles` lets us stub the return value.
+        let(:csrf_test_class) do
+          Class.new(test_class) do
+            def form_authenticity_token
+              "stub-default-token"
+            end
+          end
+        end
+        let(:csrf_controller) { csrf_test_class.new(fake_request) }
+
+        it "embeds <meta name=\"csrf-token\" content=\"...\"> when the host exposes form_authenticity_token" do
+          allow(csrf_controller).to receive(:form_authenticity_token).and_return("test-csrf-token-value")
+          html = csrf_controller.send(:ruact_html_shell, payload)
+          expect(html).to include('<meta name="csrf-token" content="test-csrf-token-value" />')
+        end
+
+        it "HTML-escapes the token value (defense against accidental quote injection)" do
+          allow(csrf_controller).to receive(:form_authenticity_token).and_return('"quoted" & <evil>')
+          html = csrf_controller.send(:ruact_html_shell, payload)
+          expect(html).to include("&quot;quoted&quot; &amp; &lt;evil&gt;")
+          expect(html).not_to include('"quoted" & <evil>')
+        end
+
+        it "omits the meta tag (renders empty string) when form_authenticity_token is not available " \
+           "(e.g., a non-Rails spec context)" do
+          # `controller` is the bare test_class without `form_authenticity_token`.
+          html = controller.send(:ruact_html_shell, payload)
+          expect(html).not_to include('name="csrf-token"')
+        end
+
+        it "omits the meta tag when form_authenticity_token returns nil/empty" do
+          allow(csrf_controller).to receive(:form_authenticity_token).and_return("")
+          html = csrf_controller.send(:ruact_html_shell, payload)
+          expect(html).not_to include('name="csrf-token"')
+        end
+
+        it "silently omits the meta tag if form_authenticity_token raises " \
+           "(e.g., session middleware missing in a stripped-down test env)" do
+          allow(csrf_controller).to receive(:form_authenticity_token).and_raise(StandardError, "no session")
+          expect { csrf_controller.send(:ruact_html_shell, payload) }.not_to raise_error
+          html = csrf_controller.send(:ruact_html_shell, payload)
+          expect(html).not_to include('name="csrf-token"')
+        end
+      end
+    end
+
+    describe "ruact_action DSL macro (Story 8.1)", :story_8_1 do
+      # The macro is class-level. Each example builds a fresh anonymous
+      # controller class so registry state is per-example. The registry
+      # itself is reset at the top of every example via Ruact.action_registry.clear!
+      # to avoid leakage across spec runs.
+      before { Ruact.action_registry.clear! }
+
+      it "registers an action in Ruact.action_registry with the correct kind, controller, and block" do
+        klass = Class.new do
+          def self.name = "ExampleController"
+          include Ruact::Controller
+
+          ruact_action(:create_post) { |params| "created #{params[:title]}" }
+        end
+
+        entry = Ruact.action_registry.entries[:create_post]
+        expect(entry).not_to be_nil
+        expect(entry.ruby_symbol).to eq(:create_post)
+        expect(entry.js_identifier).to eq("createPost")
+        expect(entry.kind).to eq(:action)
+        expect(entry.controller).to be(klass)
+        expect(entry.block).to be_a(Proc)
+      end
+
+      it "defines the action symbol as a PUBLIC method (Rails action dispatch requires public) " \
+         "with a thread-local guard that rejects non-endpoint invocations (review-batch 1 2026-05-14)" do
+        klass = Class.new do
+          def self.name = "ExampleController"
+          include Ruact::Controller
+
+          ruact_action(:create_post) { |params| "echo #{params[:title]}" }
+        end
+
+        instance = klass.allocate
+        # Public (so ActionController#process can dispatch it through the
+        # before_action chain when scoped `only: :create_post`).
+        expect(instance.respond_to?(:create_post)).to be(true)
+        # Direct call without the thread-local sentinel raises — closes the
+        # wildcard-route exposure where a host's `get ":controller/:action"`
+        # could otherwise reach the action via GET.
+        expect { instance.send(:create_post) }.to raise_error(Ruact::Error, /can only be invoked through POST/)
+      end
+
+      it "raises ArgumentError when no block is given" do
+        expect do
+          Class.new do
+            def self.name = "BadController"
+            include Ruact::Controller
+
+            ruact_action(:create_post)
+          end
+        end.to raise_error(ArgumentError, /requires a block/)
+      end
+
+      it "raises Ruact::ConfigurationError with the AC7 prefix on invalid symbol shape" do
+        expect do
+          Class.new do
+            def self.name = "BadController"
+            include Ruact::Controller
+
+            ruact_action(:CreatePost) { |_p| nil }
+          end
+        end.to raise_error(Ruact::ConfigurationError, /invalid server-function symbol :CreatePost in BadController/)
+      end
+
+      it "raises Ruact::ConfigurationError with the AC7 collision wording on within-registry duplicate js_identifier" do
+        expect do
+          Class.new do
+            def self.name = "CollidingController"
+            include Ruact::Controller
+
+            ruact_action(:foo_bar)  { |_p| nil }
+            ruact_action(:foo__bar) { |_p| nil }
+          end
+        end.to raise_error(Ruact::ConfigurationError, /server-function naming collision.*"fooBar"/m)
+      end
+
+      it "raises Ruact::ConfigurationError when the symbol maps to a reserved JS word" do
+        expect do
+          Class.new do
+            def self.name = "BadController"
+            include Ruact::Controller
+
+            ruact_action(:delete) { |_p| nil }
+          end
+        end.to raise_error(Ruact::ConfigurationError, /reserved/)
+      end
+
+      it "raises Ruact::ConfigurationError when the symbol clobbers a framework method " \
+         "(review-batch 1 2026-05-14)" do
+        # `:params` is defined on ActionController::Base via Metal — declaring
+        # `ruact_action :params` would override the request-params accessor.
+        expect do
+          Class.new do
+            def self.name = "BadController"
+            include Ruact::Controller
+
+            ruact_action(:params) { |_p| nil }
+          end
+        end.to raise_error(Ruact::ConfigurationError, /would clobber a framework method/)
+      end
+
+      it "raises ArgumentError on a zero-arity block (review-batch 1 2026-05-14)" do
+        expect do
+          Class.new do
+            def self.name = "ExampleController"
+            include Ruact::Controller
+
+            ruact_action(:no_args) { "pong" }
+          end
+        end.to raise_error(ArgumentError, /must accept exactly one positional parameter/)
+      end
+
+      it "rejects a block with required keyword arguments (re-run-4 #4 — " \
+         "block.parameters guard catches `do |p, required:|`)" do
+        expect do
+          Class.new do
+            def self.name = "ExampleController"
+            include Ruact::Controller
+
+            ruact_action(:bad_kwargs) { |_params, required:| required }
+          end
+        end.to raise_error(ArgumentError, /no required keyword arguments/)
+      end
+
+      it "accepts optional keyword args alongside the positional (re-run-4 #4 — " \
+         "`do |params, opt: nil|` is fine)" do
+        expect do
+          Class.new do
+            def self.name = "ExampleController"
+            include Ruact::Controller
+
+            ruact_action(:opt_kwargs) { |_params, opt: nil| opt }
+          end
+        end.not_to raise_error
+      end
+
+      it "accepts a splat-arity block (do |*args|) since it tolerates one positional arg" do
+        expect do
+          Class.new do
+            def self.name = "ExampleController"
+            include Ruact::Controller
+
+            ruact_action(:splat_args) { |*args| args.first }
+          end
+        end.not_to raise_error
+      end
+
+      it "rejects a String argument (re-run-2 #4 — String key would 404 on dispatch)" do
+        expect do
+          Class.new do
+            def self.name = "BadController"
+            include Ruact::Controller
+
+            ruact_action("create_post") { |_p| nil }
+          end
+        end.to raise_error(ArgumentError, /requires a Symbol/)
+      end
+
+      it "rejects clobber of a method already defined on the host class itself " \
+         "(re-run-2 #3 — guard extended from framework methods to host methods)" do
+        expect do
+          Class.new do
+            def self.name = "BadController"
+            include Ruact::Controller
+
+            def index; end
+            ruact_action(:index) { |_p| nil }
+          end
+        end.to raise_error(Ruact::ConfigurationError, /would clobber an existing method/)
+      end
+
+      it "rejects clobber of an INHERITED app helper like :current_user " \
+         "(re-run-3 #2 — guard extended from own-class to inherited app methods)" do
+        # Stand-in for `ApplicationController` defining `current_user` and
+        # subclasses inheriting it; declaring `ruact_action :current_user`
+        # would silently override the auth helper.
+        app_controller = Class.new(ActionController::Base) do
+          def current_user; end
+          def authenticate_user!; end
+        end
+        expect do
+          Class.new(app_controller) do
+            def self.name = "BadController"
+            include Ruact::Controller
+
+            ruact_action(:current_user) { |_p| nil }
+          end
+        end.to raise_error(Ruact::ConfigurationError, /would clobber an inherited helper/)
+      end
+
+      it "rejects clobber of CSRF callback :verify_authenticity_token " \
+         "(re-run-5 #2 — added to FRAMEWORK_RESERVED_METHODS)" do
+        expect do
+          Class.new do
+            def self.name = "BadController"
+            include Ruact::Controller
+
+            ruact_action(:verify_authenticity_token) { |_p| nil }
+          end
+        end.to raise_error(Ruact::ConfigurationError, /would clobber a framework method/)
+      end
+
+      it "rejects a block with MULTIPLE required positional parameters " \
+         "(re-run-5 #3 — `do |a, b|` silently received nil for `b`)" do
+        expect do
+          Class.new do
+            def self.name = "ExampleController"
+            include Ruact::Controller
+
+            ruact_action(:two_positional) { |_a, _b| nil }
+          end
+        end.to raise_error(ArgumentError, /must accept exactly one positional/)
+      end
+
+      it "rejects clobber of Kernel#send / Kernel#public_send " \
+         "(re-run-3 #2 — added to FRAMEWORK_RESERVED_METHODS)" do
+        expect do
+          Class.new do
+            def self.name = "BadController"
+            include Ruact::Controller
+
+            ruact_action(:send) { |_p| nil }
+          end
+        end.to raise_error(Ruact::ConfigurationError, /would clobber a framework method/)
+      end
+
+      it "rejects clobber of an INHERITED ActionController::Base method like :status " \
+         "(re-run-6 #2 — denylist widened from hardcoded set to all framework methods - Object methods)" do
+        expect do
+          Class.new do
+            def self.name = "BadController"
+
+            include Ruact::Controller
+
+            ruact_action(:status) { |_p| nil }
+          end
+        end.to raise_error(Ruact::ConfigurationError,
+                           /would clobber an inherited ActionController::Base method/)
+      end
+
+      it "rejects a LATER def that overrides a previously-registered " \
+         "ruact_action method in the same class body (re-run-6 #1 — method_added hook)" do
+        # The macro defines the action method; a later `def create_post; end`
+        # would silently shadow it, causing host_class.dispatch to skip the
+        # sentinel guard and run the user's later body. Detect at class-load
+        # time via method_added hook so the error is loud at boot.
+        expect do
+          Class.new do
+            def self.name = "BadController"
+
+            include Ruact::Controller
+
+            ruact_action(:create_post) { |_p| "from macro" }
+
+            def create_post
+              "from later def"
+            end
+          end
+        end.to raise_error(Ruact::ConfigurationError,
+                           /registered by `ruact_action :create_post` and then re-defined/)
+      end
+
+      it "preserves a pre-existing `method_added` hook on the host class " \
+         "(re-run-7 #1 — prepended Module instead of define_method clobber)" do
+        # Apps and concerns commonly install `method_added` for
+        # instrumentation, DSL bookkeeping (`attr_*` style helpers), or
+        # auditing. If the gem replaced the host's `method_added` instead
+        # of chaining through it, those concerns would stop firing as soon
+        # as the first `ruact_action` runs.
+        recorded = []
+        klass = Class.new do
+          def self.name = "ExampleController"
+
+          singleton_class.define_method(:method_added) do |meth|
+            recorded << meth
+            super(meth)
+          end
+
+          include Ruact::Controller
+
+          ruact_action(:create_post) { |_p| "from macro" }
+
+          def helper_method
+            :ok
+          end
+        end
+
+        # Both the macro-defined :create_post AND the later `def helper_method`
+        # should have been observed by the host's `method_added`.
+        expect(recorded).to include(:create_post, :helper_method)
+        # The action method is still registered and dispatch-guarded.
+        expect(klass.allocate.respond_to?(:create_post)).to be(true)
+      end
+    end
+
+    describe "ruact_action cross-controller collisions (Story 8.1 — re-run-3)" do
+      before { Ruact.action_registry.clear! }
+
+      it "raises Ruact::ConfigurationError when the SAME symbol is declared on TWO controllers " \
+         "(re-run-3 #1 — silent overwrite would route to whichever loaded last)" do
+        Class.new do
+          def self.name = "PostsController"
+          include Ruact::Controller
+
+          ruact_action(:create_post) { |_p| nil }
+        end
+
+        expect do
+          Class.new do
+            def self.name = "AdminPostsController"
+            include Ruact::Controller
+
+            ruact_action(:create_post) { |_p| nil }
+          end
+        end.to raise_error(Ruact::ConfigurationError, /declared in BOTH/)
+      end
     end
   end
 end