RubyGems - snowpack - Versions diffs - 1.0.0.alpha2 - Mend

snowpack 1.0.0.alpha2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (124) hide show

data/lib/snowpack/generators/application/templates/lib/hanami/action/csrf_protection.rb ADDED Viewed

@@ -0,0 +1,225 @@
+# Standalone copy of Hanami::Action::CsrfProtection from Hanami gem, copied from
+# https://raw.githubusercontent.com/hanami/hanami/unstable/lib/hanami/action/csrf_protection.rb
+#
+# This makes it possible for us to include CSRF protection without having to
+# require the "hanami" gem, which brings in a lot of unnecessary dependencies.
+require 'rack/utils'
+require 'securerandom'
+module Hanami
+  # @api private
+  class Action
+    # Invalid CSRF Token
+    #
+    # @since 0.4.0
+    class InvalidCSRFTokenError < ::StandardError
+    end
+    # CSRF Protection
+    #
+    # This security mechanism is enabled automatically if sessions are turned on.
+    #
+    # It stores a "challenge" token in session. For each "state changing request"
+    # (eg. <tt>POST</tt>, <tt>PATCH</tt> etc..), we should send a special param:
+    # <tt>_csrf_token</tt>.
+    #
+    # If the param matches with the challenge token, the flow can continue.
+    # Otherwise the application detects an attack attempt, it reset the session
+    # and <tt>Hanami::Action::InvalidCSRFTokenError</tt> is raised.
+    #
+    # We can specify a custom handling strategy, by overriding <tt>#handle_invalid_csrf_token</tt>.
+    #
+    # Form helper (<tt>#form_for</tt>) automatically sets a hidden field with the
+    # correct token. A special view method (<tt>#csrf_token</tt>) is available in
+    # case the form markup is manually crafted.
+    #
+    # We can disable this check on action basis, by overriding <tt>#verify_csrf_token?</tt>.
+    #
+    # @since 0.4.0
+    #
+    # @see https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29
+    # @see https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
+    #
+    # @example Custom Handling
+    #   module Web::Controllers::Books
+    #     class Create
+    #       include Web::Action
+    #
+    #       def call(params)
+    #         # ...
+    #       end
+    #
+    #       private
+    #
+    #       def handle_invalid_csrf_token
+    #         Web::Logger.warn "CSRF attack: expected #{ session[:_csrf_token] }, was #{ params[:_csrf_token] }"
+    #         # manual handling
+    #       end
+    #     end
+    #   end
+    #
+    # @example Bypass Security Check
+    #   module Web::Controllers::Books
+    #     class Create
+    #       include Web::Action
+    #
+    #       def call(params)
+    #         # ...
+    #       end
+    #
+    #       private
+    #
+    #       def verify_csrf_token?
+    #         false
+    #       end
+    #     end
+    #   end
+    module CSRFProtection
+      # Session and params key for CSRF token.
+      #
+      # This key is shared with <tt>hanami-controller</tt> and <tt>hanami-helpers</tt>
+      #
+      # @since 0.4.0
+      # @api private
+      CSRF_TOKEN = :_csrf_token
+      # Idempotent HTTP methods
+      #
+      # By default, the check isn't performed if the request method is included
+      # in this list.
+      #
+      # @since 0.4.0
+      # @api private
+      IDEMPOTENT_HTTP_METHODS = Hash[
+        'GET'     => true,
+        'HEAD'    => true,
+        'TRACE'   => true,
+        'OPTIONS' => true
+      ].freeze
+      # @since 0.4.0
+      # @api private
+      # def self.included(action)
+      #   action.class_eval do
+      #     before :set_csrf_token, :verify_csrf_token
+      #   end unless Hanami.env?(:test)
+      # end
+      # NOTE: Modified to remove Hanami.env? check (we don't have a Hanami.env)
+      def self.included(action)
+        action.class_eval do
+          before :set_csrf_token, :verify_csrf_token
+        end
+      end
+      private
+      # Set CSRF Token in session
+      #
+      # @since 0.4.0
+      # @api private
+      def set_csrf_token(req, res)
+        res.session[CSRF_TOKEN] ||= generate_csrf_token
+      end
+      # Verify if CSRF token from params, matches the one stored in session.
+      # If not, it raises an error.
+      #
+      # Don't override this method.
+      #
+      # To bypass the security check, please override <tt>#verify_csrf_token?</tt>.
+      # For custom handling of an attack, please override <tt>#handle_invalid_csrf_token</tt>.
+      #
+      # @since 0.4.0
+      # @api private
+      def verify_csrf_token(req, res)
+        handle_invalid_csrf_token(req, res) if invalid_csrf_token?(req, res)
+      end
+      # Verify if CSRF token from params, matches the one stored in session.
+      #
+      # Don't override this method.
+      #
+      # @since 0.4.0
+      # @api private
+      def invalid_csrf_token?(req, res)
+        return false unless verify_csrf_token?(req, res)
+        missing_csrf_token?(req, res) ||
+          !::Rack::Utils.secure_compare(req.session[CSRF_TOKEN], req.params[CSRF_TOKEN])
+      end
+      # Verify the CSRF token was passed in params.
+      #
+      # @api private
+      def missing_csrf_token?(req, res)
+        Hanami::Utils::Blank.blank?(req.params[CSRF_TOKEN])
+      end
+      # Generates a random CSRF Token
+      #
+      # @since 0.4.0
+      # @api private
+      def generate_csrf_token
+        SecureRandom.hex(32)
+      end
+      # Decide if perform the check or not.
+      #
+      # Override and return <tt>false</tt> if you want to bypass security check.
+      #
+      # @since 0.4.0
+      #
+      # @example
+      #   module Web::Controllers::Books
+      #     class Create
+      #       include Web::Action
+      #
+      #       def call(params)
+      #         # ...
+      #       end
+      #
+      #       private
+      #
+      #       def verify_csrf_token?
+      #         false
+      #       end
+      #     end
+      #   end
+      def verify_csrf_token?(req, res)
+        !IDEMPOTENT_HTTP_METHODS[req.request_method]
+      end
+      # Handle CSRF attack.
+      #
+      # The default policy resets the session and raises an exception.
+      #
+      # Override this method, for custom handling.
+      #
+      # @raise [Hanami::Action::InvalidCSRFTokenError]
+      #
+      # @since 0.4.0
+      #
+      # @example
+      #   module Web::Controllers::Books
+      #     class Create
+      #       include Web::Action
+      #
+      #       def call(params)
+      #         # ...
+      #       end
+      #
+      #       private
+      #
+      #       def handle_invalid_csrf_token
+      #         # custom invalid CSRF management goes here
+      #       end
+      #     end
+      #   end
+      def handle_invalid_csrf_token(req, res)
+        res.session.clear
+        raise InvalidCSRFTokenError.new
+      end
+    end
+  end
+end

data/lib/snowpack/generators/application/templates/log/.keep ADDED Viewed

File without changes

data/lib/snowpack/generators/application/templates/package.json.tt ADDED Viewed

@@ -0,0 +1,25 @@
+{
+  "name": "<%= application_path %>",
+  "description": "Asset compilation with webpack",
+  "version": "1.0.0",
+  "author": "Icelab",
+  "repository": {},
+  "dependencies": {
+    "viewloader": "^2.0.0"
+  },
+  "devDependencies": {
+    "icelab-assets": "^2.0.1"
+  },
+  "engines": {
+    "node": ">= 6",
+    "npm": ">= 4"
+  },
+  "scripts": {
+    "start": "icelab-assets start --source-path=slices",
+    "build": "icelab-assets build --source-path=slices",
+    "build-production": "icelab-assets build --source-path=slices",
+    "test": "icelab-assets test --source-path=slices",
+    "create-entry": "icelab-assets create-entry",
+    "heroku-postbuild": "icelab-assets build --source-path=slices"
+  }
+}

data/lib/snowpack/generators/application/templates/public/.keep ADDED Viewed

File without changes

data/lib/snowpack/generators/application/templates/script/bootstrap ADDED Viewed

@@ -0,0 +1,32 @@
+#!/bin/sh
+# script/bootstrap: Resolve all dependencies that the application requires to
+# run.
+set -e
+cd "$(dirname "$0")/.."
+if [ -f "Brewfile" ] && [ "$(uname -s)" = "Darwin" ]; then
+  brew bundle check >/dev/null 2>&1  || {
+    echo "==> Installing Homebrew dependencies…"
+    brew bundle
+  }
+fi
+if [ -f ".tool-versions" ] && [ "$(uname -s)" = "Darwin" ]; then
+  echo "==> Installing package versions…"
+  brew bootstrap-asdf
+fi
+if [ -f "Gemfile" ]; then
+  echo "==> Installing gem dependencies…"
+  bundle check >/dev/null 2>&1  || {
+    bundle install --quiet --without production
+  }
+fi
+if [ -f "package.json" ]; then
+  echo "==> Installing node packages…"
+  yarn
+fi

data/lib/snowpack/generators/application/templates/script/console ADDED Viewed

@@ -0,0 +1,26 @@
+#!/bin/sh
+# script/console: Launch a console for the application. Optionally allow an
+# environment to be passed in to let the script handle the specific requirements
+# for connecting to a console for that environment.
+set -e
+cd "$(dirname "$0")/.."
+if [ -n "$1" ]; then
+  # Use first argument as an environment name. Use this to decide how to connect
+  # to the appropriate console.
+  if [ "$1" = "production" ]; then
+    heroku run ./bin/run console --app heroku-app-name
+  elif [ "$1" = "staging" ]; then
+    heroku run ./bin/run console --app heroku-app-name-staging
+  else
+    echo "Sorry, I don't know how to connect to the '$1' environment."
+    exit 1
+  fi
+else
+  # No argument provided, so just run the local console in the development
+  # environment.
+  ./bin/run console
+fi

data/lib/snowpack/generators/application/templates/script/server ADDED Viewed

@@ -0,0 +1,13 @@
+#!/bin/sh
+# script/server: Launch the application and any extra required processes
+# locally.
+set -e
+cd "$(dirname "$0")/.."
+test -z "$RACK_ENV" && RACK_ENV='development'
+# Boot the app and any other necessary processes
+overmind start -f Procfile.dev

data/lib/snowpack/generators/application/templates/script/setup ADDED Viewed

@@ -0,0 +1,27 @@
+#!/bin/sh
+# script/setup: Set up application for the first time after cloning, or set it
+# back to the initial first unused state.
+set -e
+cd "$(dirname "$0")/.."
+script/bootstrap
+echo "==> Copying config files"
+if [ -f ".env-example" ] && [ ! -f ".env" ]; then
+  cp .env-example .env
+fi
+if [ -f ".env.test-example" ] && [ ! -f ".env.test" ]; then
+  cp .env.test-example .env.test
+fi
+echo "==> Setting up database…"
+bin/run db create
+bin/run db create -e test
+bin/run db reset
+bin/run db reset -e test
+bin/run db seed
+echo "==> App is now ready to go!"

data/lib/snowpack/generators/application/templates/script/support ADDED Viewed

@@ -0,0 +1,9 @@
+#!/bin/sh
+# script/support: Launch supporting services for the application.
+set -e
+cd "$(dirname "$0")/.."
+overmind start -f Procfile.support -s .overmind.support.sock

data/lib/snowpack/generators/application/templates/script/test ADDED Viewed

@@ -0,0 +1,19 @@
+#!/bin/sh
+# script/test: Run test suite for application. Optionally pass in a path to an
+# individual test file to run a single test.
+set -e
+cd "$(dirname "$0")/.."
+[ -z "$DEBUG" ] || set -x
+echo "==> Running tests…"
+if [ -n "$1" ]; then
+  # Pass arguments to test call. This is useful for calling a single test.
+  bundle exec rspec "$1"
+else
+  bundle exec rake spec
+fi

data/lib/snowpack/generators/application/templates/script/update ADDED Viewed

@@ -0,0 +1,13 @@
+#!/bin/sh
+# script/update: Update application to run for its current checkout.
+set -e
+cd "$(dirname "$0")/.."
+script/bootstrap
+echo "==> Updating db…"
+# run all database migrations to ensure everything is up to date.
+bin/rake db:migrate

data/lib/snowpack/generators/application/templates/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+ENV["RACK_ENV"] = "test"
+require_relative "../config/application"
+require_relative "support/suite"
+SPEC_ROOT = Pathname(__dir__).freeze
+FIXTURES_PATH = SPEC_ROOT.join("fixtures").freeze
+suite = Test::Suite.instance
+suite.start_coverage

data/lib/snowpack/generators/application/templates/spec/suite/.keep ADDED Viewed

File without changes

data/lib/snowpack/generators/application/templates/spec/support/suite.rb ADDED Viewed

@@ -0,0 +1,9 @@
+require "snowpack/test/suite"
+module Test
+  class Suite < Snowpack::Test::Suite
+    configure do |config|
+      # extra configuration here
+    end
+  end
+end

data/lib/snowpack/generators/application/templates/system/__application_path__/import.rb.tt ADDED Viewed

@@ -0,0 +1,5 @@
+require_relative "../../config/application"
+module <%= application_module %>
+  Import = Application.injector
+end

data/lib/snowpack/generators/application/templates/system/boot/assets.rb.tt ADDED Viewed

@@ -0,0 +1,17 @@
+<%= application_module %>::Application.boot :assets do |container|
+  init do
+    require "snowpack/web/assets"
+  end
+  start do
+    use :settings
+    assets = Snowpack::Web::Assets.new(
+      root: container.root,
+      precompiled: container.config.env == :production || container[:settings].assets_precompiled,
+      server_url: container[:settings].assets_server_url,
+    )
+    register :assets, assets
+  end
+end

data/lib/snowpack/generators/application/templates/system/boot/logger.rb.tt ADDED Viewed

@@ -0,0 +1,10 @@
+<%= application_module %>::Application.boot :logger do |container|
+  start do
+    use :settings
+    if container[:settings].log_to_stdout
+      $stdout.sync = true
+      logger.reopen($stdout)
+    end
+  end
+end

data/lib/snowpack/generators/application/templates/system/boot/monitor.rb.tt ADDED Viewed

@@ -0,0 +1,9 @@
+<%= application_module %>::Application.boot :monitor do
+  init do
+    require "dry/monitor/sql/logger"
+  end
+  start do
+    Dry::Monitor::SQL::Logger.new(logger).subscribe(notifications)
+  end
+end

data/lib/snowpack/generators/application/templates/system/boot/persistence.rb.tt ADDED Viewed

@@ -0,0 +1,9 @@
+<%= application_module %>::Application.boot :persistence, namespace: true, from: :snowpack do
+  configure do |config|
+    config.database_url = container[:settings].database_url
+    config.global_extensions = [:postgres]
+    config.connection_extensions = %i[error_sql pg_array pg_json pg_enum]
+    config.auto_registration_root = container.root.join("lib/<%= application_path %>/persistence").to_s
+    config.auto_registration_namespace = "<%= application_module %>::Persistence"
+  end
+end

data/lib/snowpack/generators/application/templates/system/boot/settings.rb.tt ADDED Viewed

@@ -0,0 +1,18 @@
+<%= application_module %>::Application.boot :settings, from: :system do
+  before :init do
+    require "<%= application_path %>/types"
+  end
+  settings do
+    # Web app
+    key :session_secret, <%= application_module %>::Types::Strict::String.constrained(filled: true)
+    key :log_to_stdout, <%= application_module %>::Types::Params::Bool
+    # Assets
+    key :assets_precompiled, <%= application_module %>::Types::Params::Bool
+    key :assets_server_url, <%= application_module %>::Types::Strict::String.constrained(filled: true).optional.default(nil)
+    # Persistence
+    key :database_url, <%= application_module %>::Types::Strict::String.constrained(filled: true)
+  end
+end

data/lib/snowpack/generators/application/templates/system/boot/web.rb.tt ADDED Viewed

@@ -0,0 +1,9 @@
+<%= application_module %>::Application.boot :web, namespace: true do |container|
+  init do
+    require "hanami/controller"
+  end
+  start do
+    register "action.configuration", Hanami::Controller::Configuration.new
+  end
+end

data/lib/snowpack/generators/slice/generator.rb ADDED Viewed

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+require "dry/inflector"
+require "securerandom"
+require "shellwords"
+require_relative "../../generator"
+module Snowpack
+  module Generators
+    module Slice
+      class Generator < Snowpack::Generator
+        # FIXME: need to make templates_dir handling nicer, also support multiple dirs
+        def initialize(templates_dir: nil)
+          templates_dir ||= File.join(__dir__, "templates")
+          super(templates_dir: templates_dir)
+        end
+        def call(application:, slice_name:, web:)
+          slice_name = inflector.underscore(slice_name)
+          output_dir = application.config.root.join("slices", slice_name) # TODO: don't hardcode "slices"
+          super(
+            output_dir,
+            env(application: application, slice_name: slice_name, web: web),
+          )
+        end
+        private
+        def templates(web:, **)
+          super.then { |tpls|
+            if !web
+              tpls.reject { |tpl|
+                File.fnmatch?("*/web/**", tpl)
+              }
+            else
+              tpls
+            end
+          }
+        end
+        def env(application:, slice_name:, **others)
+          application_path = inflector.underscore(application.module.to_s)
+          {
+            application_path: application_path,
+            application_module: application.module.to_s,
+            slice_name: slice_name,
+            slice_path: "#{application_path}/#{slice_name}",
+            slice_module: inflector.camelize(slice_name),
+          }.merge(**others)
+        end
+        # TODO: use application's own inflector
+        def inflector
+          @inflector ||= Dry::Inflector.new
+        end
+      end
+    end
+  end
+end

data/lib/snowpack/generators/slice/templates/lib/__slice_path__/.keep ADDED Viewed

File without changes

data/lib/snowpack/generators/slice/templates/lib/__slice_path__/web/action.rb.tt ADDED Viewed

@@ -0,0 +1,10 @@
+require "<%= application_path %>/web/action"
+module <%= application_module %>
+  module <%= slice_module %>
+    module Web
+      class Action < <%= application_module %>::Web::Action
+      end
+    end
+  end
+end

data/lib/snowpack/generators/slice/templates/lib/__slice_path__/web/actions/.keep ADDED Viewed

File without changes

data/lib/snowpack/generators/slice/templates/lib/__slice_path__/web/view.rb.tt ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+# auto_register: false
+require "slim"
+require "dry/view"
+require "<%= slice_path %>/slice"
+module <%= application_module %>
+  module <%= slice_module %>
+    module Web
+      class View < Dry::View
+        config.paths = [Slice.root.join("web/templates")]
+        config.layout = "application"
+      end
+    end
+  end
+end

data/lib/snowpack/generators/slice/templates/lib/__slice_path__/web/views/.keep ADDED Viewed

File without changes

data/lib/snowpack/generators/slice/templates/system/__slice_path__/import.rb.tt ADDED Viewed

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+require_relative "slice"
+module <%= application_module %>
+  module <%= slice_module %>
+    Import = Slice.injector
+  end
+end

data/lib/snowpack/generators/slice/templates/system/__slice_path__/slice.rb.tt ADDED Viewed

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+require "snowpack/slice"
+module <%= application_module %>
+  module <%= slice_module %>
+    class Slice < Snowpack::Slice
+    end
+  end
+end

data/lib/snowpack/instrumentation/appsignal/appsignal_ext.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+require "appsignal"
+Appsignal::Transaction.class_eval do
+  def set_error_with_snowpack(*args)
+    restore!
+    set_error_without_snowpack(*args)
+  end
+  alias_method :set_error_without_snowpack, :set_error
+  alias_method :set_error, :set_error_with_snowpack
+end