rooty/fab-manager
1
0
Fork 0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2024-11-28 09:24:24 +01:00
Code Issues Releases Activity

(security) upgrade to rails 7

Browse Source
This commit is contained in:
Sylvain 2023-03-28 12:44:00 +02:00
parent 3cff0d4c28
commit ffd7de0bcb
19 changed files with 286 additions and 260 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -1,7 +1,7 @@
# Changelog Fab-manager
- Updated ruby to 3.2
- Updated rails to 6.1
- Updated rails to 7.0
- Updated puma to 6.1
- Updated responders to 3.0
- Updated devise to 4.9
@ -14,6 +14,10 @@
- Updated nodejs to 18.15
- Updated oj to 3.14
- Updated multi_json to 1.15
- Updated spring to 4.0
- Updated spring-watcher-listen to 2.1
- Fill the holes in the logical sequence of invoices references with nil invoices
- Updated the invoices chaining method with a more flexible model
- Fix a bug: broken display after a plan category was deleted
- [TODO DEPLOY] `rails fablab:restore_order_number` THEN `rails fablab:fix_references`

6
Gemfile
View File

@ -3,7 +3,7 @@
source 'https://rubygems.org'
# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
gem 'rails', '~> 6.1'
gem 'rails', '~> 7.0'
# Used by rails 5.2 to reduce the app boot time by over 50%
gem 'bootsnap'
# Use Puma as web server
@ -49,8 +49,8 @@ group :development do
gem 'railroady'
gem 'rubocop', '~> 1.31', require: false
gem 'rubocop-rails', require: false
gem 'spring'
gem 'spring-watcher-listen', '~> 2.0.0'
gem 'spring', '~> 4'
gem 'spring-watcher-listen', '~> 2.1.0'
end
group :test do

138
Gemfile.lock
View File

@ -4,66 +4,72 @@ GEM
Ascii85 (1.1.0)
aasm (5.0.8)
concurrent-ruby (~> 1.0)
actioncable (6.1.7.2)
actionpack (= 6.1.7.2)
activesupport (= 6.1.7.2)
actioncable (7.0.4.3)
actionpack (= 7.0.4.3)
activesupport (= 7.0.4.3)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailbox (6.1.7.2)
actionpack (= 6.1.7.2)
activejob (= 6.1.7.2)
activerecord (= 6.1.7.2)
activestorage (= 6.1.7.2)
activesupport (= 6.1.7.2)
actionmailbox (7.0.4.3)
actionpack (= 7.0.4.3)
activejob (= 7.0.4.3)
activerecord (= 7.0.4.3)
activestorage (= 7.0.4.3)
activesupport (= 7.0.4.3)
mail (>= 2.7.1)
actionmailer (6.1.7.2)
actionpack (= 6.1.7.2)
actionview (= 6.1.7.2)
activejob (= 6.1.7.2)
activesupport (= 6.1.7.2)
net-imap
net-pop
net-smtp
actionmailer (7.0.4.3)
actionpack (= 7.0.4.3)
actionview (= 7.0.4.3)
activejob (= 7.0.4.3)
activesupport (= 7.0.4.3)
mail (~> 2.5, >= 2.5.4)
net-imap
net-pop
net-smtp
rails-dom-testing (~> 2.0)
actionpack (6.1.7.2)
actionview (= 6.1.7.2)
activesupport (= 6.1.7.2)
rack (~> 2.0, >= 2.0.9)
actionpack (7.0.4.3)
actionview (= 7.0.4.3)
activesupport (= 7.0.4.3)
rack (~> 2.0, >= 2.2.0)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
actiontext (6.1.7.2)
actionpack (= 6.1.7.2)
activerecord (= 6.1.7.2)
activestorage (= 6.1.7.2)
activesupport (= 6.1.7.2)
actiontext (7.0.4.3)
actionpack (= 7.0.4.3)
activerecord (= 7.0.4.3)
activestorage (= 7.0.4.3)
activesupport (= 7.0.4.3)
globalid (>= 0.6.0)
nokogiri (>= 1.8.5)
actionview (6.1.7.2)
activesupport (= 6.1.7.2)
actionview (7.0.4.3)
activesupport (= 7.0.4.3)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
active_record_query_trace (1.8)
activejob (6.1.7.2)
activesupport (= 6.1.7.2)
activejob (7.0.4.3)
activesupport (= 7.0.4.3)
globalid (>= 0.3.6)
activemodel (6.1.7.2)
activesupport (= 6.1.7.2)
activerecord (6.1.7.2)
activemodel (= 6.1.7.2)
activesupport (= 6.1.7.2)
activestorage (6.1.7.2)
actionpack (= 6.1.7.2)
activejob (= 6.1.7.2)
activerecord (= 6.1.7.2)
activesupport (= 6.1.7.2)
activemodel (7.0.4.3)
activesupport (= 7.0.4.3)
activerecord (7.0.4.3)
activemodel (= 7.0.4.3)
activesupport (= 7.0.4.3)
activestorage (7.0.4.3)
actionpack (= 7.0.4.3)
activejob (= 7.0.4.3)
activerecord (= 7.0.4.3)
activesupport (= 7.0.4.3)
marcel (~> 1.0)
mini_mime (>= 1.1.0)
activesupport (6.1.7.2)
activesupport (7.0.4.3)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
tzinfo (~> 2.0)
zeitwerk (~> 2.3)
acts_as_list (1.0.4)
activerecord (>= 4.2)
addressable (2.8.0)
@ -339,32 +345,32 @@ GEM
rack-test (2.1.0)
rack (>= 1.3)
railroady (1.5.3)
rails (6.1.7.2)
actioncable (= 6.1.7.2)
actionmailbox (= 6.1.7.2)
actionmailer (= 6.1.7.2)
actionpack (= 6.1.7.2)
actiontext (= 6.1.7.2)
actionview (= 6.1.7.2)
activejob (= 6.1.7.2)
activemodel (= 6.1.7.2)
activerecord (= 6.1.7.2)
activestorage (= 6.1.7.2)
activesupport (= 6.1.7.2)
rails (7.0.4.3)
actioncable (= 7.0.4.3)
actionmailbox (= 7.0.4.3)
actionmailer (= 7.0.4.3)
actionpack (= 7.0.4.3)
actiontext (= 7.0.4.3)
actionview (= 7.0.4.3)
activejob (= 7.0.4.3)
activemodel (= 7.0.4.3)
activerecord (= 7.0.4.3)
activestorage (= 7.0.4.3)
activesupport (= 7.0.4.3)
bundler (>= 1.15.0)
railties (= 6.1.7.2)
sprockets-rails (>= 2.0.0)
railties (= 7.0.4.3)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.5.0)
loofah (~> 2.19, >= 2.19.1)
railties (6.1.7.2)
actionpack (= 6.1.7.2)
activesupport (= 6.1.7.2)
railties (7.0.4.3)
actionpack (= 7.0.4.3)
activesupport (= 7.0.4.3)
method_source
rake (>= 12.2)
thor (~> 1.0)
zeitwerk (~> 2.5)
rainbow (3.0.0)
rake (13.0.6)
rb-fsevent (0.10.3)
@ -447,18 +453,10 @@ GEM
docile (~> 1.1)
simplecov-html (~> 0.11)
simplecov-html (0.12.3)
spring (2.0.2)
activesupport (>= 4.2)
spring-watcher-listen (2.0.1)
spring (4.1.1)
spring-watcher-listen (2.1.0)
listen (>= 2.7, < 4.0)
spring (>= 1.2, < 3.0)
sprockets (4.2.0)
concurrent-ruby (~> 1.0)
rack (>= 2.2.4, < 4)
sprockets-rails (3.4.2)
actionpack (>= 5.2)
activesupport (>= 5.2)
sprockets (>= 3.0.0)
spring (>= 4)
ssrf_filter (1.0.7)
stripe (5.29.0)
swd (1.3.0)
@ -576,7 +574,7 @@ DEPENDENCIES
puma (= 6.1.0)
pundit
railroady
rails (~> 6.1)
rails (~> 7.0)
rb-readline
recurrence
redis-session-store
@ -596,8 +594,8 @@ DEPENDENCIES
sidekiq (>= 6.0.7)
sidekiq-scheduler
sidekiq-unique-jobs (~> 7.1.23)
spring
spring-watcher-listen (~> 2.0.0)
spring (~> 4)
spring-watcher-listen (~> 2.1.0)
stripe (= 5.29.0)
sys-filesystem
tzinfo-data

2
app/models/invoice.rb
View File

@ -14,7 +14,7 @@ class Invoice < PaymentDocument
belongs_to :coupon
has_one :chained_element, as: :element, dependent: :restrict_with_exception
has_one :avoir, class_name: 'Invoice', dependent: :destroy, inverse_of: :avoir
has_one :avoir, class_name: 'Avoir', dependent: :destroy, inverse_of: :invoice
has_one :payment_schedule_item, dependent: :restrict_with_error
has_one :payment_gateway_object, as: :item, dependent: :destroy
has_one :order, dependent: :restrict_with_error

15
bin/setup
View File

@ -1,6 +1,5 @@
#!/usr/bin/env ruby
require 'fileutils'
include FileUtils
# path to your application root.
APP_ROOT = File.expand_path('..', __dir__)
@ -9,24 +8,22 @@ def system!(*args)
system(*args) || abort("\n== Command #{args} failed ==")
end
chdir APP_ROOT do
# This script is a starting point to setup your application.
FileUtils.chdir APP_ROOT do
# This script is a way to set up or update your development environment automatically.
# This script is idempotent, so that you can run it at any time and get an expectable outcome.
# Add necessary setup steps to this file.
puts '== Installing dependencies =='
system! 'gem install bundler --conservative'
system('bundle check') || system!('bundle install')
# Install JavaScript dependencies if using Yarn
# system('bin/yarn')
# puts "\n== Copying sample files =="
# unless File.exist?('config/database.yml')
# cp 'config/database.yml.sample', 'config/database.yml'
# unless File.exist?("config/database.yml")
# FileUtils.cp "config/database.yml.sample", "config/database.yml"
# end
puts "\n== Preparing database =="
system! 'bin/rails db:setup'
system! 'bin/rails db:prepare'
puts "\n== Removing old logs and tempfiles =="
system! 'bin/rails log:clear tmp:clear'

5
config/application.rb
View File

@ -28,7 +28,10 @@ class FabManager::Application < Rails::Application
require 'fab_manager'
# Initialize configuration defaults for originally generated Rails version.
config.load_defaults 6.0
config.load_defaults 7.0
config.active_support.cache_format_version = 6.1
config.action_dispatch.cookies_serializer = :hybrid
config.active_record.verify_foreign_keys_for_fixtures = false
# prevent this new behavior with rails >= 5.0
# see https://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html#active-record-belongs-to-required-by-default-option
config.active_record.belongs_to_required_by_default = false

69
config/environments/development.rb
View File

@ -1,24 +1,12 @@
# frozen_string_literal: true
require 'active_support/core_ext/integer/time'
Rails.application.configure do
# https://github.com/flyerhzm/bullet
# In development, Bullet will find and report N+1 DB requests
config.after_initialize do
Bullet.enable = true
Bullet.alert = true
Bullet.bullet_logger = true
Bullet.console = true
Bullet.rails_logger = true
Bullet.add_footer = true
end
# whitelist IP for web-console: local network, docker and vagrant
config.web_console.permissions = %w[192.168.0.0/16 192.168.99.0/16 10.0.2.2]
# Settings specified here will take precedence over those in config/application.rb.
# In the development environment your application's code is reloaded on
# every request. This slows down response time but is perfect for development
# In the development environment your application's code is reloaded any time
# it changes. This slows down response time but is perfect for development
# since you don't have to restart the web server when you make code changes.
config.cache_classes = false
@ -28,23 +16,26 @@ Rails.application.configure do
# Show full error reports.
config.consider_all_requests_local = true
# Enable server timing
config.server_timing = true
# Enable/disable caching. By default caching is disabled.
# Run rails dev:cache to toggle caching.
if Rails.root.join('tmp/caching-dev.txt').exist?
config.action_controller.cache_store = :memory_store
config.action_controller.perform_caching = true
config.action_controller.enable_fragment_cache_logging = true
config.cache_store = :memory_store
config.public_file_server.headers = {
'Cache-Control' => "public, max-age=#{2.days.to_i}"
}
else
config.action_controller.perform_caching = false
config.cache_store = :null_store
end
config.action_controller.default_url_options = {
host: Rails.application.secrets.default_host,
protocol: Rails.application.secrets.default_protocol
}
# Store uploaded files on the local file system (see config/storage.yml for options)
# Store uploaded files on the local file system (see config/storage.yml for options).
config.active_storage.service = :local
# Don't care if the mailer can't send.
@ -66,14 +57,23 @@ Rails.application.configure do
# Print deprecation notices to the Rails logger.
config.active_support.deprecation = :log
# Raise exceptions for disallowed deprecations.
config.active_support.disallowed_deprecation = :raise
# Tell Active Support which deprecation messages to disallow.
config.active_support.disallowed_deprecation_warnings = []
# Raise an error on page load if there are pending migrations.
config.active_record.migration_error = :page_load
# Highlight code that triggered database queries in logs.
config.active_record.verbose_query_logs = true
# Raises error for missing translations
# config.action_view.raise_on_missing_translations = true
# Raises error for missing translations.
# config.i18n.raise_on_missing_translations = true
# Annotate rendered view with file names.
# config.action_view.annotate_rendered_view_with_filenames = true
# Use an evented file watcher to asynchronously detect changes in source code,
# routes, locales, etc. This feature depends on the listen gem.
@ -81,5 +81,24 @@ Rails.application.configure do
config.log_level = Rails.application.secrets.log_level || :debug
config.action_controller.default_url_options = {
host: Rails.application.secrets.default_host,
protocol: Rails.application.secrets.default_protocol
}
# whitelist IP for web-console: local network, docker and vagrant
config.web_console.permissions = %w[192.168.0.0/16 192.168.99.0/16 10.0.2.2]
config.hosts << ENV.fetch('DEFAULT_HOST', 'localhost')
# https://github.com/flyerhzm/bullet
# In development, Bullet will find and report N+1 DB requests
config.after_initialize do
Bullet.enable = true
Bullet.alert = true
Bullet.bullet_logger = true
Bullet.console = true
Bullet.rails_logger = true
Bullet.add_footer = true
end
end

44
config/environments/production.rb
View File

@ -1,5 +1,7 @@
# frozen_string_literal: true
require 'active_support/core_ext/integer/time'
Rails.application.configure do
# Settings specified here will take precedence over those in config/application.rb.
@ -20,14 +22,13 @@ Rails.application.configure do
# or in config/master.key. This key is used to decrypt credentials (and other encrypted files).
# config.require_master_key = true
config.action_controller.default_url_options = {
host: Rails.application.secrets.default_host,
protocol: Rails.application.secrets.default_protocol
}
# Active serving static files from the `/public` folder by default
# Disable serving static files from the `/public` folder by default since
# Apache or NGINX already handles this.
config.public_file_server.enabled = true
# Enable serving of images, stylesheets, and JavaScripts from an asset server.
# config.asset_host = "http://assets.example.com"
# Specifies the header that your server uses for sending files.
# config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
@ -35,28 +36,22 @@ Rails.application.configure do
# Store uploaded files on the local file system (see config/storage.yml for options)
config.active_storage.service = :local
# Mount Action Cable outside main process or domain
# config.action_cable.mount_path = nil
# config.action_cable.url = 'wss://example.com/cable'
# config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# config.force_ssl = true
# Use the lowest log level to ensure availability of diagnostic information
# when problems arise.
# config.log_level = :debug
config.log_level = ENV.fetch('LOG_LEVEL') { :debug }.to_sym
# Include generic and useful information about system operation, but avoid logging too much
# information to avoid inadvertent exposure of personally identifiable information (PII).
config.log_level = ENV.fetch('LOG_LEVEL', :info).to_sym
# Prepend all log lines with the following tags.
# config.log_tags = [ :request_id ]
config.log_tags = [:request_id]
# Use a different cache store in production.
# config.cache_store = :mem_cache_store
# Use a real queuing backend for Active Job (and separate queues per environment)
# Use a real queuing backend for Active Job (and separate queues per environment).
# config.active_job.queue_adapter = :resque
# config.active_job.queue_name_prefix = "fablab_#{Rails.env}"
# config.active_job.queue_name_prefix = "fab_manager_#{Rails.env}"
config.action_mailer.perform_caching = false
@ -67,6 +62,7 @@ Rails.application.configure do
# config.action_mailer.perform_deliveries = true
# config.action_mailer.raise_delivery_errors = false
# config.action_mailer.default :charset => "utf-8"
config.action_mailer.smtp_settings = {
address: Rails.application.secrets.smtp_address,
port: Rails.application.secrets.smtp_port,
@ -79,6 +75,7 @@ Rails.application.configure do
ca_file: Rails.application.secrets.smtp_ca_file,
ca_path: Rails.application.secrets.smtp_ca_path
}
# use :smtp for switch prod
config.action_mailer.delivery_method = Rails.application.secrets.delivery_method.to_sym
@ -86,8 +83,8 @@ Rails.application.configure do
# Set this to true and configure the email server for immediate delivery to raise delivery errors.
# config.action_mailer.raise_delivery_errors = false
# Send deprecation notices to registered listeners.
config.active_support.deprecation = :notify
# Don't log any deprecations.
config.active_support.report_deprecations = false
# Use default logging formatter so that PID and timestamp are not suppressed.
config.log_formatter = ::Logger::Formatter.new
@ -97,11 +94,16 @@ Rails.application.configure do
# config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name')
if ENV['RAILS_LOG_TO_STDOUT'].present?
logger = ActiveSupport::Logger.new(STDOUT)
logger = ActiveSupport::Logger.new($stdout)
logger.formatter = config.log_formatter
config.logger = ActiveSupport::TaggedLogging.new(logger)
end
# Do not dump schema after migrations.
config.active_record.dump_schema_after_migration = false
config.action_controller.default_url_options = {
host: Rails.application.secrets.default_host,
protocol: Rails.application.secrets.default_protocol
}
end

94
config/environments/staging.rb
View File

@ -1,95 +1,3 @@
# frozen_string_literal: true
Rails.application.configure do
# Settings specified here will take precedence over those in config/application.rb.
# Code is not reloaded between requests.
config.cache_classes = true
# Eager load code on boot. This eager loads most of Rails and
# your application in memory, allowing both threaded web servers
# and those relying on copy on write to perform better.
# Rake tasks automatically ignore this option for performance.
config.eager_load = true
# Full error reports are disabled and caching is turned on.
config.consider_all_requests_local = false
config.action_controller.perform_caching = true
config.action_controller.default_url_options = {
host: Rails.application.secrets.default_host,
protocol: Rails.application.secrets.default_protocol
}
# Enable Rack::Cache to put a simple HTTP cache in front of your application
# Add `rack-cache` to your Gemfile before enabling this.
# For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid.
# config.action_dispatch.rack_cache = true
# Specifies the header that your server uses for sending files.
# config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# config.force_ssl = true
# Set to :debug to see everything in the log.
config.log_level = Rails.application.secrets.log_level.blank? ? :debug : Rails.application.secrets.log_level
# Prepend all log lines with the following tags.
# config.log_tags = [ :subdomain, :uuid ]
# Use a different logger for distributed setups.
# config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
# Use a different cache store in production.
# config.cache_store = :mem_cache_store
# Enable serving of images, stylesheets, and JavaScripts from an asset server.
# config.action_controller.asset_host = "http://assets.example.com"
# Precompile additional assets.
# application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
# config.assets.precompile += %w( search.js )
# Ignore bad email addresses and do not raise email delivery errors.
# Set this to true and configure the email server for immediate delivery to raise delivery errors.
# config.action_mailer.raise_delivery_errors = false
# Send deprecation notices to registered listeners.
config.active_support.deprecation = :notify
# Disable automatic flushing of the log to improve performance.
# config.autoflush_log = false
# Use default logging formatter so that PID and timestamp are not suppressed.
config.log_formatter = ::Logger::Formatter.new
# Active serving static files from the `/public` folder by default
config.public_file_server.enabled = true
config.action_mailer.default_url_options = {
host: Rails.application.secrets.default_host,
protocol: Rails.application.secrets.default_protocol
}
# config.action_mailer.perform_deliveries = true
# config.action_mailer.raise_delivery_errors = false
# config.action_mailer.default :charset => "utf-8"
config.action_mailer.smtp_settings = {
address: Rails.application.secrets.smtp_address,
port: Rails.application.secrets.smtp_port,
user_name: Rails.application.secrets.smtp_user_name,
password: Rails.application.secrets.smtp_password,
authentication: Rails.application.secrets.smtp_authentication,
enable_starttls_auto: Rails.application.secrets.smtp_enable_starttls_auto,
openssl_verify_mode: Rails.application.secrets.smtp_openssl_verify_mode,
tls: Rails.application.secrets.smtp_tls
}
# use :smtp for switch prod
config.action_mailer.delivery_method = Rails.application.secrets.delivery_method.to_sym
end
require_relative './production'

45
config/environments/test.rb
View File

@ -1,18 +1,22 @@
# frozen_string_literal: true
require 'active_support/core_ext/integer/time'
# The test environment is used exclusively to run your application's
# test suite. You never need to work with it otherwise. Remember that
# your test database is "scratch space" for the test suite and is wiped
# and recreated between test runs. Don't rely on the data there!
Rails.application.configure do
# Settings specified here will take precedence over those in config/application.rb.
# The test environment is used exclusively to run your application's
# test suite. You never need to work with it otherwise. Remember that
# your test database is "scratch space" for the test suite and is wiped
# and recreated between test runs. Don't rely on the data there!
config.cache_classes = true
# Turn false under Spring and add config.action_view.cache_template_loading = true.
config.cache_classes = false
# Do not eager load code on boot. This avoids loading your whole application
# just for the purpose of running a single test. If you are using a tool that
# preloads Rails for running tests, you may have to set it to true.
config.eager_load = false
# Eager loading loads your whole application. When running a single test locally,
# this probably isn't necessary. It's a good idea to do in a continuous integration
# system, or in some way before deploying your code.
config.eager_load = ENV['CI'].present?
# Configure public file server for tests with Cache-Control for performance.
config.public_file_server.enabled = true
@ -23,11 +27,7 @@ Rails.application.configure do
# Show full error reports and disable caching.
config.consider_all_requests_local = true
config.action_controller.perform_caching = false
config.action_controller.default_url_options = {
host: Rails.application.secrets.default_host,
protocol: Rails.application.secrets.default_protocol
}
config.cache_store = :null_store
# Raise exceptions instead of rendering exception templates.
config.action_dispatch.show_exceptions = false
@ -35,7 +35,7 @@ Rails.application.configure do
# Disable request forgery protection in test environment.
config.action_controller.allow_forgery_protection = false
# Store uploaded files on the local file system in a temporary directory
# Store uploaded files on the local file system in a temporary directory.
config.active_storage.service = :test
config.action_mailer.perform_caching = false
@ -48,11 +48,18 @@ Rails.application.configure do
# Print deprecation notices to the stderr.
config.active_support.deprecation = :stderr
# Raises error for missing translations
# config.action_view.raise_on_missing_translations = true
# Raise exceptions for disallowed deprecations.
config.active_support.disallowed_deprecation = :raise
# Tell Active Support which deprecation messages to disallow.
config.active_support.disallowed_deprecation_warnings = []
config.active_job.queue_adapter = :test
config.active_support.test_order = :random
config.log_level = Rails.application.secrets.log_level.blank? ? :debug : Rails.application.secrets.log_level
end
config.log_level = ENV.fetch('LOG_LEVEL', :debug).to_sym
config.action_controller.default_url_options = {
host: Rails.application.secrets.default_host,
protocol: Rails.application.secrets.default_protocol
}
end

27
config/initializers/content_security_policy.rb
View File

@ -2,18 +2,19 @@
# Be sure to restart your server when you modify this file.
# Define an application-wide content security policy
# For further information see the following documentation
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
# Define an application-wide content security policy.
# See the Securing Rails Applications Guide for more information:
# https://guides.rubyonrails.org/security.html#content-security-policy-header
Rails.application.config.content_security_policy do |policy| # # If you are using webpack-dev-server then specify webpack-dev-server host
policy.connect_src :self, :https, :wss, 'http://localhost:3035', 'ws://localhost:3035' if Rails.env.development?
Rails.application.configure do
config.content_security_policy do |policy|
# If you are using webpack-dev-server then specify webpack-dev-server host
policy.connect_src :self, :https, :wss, 'http://localhost:3035', 'ws://localhost:3035' if Rails.env.development?
end
# # Generate session nonces for permitted importmap and inline scripts
# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
# config.content_security_policy_nonce_directives = %w(script-src)
#
# # Report violations without enforcing the policy.
# # config.content_security_policy_report_only = true
end
# If you are using UJS then enable automatic nonce generation
# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }
# Report CSP violations to a specified URI
# For further information see the following documentation:
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
# Rails.application.config.content_security_policy_report_only = true

10
config/initializers/filter_parameter_logging.rb
View File

@ -1,4 +1,10 @@
# frozen_string_literal: true
# Be sure to restart your server when you modify this file.
# Configure sensitive parameters which will be filtered from the log file.
Rails.application.config.filter_parameters += [:password]
# Configure parameters to be filtered from the log file. Use this to limit dissemination of
# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported
# notations and behaviors.
Rails.application.config.filter_parameters += %i[
password passw secret token _key crypt salt certificate otp ssn
]

13
config/initializers/permissions_policy.rb Normal file
View File

@ -0,0 +1,13 @@
# frozen_string_literal: true
# Define an application-wide HTTP permissions policy. For further
# information see https://developers.google.com/web/updates/2018/06/feature-policy
#
# Rails.application.config.permissions_policy do |f|
# f.camera :none
# f.gyroscope :none
# f.microphone :none
# f.usb :none
# f.fullscreen :self
# f.payment :self, "https://secure.example.com"
# end

24
db/migrate/20230328094807_add_service_name_to_active_storage_blobs.active_storage.rb Normal file
View File

@ -0,0 +1,24 @@
# frozen_string_literal: true
# This migration comes from active_storage (originally 20190112182829)
class AddServiceNameToActiveStorageBlobs < ActiveRecord::Migration[6.0]
def up
return unless table_exists?(:active_storage_blobs)
unless column_exists?(:active_storage_blobs, :service_name)
add_column :active_storage_blobs, :service_name, :string
if configured_service = ActiveStorage::Blob.service.name
ActiveStorage::Blob.unscoped.update_all(service_name: configured_service)
end
change_column :active_storage_blobs, :service_name, :string, null: false
end
end
def down
return unless table_exists?(:active_storage_blobs)
remove_column :active_storage_blobs, :service_name
end
end

30
db/migrate/20230328094808_create_active_storage_variant_records.active_storage.rb Normal file
View File

@ -0,0 +1,30 @@
# frozen_string_literal: true
# This migration comes from active_storage (originally 20191206030411)
class CreateActiveStorageVariantRecords < ActiveRecord::Migration[6.0]
def change
return unless table_exists?(:active_storage_blobs)
# Use Active Record's configured type for primary key
create_table :active_storage_variant_records, id: primary_key_type, if_not_exists: true do |t|
t.belongs_to :blob, null: false, index: false, type: blobs_primary_key_type
t.string :variation_digest, null: false
t.index %i[blob_id variation_digest], name: 'index_active_storage_variant_records_uniqueness', unique: true
t.foreign_key :active_storage_blobs, column: :blob_id
end
end
private
def primary_key_type
config = Rails.configuration.generators
config.options[config.orm][:primary_key_type] || :primary_key
end
def blobs_primary_key_type
pkey_name = connection.primary_key(:active_storage_blobs)
pkey_column = connection.columns(:active_storage_blobs).find { |c| c.name == pkey_name }
pkey_column.bigint? ? :bigint : pkey_column.type
end
end

10
db/migrate/20230328094809_remove_not_null_on_active_storage_blobs_checksum.active_storage.rb Normal file
View File

@ -0,0 +1,10 @@
# frozen_string_literal: true
# This migration comes from active_storage (originally 20211119233751)
class RemoveNotNullOnActiveStorageBlobsChecksum < ActiveRecord::Migration[6.0]
def change
return unless table_exists?(:active_storage_blobs)
change_column_null(:active_storage_blobs, :checksum, true)
end
end

2
db/schema.rb
View File

@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 2023_03_15_095054) do
ActiveRecord::Schema[6.1].define(version: 2023_03_15_095054) do
# These are extensions that must be enabled in order to support this database
enable_extension "fuzzystrmatch"

5
db/structure.sql
View File

@ -8690,6 +8690,9 @@ INSERT INTO "schema_migrations" (version) VALUES
('20230323104259'),
('20230323104727'),
('20230324090312'),
('20230324095639');
('20230324095639'),
('20230328094807'),
('20230328094808'),
('20230328094809');

1
test/integration/slots_reservations_test.rb
View File

@ -23,6 +23,7 @@ class SlotsReservationsTest < ActionDispatch::IntegrationTest
# place cache
slot = slots_reservation.slot
slot.reload
cached = slot.places.detect do |p|
p['reservable_id'] == slots_reservation.reservation.reservable_id && p['reservable_type'] == slots_reservation.reservation.reservable_type
end