Class: Hanami::Config::Actions

Inherits:

Object

• Object
• Hanami::Config::Actions

Includes:

Dry::Configurable

Defined in:

lib/hanami/config/actions.rb,
lib/hanami/config/actions/cookies.rb,
lib/hanami/config/actions/sessions.rb,
lib/hanami/config/actions/content_security_policy.rb

Overview

Hanami actions config

This exposes all the settings from the standalone ‘Hanami::Action` class, pre-configured with sensible defaults for actions within a full Hanami app. It also provides additional settings for further integration of actions with other full stack app components.

Since:

• 2.0.0

Defined Under Namespace

Classes: ContentSecurityPolicy, Cookies, Sessions

Instance Attribute Summary

• #content_security_policy ⇒ Hanami::Config::Actions::ContentSecurityPolicy

  Returns the Content Security Policy config for actions.

• #cookies ⇒ Hanami::Config::Actions::Cookies

  Sets or returns a hash of cookie options for actions.

• #csrf_protection ⇒ Boolean

  Sets or returns whether CSRF protection should be enabled for action classes.

• #method_override ⇒ Boolean

  Sets or returns whether HTTP method override should be enabled for action classes.

• #name_inference_base ⇒ Object private
• #sessions ⇒ Config::Sessions

  Sets or returns the session store (and its options) for actions.

• #view_name_inference_base ⇒ Object private
• #view_name_inferrer ⇒ Object private

Instance Method Summary

• #content_security_policy? ⇒ Boolean
• #content_security_policy_nonce_generator ⇒ Proc

  Returns the proc to generate Content Security Policy nonce values.

• #finalize!(app_config) ⇒ Object private
• #initialize(**options) ⇒ Actions constructor private

  A new instance of Actions.

Constructor Details

#initialize(**options) ⇒ Actions

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a new instance of Actions.

Since:

• 2.0.0

# File 'lib/hanami/config/actions.rb', line 129

def initialize(*, **options)
  super()

  @base_config = Hanami::Action.config.dup
  @content_security_policy = ContentSecurityPolicy.new

  configure_defaults
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(name, *args, &block) ⇒ Object (private)

Since:

• 2.0.0

# File 'lib/hanami/config/actions.rb', line 174

def method_missing(name, *args, &block)
  if config.respond_to?(name)
    config.public_send(name, *args, &block)
  elsif base_config.respond_to?(name)
    base_config.public_send(name, *args, &block)
  else
    super
  end
end

Instance Attribute Details

#content_security_policy ⇒ Hanami::Config::Actions::ContentSecurityPolicy

Returns the Content Security Policy config for actions.

The resulting policy is set as a default ‘“Content-Security-Policy”` response header.

Returns:

• (Hanami::Config::Actions::ContentSecurityPolicy)

Since:

• 2.0.0

# File 'lib/hanami/config/actions.rb', line 76

def content_security_policy
  @content_security_policy
end

#cookies ⇒ Hanami::Config::Actions::Cookies

Sets or returns a hash of cookie options for actions.

The hash is wrapped by Cookies, which also provides an ‘enabled?` method, returning true in the case of any options provided.

Examples:

config.actions.cookies = {max_age: 300}

Returns:

• (Hanami::Config::Actions::Cookies)

Since:

• 2.0.0

# File 'lib/hanami/config/actions.rb', line 32

setting :cookies, default: {}, constructor: -> options { Cookies.new(options) }

#csrf_protection ⇒ Boolean

Sets or returns whether CSRF protection should be enabled for action classes.

Defaults to true if #sessions is enabled. You can override this by explicitly setting a true or false value.

When true, this will include ‘Hanami::Action::CSRFProtection` in all action classes.

Returns:

• (Boolean)

Since:

• 2.0.0

# File 'lib/hanami/config/actions.rb', line 66

setting :csrf_protection

#method_override ⇒ Boolean

Sets or returns whether HTTP method override should be enabled for action classes.

Defaults to true. You can override this by explicitly setting a true or false value.

When true, this will mount ‘Rack::MethodOverride` in the Rack middleware stack of the App.

Returns:

• (Boolean)

Since:

• 2.1.0

# File 'lib/hanami/config/actions.rb', line 107

setting :method_override, default: true

#name_inference_base ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Since:

• 2.1.0

# File 'lib/hanami/config/actions.rb', line 112

setting :name_inference_base, default: "actions"

#sessions ⇒ Config::Sessions

Sets or returns the session store (and its options) for actions.

The given values are taken as an argument list to be passed to Config::Sessions#initialize.

The configured session store is used when setting up the app or slice router.

Examples:

config.actions.sessions = :cookie, {secret: "xyz"}

Returns:

• (Config::Sessions)

See Also:

• Config::Sessions
• Slice::ClassMethods#router

Since:

• 2.0.0

# File 'lib/hanami/config/actions.rb', line 52

setting :sessions, constructor: proc { |storage, *options| Sessions.new(storage, *options) }

#view_name_inference_base ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Since:

• 2.1.0

# File 'lib/hanami/config/actions.rb', line 122

setting :view_name_inference_base, default: "views"

#view_name_inferrer ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Since:

• 2.1.0

# File 'lib/hanami/config/actions.rb', line 117

setting :view_name_inferrer, default: Slice::ViewNameInferrer

Instance Method Details

#content_security_policy? ⇒ Boolean

Returns:

• (Boolean)

Since:

• 2.3.0

# File 'lib/hanami/config/actions.rb', line 161

def content_security_policy? = !!@content_security_policy

#content_security_policy_nonce_generator ⇒ Proc

Returns the proc to generate Content Security Policy nonce values.

The current Rack request object is provided as an optional argument to the proc, enabling the generation of nonces based on session IDs.

Examples:

Independent random nonce (default)

-> { SecureRandom.urlsafe_base64(16) }

Session dependent nonce

->(request) { Digest::SHA256.base64digest(request.session[:uuid])[0, 16] }

Returns:

• (Proc)

Since:

• 2.3.0

# File 'lib/hanami/config/actions.rb', line 93

setting :content_security_policy_nonce_generator, default: -> { SecureRandom.urlsafe_base64(16) }

#finalize!(app_config) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Since:

• 2.0.0

# File 'lib/hanami/config/actions.rb', line 147

def finalize!(app_config)
  @base_config.root_directory = app_config.root

  # A nil value for `csrf_protection` means it has not been explicitly configured
  # (neither true nor false), so we can default it to whether sessions are enabled
  self.csrf_protection = sessions.enabled? if csrf_protection.nil?

  if content_security_policy
    default_headers["Content-Security-Policy"] = content_security_policy.to_s
  end
end