From d20cd4a74eeae340502cae470b71d5e479a2868b Mon Sep 17 00:00:00 2001 From: Tyranja Date: Sat, 4 Nov 2023 21:44:45 +0100 Subject: [PATCH] update to rails 6.1 (#1333) * update to rails 6.1 --------- Co-authored-by: Tyranja --- Gemfile | 4 +- Gemfile.lock | 137 +++++++++--------- .../admin/medialinks_controller.rb | 2 +- app/controllers/medialinks_controller.rb | 2 +- app/helpers/application_helper.rb | 4 + app/models/medialink.rb | 19 +-- app/models/profile.rb | 10 +- app/views/admin/medialinks/index.html.erb | 22 +-- app/views/medialinks/_medialink.html.erb | 23 +++ app/views/medialinks/index.html.erb | 19 +-- app/views/profiles/_medialink.html.erb | 15 ++ app/views/profiles/_show.html.erb | 35 ++--- bin/rails | 4 +- bin/rake | 4 +- bin/setup | 16 +- bin/yarn | 12 +- config/boot.rb | 4 +- config/cable.yml | 2 +- config/environment.rb | 2 +- config/initializers/backtrace_silencers.rb | 7 +- .../initializers/content_security_policy.rb | 5 + .../initializers/filter_parameter_logging.rb | 4 +- .../new_framework_defaults_6_1.rb | 67 +++++++++ config/initializers/permissions_policy.rb | 11 ++ ..._to_active_storage_blobs.active_storage.rb | 22 +++ ..._storage_variant_records.active_storage.rb | 27 ++++ db/schema.rb | 8 +- spec/models/medialink_spec.rb | 49 +++++++ spec/system/admin/admin_navigation_spec.rb | 2 +- spec/system/profile_spec.rb | 4 +- 30 files changed, 355 insertions(+), 187 deletions(-) create mode 100644 app/views/medialinks/_medialink.html.erb create mode 100644 app/views/profiles/_medialink.html.erb create mode 100644 config/initializers/new_framework_defaults_6_1.rb create mode 100644 config/initializers/permissions_policy.rb create mode 100644 db/migrate/20231028163836_add_service_name_to_active_storage_blobs.active_storage.rb create mode 100644 db/migrate/20231028163837_create_active_storage_variant_records.active_storage.rb create mode 100644 spec/models/medialink_spec.rb diff --git a/Gemfile b/Gemfile index 2e8265e3e..d5d2d5ec1 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source 'https://rubygems.org' ruby '3.1.1' -gem 'rails', '6.0.3.6' +gem 'rails', '6.1.7.6' # Needed for Javascript Runtime # gem 'therubyracer' @@ -22,9 +22,7 @@ gem 'deadweight', require: 'deadweight/hijack/rails' gem 'kaminari' gem 'mime-types' -# gem 'acts-as-taggable-on', '~> 6.0' gem 'acts-as-taggable-on', '~> 9.0', '>= 9.0.1' -gem 'auto_html', '~>1.6.4' gem 'devise', '~> 4.7' gem 'invisible_captcha' gem 'jquery-rails', '~> 4.4.0' diff --git a/Gemfile.lock b/Gemfile.lock index 3112953ab..d1ca002e0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -38,38 +38,40 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (6.0.3.6) - actionpack (= 6.0.3.6) + actioncable (6.1.7.6) + actionpack (= 6.1.7.6) + activesupport (= 6.1.7.6) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.6) - actionpack (= 6.0.3.6) - activejob (= 6.0.3.6) - activerecord (= 6.0.3.6) - activestorage (= 6.0.3.6) - activesupport (= 6.0.3.6) + actionmailbox (6.1.7.6) + actionpack (= 6.1.7.6) + activejob (= 6.1.7.6) + activerecord (= 6.1.7.6) + activestorage (= 6.1.7.6) + activesupport (= 6.1.7.6) mail (>= 2.7.1) - actionmailer (6.0.3.6) - actionpack (= 6.0.3.6) - actionview (= 6.0.3.6) - activejob (= 6.0.3.6) + actionmailer (6.1.7.6) + actionpack (= 6.1.7.6) + actionview (= 6.1.7.6) + activejob (= 6.1.7.6) + activesupport (= 6.1.7.6) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.3.6) - actionview (= 6.0.3.6) - activesupport (= 6.0.3.6) - rack (~> 2.0, >= 2.0.8) + actionpack (6.1.7.6) + actionview (= 6.1.7.6) + activesupport (= 6.1.7.6) + rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.6) - actionpack (= 6.0.3.6) - activerecord (= 6.0.3.6) - activestorage (= 6.0.3.6) - activesupport (= 6.0.3.6) + actiontext (6.1.7.6) + actionpack (= 6.1.7.6) + activerecord (= 6.1.7.6) + activestorage (= 6.1.7.6) + activesupport (= 6.1.7.6) nokogiri (>= 1.8.5) - actionview (6.0.3.6) - activesupport (= 6.0.3.6) + actionview (6.1.7.6) + activesupport (= 6.1.7.6) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) @@ -79,34 +81,33 @@ GEM activemodel (>= 4.1, < 7.1) case_transform (>= 0.2) jsonapi-renderer (>= 0.1.1.beta1, < 0.3) - activejob (6.0.3.6) - activesupport (= 6.0.3.6) + activejob (6.1.7.6) + activesupport (= 6.1.7.6) globalid (>= 0.3.6) - activemodel (6.0.3.6) - activesupport (= 6.0.3.6) - activerecord (6.0.3.6) - activemodel (= 6.0.3.6) - activesupport (= 6.0.3.6) - activestorage (6.0.3.6) - actionpack (= 6.0.3.6) - activejob (= 6.0.3.6) - activerecord (= 6.0.3.6) - marcel (~> 1.0.0) - activesupport (6.0.3.6) + activemodel (6.1.7.6) + activesupport (= 6.1.7.6) + activerecord (6.1.7.6) + activemodel (= 6.1.7.6) + activesupport (= 6.1.7.6) + activestorage (6.1.7.6) + actionpack (= 6.1.7.6) + activejob (= 6.1.7.6) + activerecord (= 6.1.7.6) + activesupport (= 6.1.7.6) + marcel (~> 1.0) + mini_mime (>= 1.1.0) + activesupport (6.1.7.6) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - zeitwerk (~> 2.2, >= 2.2.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) acts-as-taggable-on (9.0.1) activerecord (>= 6.0, < 7.1) addressable (2.8.1) public_suffix (>= 2.0.2, < 6.0) ansi (1.5.0) ast (2.4.2) - auto_html (1.6.4) - redcarpet (~> 3.1) - rinku (~> 1.5.0) autoprefixer-rails (10.4.13.0) execjs (~> 2) aws-eventstream (1.2.0) @@ -340,7 +341,7 @@ GEM timeout net-smtp (0.3.3) net-protocol - nio4r (2.5.8) + nio4r (2.5.9) nokogiri (1.14.2-arm64-darwin) racc (~> 1.4) nokogiri (1.14.2-x86_64-linux) @@ -392,20 +393,20 @@ GEM rack-test (2.1.0) rack (>= 1.3) rack-timeout (0.6.3) - rails (6.0.3.6) - actioncable (= 6.0.3.6) - actionmailbox (= 6.0.3.6) - actionmailer (= 6.0.3.6) - actionpack (= 6.0.3.6) - actiontext (= 6.0.3.6) - actionview (= 6.0.3.6) - activejob (= 6.0.3.6) - activemodel (= 6.0.3.6) - activerecord (= 6.0.3.6) - activestorage (= 6.0.3.6) - activesupport (= 6.0.3.6) - bundler (>= 1.3.0) - railties (= 6.0.3.6) + rails (6.1.7.6) + actioncable (= 6.1.7.6) + actionmailbox (= 6.1.7.6) + actionmailer (= 6.1.7.6) + actionpack (= 6.1.7.6) + actiontext (= 6.1.7.6) + actionview (= 6.1.7.6) + activejob (= 6.1.7.6) + activemodel (= 6.1.7.6) + activerecord (= 6.1.7.6) + activestorage (= 6.1.7.6) + activesupport (= 6.1.7.6) + bundler (>= 1.15.0) + railties (= 6.1.7.6) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -416,12 +417,12 @@ GEM nokogiri (>= 1.6) rails-html-sanitizer (1.5.0) loofah (~> 2.19, >= 2.19.1) - railties (6.0.3.6) - actionpack (= 6.0.3.6) - activesupport (= 6.0.3.6) + railties (6.1.7.6) + actionpack (= 6.1.7.6) + activesupport (= 6.1.7.6) method_source - rake (>= 0.8.7) - thor (>= 0.20.3, < 2.0) + rake (>= 12.2) + thor (~> 1.0) rainbow (3.1.1) raindrops (0.20.1) rake (13.0.6) @@ -431,7 +432,6 @@ GEM rdoc (6.3.2) record_tag_helper (1.0.1) actionview (>= 5) - redcarpet (3.6.0) regexp_parser (2.7.0) request_store (1.5.1) rack (>= 1.4) @@ -439,7 +439,6 @@ GEM actionpack (>= 5.2) railties (>= 5.2) rexml (3.2.5) - rinku (1.5.1) rspec (3.12.0) rspec-core (~> 3.12.0) rspec-expectations (~> 3.12.0) @@ -504,11 +503,10 @@ GEM sprockets (>= 3.0.0) stackprof (0.2.24) thor (1.2.1) - thread_safe (0.3.6) tilt (2.1.0) timeout (0.3.2) - tzinfo (1.2.11) - thread_safe (~> 0.1) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) uglifier (4.2.0) execjs (>= 0.3.0, < 3) unaccent (0.4.0) @@ -535,7 +533,6 @@ PLATFORMS DEPENDENCIES active_model_serializers acts-as-taggable-on (~> 9.0, >= 9.0.1) - auto_html (~> 1.6.4) aws-sdk-s3 better_errors bootsnap (~> 1.4.2) @@ -581,7 +578,7 @@ DEPENDENCIES psych (< 4.0) rack-piwik (~> 0.3.0) rack-timeout - rails (= 6.0.3.6) + rails (= 6.1.7.6) rails-controller-testing record_tag_helper (~> 1.0) rexml (~> 3.2.4) diff --git a/app/controllers/admin/medialinks_controller.rb b/app/controllers/admin/medialinks_controller.rb index 4f9de423e..aebaaf40d 100644 --- a/app/controllers/admin/medialinks_controller.rb +++ b/app/controllers/admin/medialinks_controller.rb @@ -10,7 +10,7 @@ def index end def new - @medialink = Medialink.new(url: 'http://') + @medialink = Medialink.new(url: 'https://') end def edit; end diff --git a/app/controllers/medialinks_controller.rb b/app/controllers/medialinks_controller.rb index 1c44c6822..6c4c84c5c 100644 --- a/app/controllers/medialinks_controller.rb +++ b/app/controllers/medialinks_controller.rb @@ -11,7 +11,7 @@ def index end def new - @medialink = Medialink.new(url: 'http://') + @medialink = Medialink.new(url: 'https://') end def edit; end diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 36bafc3c8..bcbc6147b 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -53,4 +53,8 @@ def bootstrap_class_for(flash_type) end end + def url_with_protocol(url) + (url.start_with?("http://") || url.start_with?("https://")) ? url : 'https://' + url + end + end diff --git a/app/models/medialink.rb b/app/models/medialink.rb index cecd972aa..a1d9930cc 100644 --- a/app/models/medialink.rb +++ b/app/models/medialink.rb @@ -1,18 +1,19 @@ # frozen_string_literal: true class Medialink < ApplicationRecord - include AutoHtml - belongs_to :profile validates :title, :url, presence: true - auto_html_for :url do - html_escape - image - youtube width: 400, height: 250 - vimeo width: 400, height: 250 - simple_format - link target: '_blank', rel: 'nofollow' + def youtube_thumbnail_url + youtube_id = find_youtube_id + return unless youtube_id + + "https://img.youtube.com/vi/" + youtube_id + "/mqdefault.jpg" + end + + def find_youtube_id + id = url.match(/((?<=v=)|(?<=youtu.be\/)).+/) + id ? id[0].split(/(\?|&)/).first : nil end end diff --git a/app/models/profile.rb b/app/models/profile.rb index d7518680c..68351ce8d 100644 --- a/app/models/profile.rb +++ b/app/models/profile.rb @@ -129,14 +129,6 @@ def should_generate_new_friendly_id? slug.blank? || firstname_changed? || lastname_changed? end - def website_with_protocol(profile_website) - if profile_website =~ %r{^https?://} - profile_website - else - 'http://' + profile_website - end - end - def website_in_language_scope(lang, number = '') send(('website_' + number + lang.to_s).to_sym) end @@ -146,7 +138,7 @@ def twitter_name_formatted end def twitter_link_formatted - 'http://twitter.com/' + twitter.gsub(%r{^@|https:|http:|:|//|www.|twitter.com/}, '') + 'https://twitter.com/' + twitter.gsub(%r{^@|https:|http:|:|//|www.|twitter.com/}, '') end def country_name diff --git a/app/views/admin/medialinks/index.html.erb b/app/views/admin/medialinks/index.html.erb index 1573c764d..fef9990fe 100644 --- a/app/views/admin/medialinks/index.html.erb +++ b/app/views/admin/medialinks/index.html.erb @@ -27,26 +27,6 @@

diff --git a/app/views/medialinks/_medialink.html.erb b/app/views/medialinks/_medialink.html.erb new file mode 100644 index 000000000..e168964d4 --- /dev/null +++ b/app/views/medialinks/_medialink.html.erb @@ -0,0 +1,23 @@ +<%= content_tag_for(:li, medialink, nil, {'title' => t(:tooltip, scope: 'medialinks')}) do %> + + <%= link_to medialink.title, url_with_protocol(medialink.url) %> +
+ <% if medialink.url =~ /youtube|youtu.be/i and medialink.youtube_thumbnail_url%> + alt="Video Thumbnail"> + <% end %> +

+ <%= simple_format(medialink.description, class: '') %> +

+ + <%= t(:select_language, scope: 'medialinks') + t("#{medialink.language}", scope: 'iso_639_1').capitalize if medialink.language.present? %> + +
+ + <%= link_to "".html_safe + t(:edit_link, scope: 'medialinks'), + edit_profile_medialink_path(@profile, medialink) %> + <%= link_to "".html_safe + t(:delete_link, scope: 'medialinks'), + profile_medialink_path(@profile, medialink), + method: :delete, + data: { confirm: "Are you sure?"}, + title: t(:delete, scope: "medialinks") %> +<% end %> diff --git a/app/views/medialinks/index.html.erb b/app/views/medialinks/index.html.erb index 548540c05..6806c4c06 100644 --- a/app/views/medialinks/index.html.erb +++ b/app/views/medialinks/index.html.erb @@ -12,23 +12,6 @@

diff --git a/app/views/profiles/_medialink.html.erb b/app/views/profiles/_medialink.html.erb new file mode 100644 index 000000000..2ec56ff5e --- /dev/null +++ b/app/views/profiles/_medialink.html.erb @@ -0,0 +1,15 @@ +
+ + <%= link_to medialink.title, url_with_protocol(medialink.url) %> + +
+ <% if medialink.url =~ /youtube|youtu.be/i %> + alt="Video Thumbnail"> + <% end %> +

+ <%= simple_format(medialink.description, class: '') %> +

+ + <%= t(:select_language, scope: 'medialinks') + t("#{medialink.language}", scope: 'iso_639_1').capitalize if medialink.language.present? %> + +
diff --git a/app/views/profiles/_show.html.erb b/app/views/profiles/_show.html.erb index b9ecb0ece..97cf835ac 100644 --- a/app/views/profiles/_show.html.erb +++ b/app/views/profiles/_show.html.erb @@ -63,16 +63,15 @@ <% if @profile.website_in_language_scope(I18n.locale).present? && ( @profile.website_in_language_scope(I18n.locale, "2_").present? || @profile.website_in_language_scope(I18n.locale, "3_").present? ) %> -

<%= t(:websites, scope: 'profiles.show') %> - <%= link_to @profile.website_in_language_scope(I18n.locale), @profile.website_with_protocol(@profile.website_in_language_scope(I18n.locale)), + <%= link_to @profile.website_in_language_scope(I18n.locale), url_with_protocol(@profile.website_in_language_scope(I18n.locale)), target: '_blank' %> - <%= link_to ", #{@profile.website_in_language_scope(I18n.locale, "2_")}", @profile.website_with_protocol(@profile.website_in_language_scope(I18n.locale, "2_")), + <%= link_to ", #{@profile.website_in_language_scope(I18n.locale, "2_")}", url_with_protocol(@profile.website_in_language_scope(I18n.locale, "2_")), target: '_blank' if @profile.website_in_language_scope(I18n.locale, "2_").present? %> - <%= link_to ", #{@profile.website_in_language_scope(I18n.locale, "3_")}", @profile.website_with_protocol(@profile.website_in_language_scope(I18n.locale, "3_")), + <%= link_to ", #{@profile.website_in_language_scope(I18n.locale, "3_")}", url_with_protocol(@profile.website_in_language_scope(I18n.locale, "3_")), target: '_blank' if @profile.website_in_language_scope(I18n.locale, "3_").present? %>

@@ -81,7 +80,7 @@ <%= t(:website, scope: 'profiles.show') %> - <%= link_to @profile.website_in_language_scope(I18n.locale), @profile.website_with_protocol(@profile.website_in_language_scope(I18n.locale)), + <%= link_to @profile.website_in_language_scope(I18n.locale), url_with_protocol(@profile.website_in_language_scope(I18n.locale)), target: '_blank' %>

<% end %> @@ -95,11 +94,11 @@ <%= t(:websites, scope: 'profiles.show') %> - <%= link_to @profile.website, @profile.website_with_protocol(@profile.website), + <%= link_to @profile.website, url_with_protocol(@profile.website), target: '_blank' %> - <%= link_to ", #{@profile.website_2}", @profile.website_with_protocol(@profile.website_2), + <%= link_to ", #{@profile.website_2}", url_with_protocol(@profile.website_2), target: '_blank' if @profile.website_2.present? %> - <%= link_to ", #{@profile.website_3}", @profile.website_with_protocol(@profile.website_3), + <%= link_to ", #{@profile.website_3}", url_with_protocol(@profile.website_3), target: '_blank' if @profile.website_3.present? %>

@@ -108,7 +107,7 @@ <%= t(:websites, scope: 'profiles.show') %> - <%= link_to @profile.website, @profile.website_with_protocol(@profile.website), + <%= link_to @profile.website, url_with_protocol(@profile.website), target: '_blank' %>

<% end %> @@ -240,22 +239,8 @@

<%= t(:media, scope: 'profiles.show') %>

- <% @medialinks.each do |medialink| %> -
- - <% if medialink.url =~ /youtube|vimeo/i %> - <%= medialink.title %> - <%= medialink.url_html if medialink.url != 'http://' %> - <% else %> - <%= link_to medialink.title, medialink.url %> - <% end %> - - <%= simple_format(medialink.description, class: '') %> - - <%= t(:select_language, scope: 'medialinks') + t("#{medialink.language}", scope: 'iso_639_1').capitalize if medialink.language.present? %> - -
- <% end %> + <%= render partial: 'profiles/medialink', collection: @medialinks %> + <% end %> diff --git a/bin/rails b/bin/rails index 073966023..6fb4e4051 100755 --- a/bin/rails +++ b/bin/rails @@ -1,4 +1,4 @@ #!/usr/bin/env ruby APP_PATH = File.expand_path('../config/application', __dir__) -require_relative '../config/boot' -require 'rails/commands' +require_relative "../config/boot" +require "rails/commands" diff --git a/bin/rake b/bin/rake index 17240489f..4fbf10b96 100755 --- a/bin/rake +++ b/bin/rake @@ -1,4 +1,4 @@ #!/usr/bin/env ruby -require_relative '../config/boot' -require 'rake' +require_relative "../config/boot" +require "rake" Rake.application.run diff --git a/bin/setup b/bin/setup index 94fd4d797..90700ac4f 100755 --- a/bin/setup +++ b/bin/setup @@ -1,6 +1,5 @@ #!/usr/bin/env ruby -require 'fileutils' -include FileUtils +require "fileutils" # path to your application root. APP_ROOT = File.expand_path('..', __dir__) @@ -9,24 +8,25 @@ def system!(*args) system(*args) || abort("\n== Command #{args} failed ==") end -chdir APP_ROOT do - # This script is a starting point to setup your application. +FileUtils.chdir APP_ROOT do + # This script is a way to set up or update your development environment automatically. + # This script is idempotent, so that you can run it at any time and get an expectable outcome. # Add necessary setup steps to this file. puts '== Installing dependencies ==' system! 'gem install bundler --conservative' system('bundle check') || system!('bundle install') - # Install JavaScript dependencies if using Yarn - # system('bin/yarn') + # Install JavaScript dependencies + system! 'bin/yarn' # puts "\n== Copying sample files ==" # unless File.exist?('config/database.yml') - # cp 'config/database.yml.sample', 'config/database.yml' + # FileUtils.cp 'config/database.yml.sample', 'config/database.yml' # end puts "\n== Preparing database ==" - system! 'bin/rails db:setup' + system! 'bin/rails db:prepare' puts "\n== Removing old logs and tempfiles ==" system! 'bin/rails log:clear tmp:clear' diff --git a/bin/yarn b/bin/yarn index 460dd565b..9fab2c350 100755 --- a/bin/yarn +++ b/bin/yarn @@ -1,9 +1,15 @@ #!/usr/bin/env ruby APP_ROOT = File.expand_path('..', __dir__) Dir.chdir(APP_ROOT) do - begin - exec "yarnpkg", *ARGV - rescue Errno::ENOENT + yarn = ENV["PATH"].split(File::PATH_SEPARATOR). + select { |dir| File.expand_path(dir) != __dir__ }. + product(["yarn", "yarn.cmd", "yarn.ps1"]). + map { |dir, file| File.expand_path(file, dir) }. + find { |file| File.executable?(file) } + + if yarn + exec yarn, *ARGV + else $stderr.puts "Yarn executable was not detected in the system." $stderr.puts "Download Yarn at https://yarnpkg.com/en/docs/install" exit 1 diff --git a/config/boot.rb b/config/boot.rb index b9e460cef..3cda23b4d 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,4 +1,4 @@ ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) -require 'bundler/setup' # Set up gems listed in the Gemfile. -require 'bootsnap/setup' # Speed up boot time by caching expensive operations. +require "bundler/setup" # Set up gems listed in the Gemfile. +require "bootsnap/setup" # Speed up boot time by caching expensive operations. diff --git a/config/cable.yml b/config/cable.yml index fc812fd90..83db7f791 100644 --- a/config/cable.yml +++ b/config/cable.yml @@ -2,7 +2,7 @@ development: adapter: async test: - adapter: async + adapter: test production: adapter: redis diff --git a/config/environment.rb b/config/environment.rb index 426333bb4..cac531577 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -1,5 +1,5 @@ # Load the Rails application. -require_relative 'application' +require_relative "application" # Initialize the Rails application. Rails.application.initialize! diff --git a/config/initializers/backtrace_silencers.rb b/config/initializers/backtrace_silencers.rb index 59385cdf3..33699c309 100644 --- a/config/initializers/backtrace_silencers.rb +++ b/config/initializers/backtrace_silencers.rb @@ -1,7 +1,8 @@ # Be sure to restart your server when you modify this file. # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. -# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } +# Rails.backtrace_cleaner.add_silencer { |line| /my_noisy_library/.match?(line) } -# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. -# Rails.backtrace_cleaner.remove_silencers! +# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code +# by setting BACKTRACE=1 before calling your invocation, like "BACKTRACE=1 ./bin/rails runner 'MyClass.perform'". +Rails.backtrace_cleaner.remove_silencers! if ENV["BACKTRACE"] diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index d3bcaa5ec..35d0f26fc 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -11,6 +11,8 @@ # policy.object_src :none # policy.script_src :self, :https # policy.style_src :self, :https +# # If you are using webpack-dev-server then specify webpack-dev-server host +# policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development? # # Specify URI for violation reports # # policy.report_uri "/csp-violation-report-endpoint" @@ -19,6 +21,9 @@ # If you are using UJS then enable automatic nonce generation # Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } +# Set the nonce only to specific directives +# Rails.application.config.content_security_policy_nonce_directives = %w(script-src) + # Report CSP violations to a specified URI # For further information see the following documentation: # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 4a994e1e7..4b34a0366 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,4 +1,6 @@ # Be sure to restart your server when you modify this file. # Configure sensitive parameters which will be filtered from the log file. -Rails.application.config.filter_parameters += [:password] +Rails.application.config.filter_parameters += [ + :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn +] diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb new file mode 100644 index 000000000..94a440745 --- /dev/null +++ b/config/initializers/new_framework_defaults_6_1.rb @@ -0,0 +1,67 @@ +# Be sure to restart your server when you modify this file. +# +# This file contains migration options to ease your Rails 6.1 upgrade. +# +# Once upgraded flip defaults one by one to migrate to the new default. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. + +# Support for inversing belongs_to -> has_many Active Record associations. +# Rails.application.config.active_record.has_many_inversing = true + +# Track Active Storage variants in the database. +Rails.application.config.active_storage.track_variants = true + +# Apply random variation to the delay when retrying failed jobs. +# Rails.application.config.active_job.retry_jitter = 0.15 + +# Stop executing `after_enqueue`/`after_perform` callbacks if +# `before_enqueue`/`before_perform` respectively halts with `throw :abort`. +# Rails.application.config.active_job.skip_after_callbacks_if_terminated = true + +# Specify cookies SameSite protection level: either :none, :lax, or :strict. +# +# This change is not backwards compatible with earlier Rails versions. +# It's best enabled when your entire app is migrated and stable on 6.1. +# Rails.application.config.action_dispatch.cookies_same_site_protection = :lax + +# Generate CSRF tokens that are encoded in URL-safe Base64. +# +# This change is not backwards compatible with earlier Rails versions. +# It's best enabled when your entire app is migrated and stable on 6.1. +# Rails.application.config.action_controller.urlsafe_csrf_tokens = true + +# Specify whether `ActiveSupport::TimeZone.utc_to_local` returns a time with an +# UTC offset or a UTC time. +# ActiveSupport.utc_to_local_returns_utc_offset_times = true + +# Change the default HTTP status code to `308` when redirecting non-GET/HEAD +# requests to HTTPS in `ActionDispatch::SSL` middleware. +# Rails.application.config.action_dispatch.ssl_default_redirect_status = 308 + +# Use new connection handling API. For most applications this won't have any +# effect. For applications using multiple databases, this new API provides +# support for granular connection swapping. +# Rails.application.config.active_record.legacy_connection_handling = false + +# Make `form_with` generate non-remote forms by default. +# Rails.application.config.action_view.form_with_generates_remote_forms = false + +# Set the default queue name for the analysis job to the queue adapter default. +# Rails.application.config.active_storage.queues.analysis = nil + +# Set the default queue name for the purge job to the queue adapter default. +# Rails.application.config.active_storage.queues.purge = nil + +# Set the default queue name for the incineration job to the queue adapter default. +# Rails.application.config.action_mailbox.queues.incineration = nil + +# Set the default queue name for the routing job to the queue adapter default. +# Rails.application.config.action_mailbox.queues.routing = nil + +# Set the default queue name for the mail deliver job to the queue adapter default. +# Rails.application.config.action_mailer.deliver_later_queue_name = nil + +# Generate a `Link` header that gives a hint to modern browsers about +# preloading assets when using `javascript_include_tag` and `stylesheet_link_tag`. +# Rails.application.config.action_view.preload_links_header = true diff --git a/config/initializers/permissions_policy.rb b/config/initializers/permissions_policy.rb new file mode 100644 index 000000000..00f64d71b --- /dev/null +++ b/config/initializers/permissions_policy.rb @@ -0,0 +1,11 @@ +# Define an application-wide HTTP permissions policy. For further +# information see https://developers.google.com/web/updates/2018/06/feature-policy +# +# Rails.application.config.permissions_policy do |f| +# f.camera :none +# f.gyroscope :none +# f.microphone :none +# f.usb :none +# f.fullscreen :self +# f.payment :self, "https://secure.example.com" +# end diff --git a/db/migrate/20231028163836_add_service_name_to_active_storage_blobs.active_storage.rb b/db/migrate/20231028163836_add_service_name_to_active_storage_blobs.active_storage.rb new file mode 100644 index 000000000..a15c6ce8e --- /dev/null +++ b/db/migrate/20231028163836_add_service_name_to_active_storage_blobs.active_storage.rb @@ -0,0 +1,22 @@ +# This migration comes from active_storage (originally 20190112182829) +class AddServiceNameToActiveStorageBlobs < ActiveRecord::Migration[6.0] + def up + return unless table_exists?(:active_storage_blobs) + + unless column_exists?(:active_storage_blobs, :service_name) + add_column :active_storage_blobs, :service_name, :string + + if configured_service = ActiveStorage::Blob.service.name + ActiveStorage::Blob.unscoped.update_all(service_name: configured_service) + end + + change_column :active_storage_blobs, :service_name, :string, null: false + end + end + + def down + return unless table_exists?(:active_storage_blobs) + + remove_column :active_storage_blobs, :service_name + end +end diff --git a/db/migrate/20231028163837_create_active_storage_variant_records.active_storage.rb b/db/migrate/20231028163837_create_active_storage_variant_records.active_storage.rb new file mode 100644 index 000000000..94ac83af0 --- /dev/null +++ b/db/migrate/20231028163837_create_active_storage_variant_records.active_storage.rb @@ -0,0 +1,27 @@ +# This migration comes from active_storage (originally 20191206030411) +class CreateActiveStorageVariantRecords < ActiveRecord::Migration[6.0] + def change + return unless table_exists?(:active_storage_blobs) + + # Use Active Record's configured type for primary key + create_table :active_storage_variant_records, id: primary_key_type, if_not_exists: true do |t| + t.belongs_to :blob, null: false, index: false, type: blobs_primary_key_type + t.string :variation_digest, null: false + + t.index %i[ blob_id variation_digest ], name: "index_active_storage_variant_records_uniqueness", unique: true + t.foreign_key :active_storage_blobs, column: :blob_id + end + end + + private + def primary_key_type + config = Rails.configuration.generators + config.options[config.orm][:primary_key_type] || :primary_key + end + + def blobs_primary_key_type + pkey_name = connection.primary_key(:active_storage_blobs) + pkey_column = connection.columns(:active_storage_blobs).find { |c| c.name == pkey_name } + pkey_column.bigint? ? :bigint : pkey_column.type + end +end diff --git a/db/schema.rb b/db/schema.rb index 0e8b6895f..e93c60a5a 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2,15 +2,15 @@ # of editing this file, please use the migrations feature of Active Record to # incrementally modify your database, and then regenerate this schema definition. # -# This file is the source Rails uses to define your schema when running `rails -# db:schema:load`. When creating a new database, `rails db:schema:load` tends to +# This file is the source Rails uses to define your schema when running `bin/rails +# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to # be faster and is potentially less error prone than running all of your # migrations from scratch. Old migrations may fail to apply correctly if those # migrations use external dependencies or application code. # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2022_04_22_184124) do +ActiveRecord::Schema.define(version: 2023_10_28_163837) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -38,7 +38,7 @@ end create_table "active_storage_variant_records", force: :cascade do |t| - t.integer "blob_id", null: false + t.bigint "blob_id", null: false t.string "variation_digest", null: false t.index ["blob_id", "variation_digest"], name: "index_active_storage_variant_records_uniqueness", unique: true end diff --git a/spec/models/medialink_spec.rb b/spec/models/medialink_spec.rb new file mode 100644 index 000000000..298062b5b --- /dev/null +++ b/spec/models/medialink_spec.rb @@ -0,0 +1,49 @@ +describe 'medialink', type: :model do + let(:medialink) { FactoryBot.build(:medialink) } + + describe '#find_youtube_id' do + it 'in www.youtu.be/234dgf' do + medialink.url = "www.youtu.be/234dgf" + expect(medialink.find_youtube_id).to eq("234dgf") + end + + it 'in www.youtu.be/276d?si=xx' do + medialink.url = "www.youtu.be/276d?si=xx" + expect(medialink.find_youtube_id).to eq("276d") + end + + it 'in www.youtu.be/27-6d?si=xx' do + medialink.url = "www.youtu.be/27-6d?si=xx" + expect(medialink.find_youtube_id).to eq("27-6d") + end + + it 'in https://www.youtube.com/watch?v=3Q8D4' do + medialink.url = "https://www.youtube.com/watch?v=3Q8D4" + expect(medialink.find_youtube_id).to eq("3Q8D4") + end + + it 'in http://youtube.com' do + medialink.url = "http://youtube.com" + expect(medialink.find_youtube_id).to be nil + end + + it 'in https://www.youtube.com/playlist?list=PLjQo0sojbbxWcy_byqkbe7j3boVTQurf9' do + medialink.url = "https://www.youtube.com/playlist?list=PLjQo0sojbbxWcy_byqkbe7j3boVTQurf9" + expect(medialink.find_youtube_id).to be nil + + end + end + + describe '#youtube_thumbnail_url' do + it 'creates a image url' do + medialink.url = "www.youtu.be/276d?si=xx" + youtube_url = "https://img.youtube.com/vi/276d/mqdefault.jpg" + expect(medialink.youtube_thumbnail_url).to eq(youtube_url) + end + + it 'returns nil when there is no youtube id in the url' do + medialink.url = "www.youtu.be" + expect(medialink.youtube_thumbnail_url).to be nil + end + end +end diff --git a/spec/system/admin/admin_navigation_spec.rb b/spec/system/admin/admin_navigation_spec.rb index 1437ec8ce..b93e4613b 100644 --- a/spec/system/admin/admin_navigation_spec.rb +++ b/spec/system/admin/admin_navigation_spec.rb @@ -125,7 +125,7 @@ expect(page).to have_content('algorithm') expect(page).to have_content('English') expect(page).to have_content('German') - expect(page).to have_link('Ada and the computer', href: 'www.adalovelace.de') + expect(page).to have_link('Ada and the computer', href: 'https://www.adalovelace.de') expect(page).to have_content('How to programm') end end diff --git a/spec/system/profile_spec.rb b/spec/system/profile_spec.rb index fea18ef0c..5fd8b8120 100644 --- a/spec/system/profile_spec.rb +++ b/spec/system/profile_spec.rb @@ -38,7 +38,7 @@ expect(page).to have_content('writer') expect(page).to have_content('German') expect(page).to have_content('English') - expect(page).to have_link('Ada and the computer', href: 'www.adalovelace.de') + expect(page).to have_link('Ada and the computer', href: 'https://www.adalovelace.de') expect(page).to have_content('www.ada.de') expect(page).to have_content('www.ada2.de') expect(page).to have_content('www.ada3.de') @@ -79,7 +79,7 @@ expect(page).to have_content('writer') expect(page).to have_content('Englisch') expect(page).to have_content('Deutsch') - expect(page).to have_link('Ada and the computer', href: 'www.adalovelace.de') + expect(page).to have_link('Ada and the computer', href: 'https://www.adalovelace.de') expect(page).to have_content('www.ada.de') expect(page).to have_content('www.ada2.de') expect(page).to have_content('www.ada3.de')