diff --git a/backend/Gemfile b/backend/Gemfile index c2b7a419..78fa2009 100644 --- a/backend/Gemfile +++ b/backend/Gemfile @@ -6,14 +6,15 @@ ruby "3.2.3" gem "dotenv-rails", groups: %i[development test] # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem "rails", "~> 6.1.7.7" +gem "rails", "~> 7.1.0" gem "rake" +gem "sprockets-rails" # JSON serializer -gem "active_model_serializers", "0.9.8" +gem "active_model_serializers", "~> 0.9" # Use postgresql and mongo as the database for Active Record -gem "mongoid", "7.3.3" +gem "mongoid", "8.1.3" # https://www.mongodb.com/docs/mongoid/current/reference/compatibility/#rails-compatibility gem "pg" # Use Puma as the app server @@ -21,11 +22,11 @@ gem "puma", "5.6.8" # Authentication libraries gem "cancancan", "~> 3.5.0" -gem "cancancan-mongoid", "2.0.0" -gem "devise", "4.8.0" -gem "devise_invitable", "2.0.9" -gem "omniauth", "1.8.1" -gem "omniauth-facebook", "3.0.0" +gem "cancancan-mongoid", "~> 2.0" +gem "devise", "~> 4.8" +gem "devise_invitable", "~> 2.0" +gem "omniauth", "~> 1.8" +gem "omniauth-facebook", "~> 3.0" # Colored output to console gem "colored" diff --git a/backend/Gemfile.lock b/backend/Gemfile.lock index 018d4ad6..551097b4 100644 --- a/backend/Gemfile.lock +++ b/backend/Gemfile.lock @@ -1,68 +1,83 @@ GEM remote: https://rubygems.org/ specs: - actioncable (6.1.7.7) - actionpack (= 6.1.7.7) - activesupport (= 6.1.7.7) + actioncable (7.1.3.4) + actionpack (= 7.1.3.4) + activesupport (= 7.1.3.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.7) - actionpack (= 6.1.7.7) - activejob (= 6.1.7.7) - activerecord (= 6.1.7.7) - activestorage (= 6.1.7.7) - activesupport (= 6.1.7.7) + zeitwerk (~> 2.6) + actionmailbox (7.1.3.4) + actionpack (= 7.1.3.4) + activejob (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) mail (>= 2.7.1) - actionmailer (6.1.7.7) - actionpack (= 6.1.7.7) - actionview (= 6.1.7.7) - activejob (= 6.1.7.7) - activesupport (= 6.1.7.7) + net-imap + net-pop + net-smtp + actionmailer (7.1.3.4) + actionpack (= 7.1.3.4) + actionview (= 7.1.3.4) + activejob (= 7.1.3.4) + activesupport (= 7.1.3.4) mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (6.1.7.7) - actionview (= 6.1.7.7) - activesupport (= 6.1.7.7) - rack (~> 2.0, >= 2.0.9) + net-imap + net-pop + net-smtp + rails-dom-testing (~> 2.2) + actionpack (7.1.3.4) + actionview (= 7.1.3.4) + activesupport (= 7.1.3.4) + nokogiri (>= 1.8.5) + racc + rack (>= 2.2.4) + rack-session (>= 1.0.1) rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.7) - actionpack (= 6.1.7.7) - activerecord (= 6.1.7.7) - activestorage (= 6.1.7.7) - activesupport (= 6.1.7.7) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + actiontext (7.1.3.4) + actionpack (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (6.1.7.7) - activesupport (= 6.1.7.7) + actionview (7.1.3.4) + activesupport (= 7.1.3.4) builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) active_model_serializers (0.9.8) activemodel (>= 3.2) concurrent-ruby (~> 1.0) - activejob (6.1.7.7) - activesupport (= 6.1.7.7) + activejob (7.1.3.4) + activesupport (= 7.1.3.4) globalid (>= 0.3.6) - activemodel (6.1.7.7) - activesupport (= 6.1.7.7) - activerecord (6.1.7.7) - activemodel (= 6.1.7.7) - activesupport (= 6.1.7.7) - activestorage (6.1.7.7) - actionpack (= 6.1.7.7) - activejob (= 6.1.7.7) - activerecord (= 6.1.7.7) - activesupport (= 6.1.7.7) + activemodel (7.1.3.4) + activesupport (= 7.1.3.4) + activerecord (7.1.3.4) + activemodel (= 7.1.3.4) + activesupport (= 7.1.3.4) + timeout (>= 0.4.0) + activestorage (7.1.3.4) + actionpack (= 7.1.3.4) + activejob (= 7.1.3.4) + activerecord (= 7.1.3.4) + activesupport (= 7.1.3.4) marcel (~> 1.0) - mini_mime (>= 1.1.0) - activesupport (6.1.7.7) + activesupport (7.1.3.4) + base64 + bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb i18n (>= 1.6, < 2) minitest (>= 5.1) + mutex_m tzinfo (~> 2.0) - zeitwerk (~> 2.3) addressable (2.8.6) public_suffix (>= 2.0.2, < 6.0) andand (1.3.3) @@ -71,6 +86,7 @@ GEM rake (>= 10.4, < 14.0) ast (2.4.2) awesome_print (1.9.2) + base64 (0.2.0) bcrypt (3.1.20) better_errors (2.10.1) erubi (>= 1.0.0) @@ -87,10 +103,10 @@ GEM brakeman (6.1.2) racc bson (4.15.0) - bugsnag (6.26.0) + bugsnag (6.27.1) concurrent-ruby (~> 1.0) - builder (3.2.4) - bullet (7.1.6) + builder (3.3.0) + bullet (7.2.0) activesupport (>= 3.0.0) uniform_notifier (~> 1.11) byebug (11.1.3) @@ -110,7 +126,7 @@ GEM coercible (1.0.0) descendants_tracker (~> 0.0.1) colored (1.2) - concurrent-ruby (1.2.3) + concurrent-ruby (1.3.3) connection_pool (2.4.1) countries (4.0.1) i18n_data (~> 0.13.0) @@ -119,6 +135,7 @@ GEM bigdecimal rexml crass (1.0.6) + csv (3.3.0) cuprite (0.15) capybara (~> 3.0) ferrum (~> 0.14.0) @@ -134,7 +151,7 @@ GEM date (3.3.4) descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) - devise (4.8.0) + devise (4.9.4) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) @@ -149,6 +166,7 @@ GEM dotenv-rails (3.1.0) dotenv (= 3.1.0) railties (>= 6.1) + drb (2.2.1) erb_lint (0.5.0) activesupport better_html (>= 2.0.1) @@ -156,7 +174,7 @@ GEM rainbow rubocop smart_properties - erubi (1.12.0) + erubi (1.13.0) factory_bot (6.4.6) activesupport (>= 5.0.0) factory_bot_rails (6.4.3) @@ -187,35 +205,41 @@ GEM webrick (~> 1.7) websocket-driver (>= 0.6, < 0.8) ffaker (2.23.0) - foreman (0.87.2) - geocoder (1.8.2) + foreman (0.88.1) + geocoder (1.8.3) + base64 (>= 0.1.0) + csv (>= 3.0.0) globalid (1.2.1) activesupport (>= 6.1) - globalize (6.0.1) - activemodel (>= 4.2, < 7.0) - activerecord (>= 4.2, < 7.0) + globalize (6.3.0) + activemodel (>= 4.2, < 7.2) + activerecord (>= 4.2, < 7.2) request_store (~> 1.0) hashdiff (1.1.0) hashie (3.5.7) httpclient (2.8.3) - i18n (1.14.4) + i18n (1.14.5) concurrent-ruby (~> 1.0) i18n_data (0.13.0) + io-console (0.7.2) + irb (1.14.0) + rdoc (>= 4.0.0) + reline (>= 0.4.2) json (2.7.1) jwt (2.3.0) kaminari-actionview (1.2.1) actionview kaminari-core (= 1.2.1) kaminari-core (1.2.1) - kaminari-mongoid (1.0.1) + kaminari-mongoid (1.0.2) kaminari-core (~> 1.0) mongoid kdtree (0.4) language_server-protocol (3.17.0.3) launchy (2.5.2) addressable (~> 2.8) - letter_opener (1.9.0) - launchy (>= 2.2, < 3) + letter_opener (1.10.0) + launchy (>= 2.2, < 4) lint_roller (1.1.0) loofah (2.22.0) crass (~> 1.0.2) @@ -227,34 +251,32 @@ GEM net-smtp marcel (1.0.4) matrix (0.4.2) - method_source (1.0.0) + method_source (1.1.0) mini_mime (1.1.5) - mini_portile2 (2.8.5) - minitest (5.22.3) - mongo (2.19.3) - bson (>= 4.14.1, < 5.0.0) - mongoid (7.3.3) - activemodel (>= 5.1, < 6.2) - mongo (>= 2.10.5, < 3.0.0) + mini_portile2 (2.8.7) + minitest (5.24.1) + mongo (2.20.1) + bson (>= 4.14.1, < 6.0.0) + mongoid (8.1.3) + activemodel (>= 5.1, < 7.2, != 7.0.0) + concurrent-ruby (>= 1.0.5, < 2.0) + mongo (>= 2.18.0, < 3.0.0) ruby2_keywords (~> 0.0.5) mongoid-compatibility (0.6.0) activesupport mongoid (>= 2.0) - mongoid-rspec (4.1.0) - activesupport (>= 3.0.0) - mongoid (>= 3.1) + mongoid-rspec (4.2.0) + mongoid (>= 3.0, < 10.0) mongoid-compatibility (>= 0.5.1) - rspec-core (~> 3.3) - rspec-expectations (~> 3.3) - rspec-mocks (~> 3.3) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) + mutex_m (0.2.0) nearest_time_zone (0.0.4) andand kdtree require_all - net-imap (0.4.10) + net-imap (0.4.14) date net-protocol net-pop (0.1.2) @@ -263,8 +285,8 @@ GEM timeout net-smtp (0.5.0) net-protocol - nio4r (2.7.1) - nokogiri (1.16.3) + nio4r (2.7.3) + nokogiri (1.16.6) mini_portile2 (~> 2.8.2) racc (~> 1.4) oauth2 (1.4.7) @@ -296,38 +318,44 @@ GEM pry-doc (1.5.0) pry (~> 0.11) yard (~> 0.9.11) - pry-rails (0.3.9) - pry (>= 0.10.4) + pry-rails (0.3.11) + pry (>= 0.13.0) + psych (5.1.2) + stringio public_suffix (5.0.4) puma (5.6.8) nio4r (~> 2.0) - pusher (2.0.2) + pusher (2.0.3) httpclient (~> 2.8) multi_json (~> 1.15) pusher-signature (~> 0.1.8) pusher-signature (0.1.8) - racc (1.7.3) + racc (1.8.0) rack (2.2.9) rack-cors (2.0.1) rack (>= 2.0.0) + rack-session (1.0.2) + rack (< 3) rack-test (2.1.0) rack (>= 1.3) - rack-timeout (0.6.3) - rails (6.1.7.7) - actioncable (= 6.1.7.7) - actionmailbox (= 6.1.7.7) - actionmailer (= 6.1.7.7) - actionpack (= 6.1.7.7) - actiontext (= 6.1.7.7) - actionview (= 6.1.7.7) - activejob (= 6.1.7.7) - activemodel (= 6.1.7.7) - activerecord (= 6.1.7.7) - activestorage (= 6.1.7.7) - activesupport (= 6.1.7.7) + rack-timeout (0.7.0) + rackup (1.0.0) + rack (< 3) + webrick + rails (7.1.3.4) + actioncable (= 7.1.3.4) + actionmailbox (= 7.1.3.4) + actionmailer (= 7.1.3.4) + actionpack (= 7.1.3.4) + actiontext (= 7.1.3.4) + actionview (= 7.1.3.4) + activejob (= 7.1.3.4) + activemodel (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) bundler (>= 1.15.0) - railties (= 6.1.7.7) - sprockets-rails (>= 2.0.0) + railties (= 7.1.3.4) rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest @@ -340,17 +368,23 @@ GEM rails_stdout_logging rails_serve_static_assets (0.0.5) rails_stdout_logging (0.0.5) - railties (6.1.7.7) - actionpack (= 6.1.7.7) - activesupport (= 6.1.7.7) - method_source + railties (7.1.3.4) + actionpack (= 7.1.3.4) + activesupport (= 7.1.3.4) + irb + rackup (>= 1.0.0) rake (>= 12.2) - thor (~> 1.0) + thor (~> 1.0, >= 1.2.2) + zeitwerk (~> 2.6) rainbow (3.1.1) - rake (13.1.0) + rake (13.2.1) + rdoc (6.7.0) + psych (>= 4.0.0) redis-client (0.21.1) connection_pool regexp_parser (2.9.0) + reline (0.5.9) + io-console (~> 0.5) request_store (1.5.0) rack (>= 1.4) require_all (3.0.0) @@ -367,7 +401,7 @@ GEM rspec-mocks (3.13.0) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) - rspec-rails (6.1.2) + rspec-rails (6.1.3) actionpack (>= 6.1) activesupport (>= 6.1) railties (>= 6.1) @@ -398,7 +432,7 @@ GEM rake (>= 10.0) shoulda-matchers (6.2.0) activesupport (>= 5.2.0) - sidekiq (7.2.2) + sidekiq (7.2.4) concurrent-ruby (< 2) connection_pool (>= 2.3.0) rack (>= 2.2.4) @@ -414,9 +448,9 @@ GEM sprockets (4.2.1) concurrent-ruby (~> 1.0) rack (>= 2.2.4, < 4) - sprockets-rails (3.4.2) - actionpack (>= 5.2) - activesupport (>= 5.2) + sprockets-rails (3.5.1) + actionpack (>= 6.1) + activesupport (>= 6.1) sprockets (>= 3.0.0) standard (1.35.1) language_server-protocol (~> 3.17.0.2) @@ -432,6 +466,7 @@ GEM rubocop-performance (~> 1.20.2) standardrb (1.0.1) standard + stringio (3.1.1) symmetric-encryption (4.6.0) coercible (~> 1.0) thor (1.3.1) @@ -445,7 +480,7 @@ GEM vcr (6.2.0) warden (1.2.9) rack (>= 2.0.9) - webmock (3.23.0) + webmock (3.23.1) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) @@ -456,13 +491,13 @@ GEM xpath (3.2.0) nokogiri (~> 1.8) yard (0.9.36) - zeitwerk (2.6.13) + zeitwerk (2.6.16) PLATFORMS ruby DEPENDENCIES - active_model_serializers (= 0.9.8) + active_model_serializers (~> 0.9) annotate awesome_print better_errors @@ -471,15 +506,15 @@ DEPENDENCIES bullet byebug cancancan (~> 3.5.0) - cancancan-mongoid (= 2.0.0) + cancancan-mongoid (~> 2.0) capybara colored countries cuprite database_cleaner database_cleaner-mongoid - devise (= 4.8.0) - devise_invitable (= 2.0.9) + devise (~> 4.8) + devise_invitable (~> 2.0) dotenv-rails erb_lint factory_bot_rails @@ -490,11 +525,11 @@ DEPENDENCIES kaminari-actionview kaminari-mongoid letter_opener - mongoid (= 7.3.3) + mongoid (= 8.1.3) mongoid-rspec nearest_time_zone - omniauth (= 1.8.1) - omniauth-facebook (= 3.0.0) + omniauth (~> 1.8) + omniauth-facebook (~> 3.0) pg pry-byebug pry-doc @@ -503,7 +538,7 @@ DEPENDENCIES pusher rack-cors (= 2.0.1) rack-timeout - rails (~> 6.1.7.7) + rails (~> 7.1.0) rails_12factor rake rspec-rails @@ -512,6 +547,7 @@ DEPENDENCIES shoulda-matchers sidekiq (~> 7.2) simplecov + sprockets-rails standardrb symmetric-encryption tomorrowio_rb (~> 0.0.3) diff --git a/backend/app/models/checkin/fiveable.rb b/backend/app/models/checkin/fiveable.rb index e64b8572..dcc2ad58 100644 --- a/backend/app/models/checkin/fiveable.rb +++ b/backend/app/models/checkin/fiveable.rb @@ -3,6 +3,6 @@ module Checkin::Fiveable included do field :value, type: Integer - validates :value, inclusion: {in: (0..4)}, if: -> { value.present? } + validates :value, inclusion: {in: (0..4), allow_blank: true} end end diff --git a/backend/app/models/weather.rb b/backend/app/models/weather.rb index 72cd46af..0aa3e1ef 100644 --- a/backend/app/models/weather.rb +++ b/backend/app/models/weather.rb @@ -1,4 +1,5 @@ class Weather < ActiveRecord::Base validates :date, uniqueness: {scope: :position_id} - belongs_to :position + # NOTE: if we want to enforce presence, modify spec factory instead + belongs_to :position, optional: true end diff --git a/backend/app/serializers/api/v1/concerns.rb b/backend/app/serializers/api/v1/concerns.rb new file mode 100644 index 00000000..5ffb6469 --- /dev/null +++ b/backend/app/serializers/api/v1/concerns.rb @@ -0,0 +1,6 @@ +module Api + module V1 + module Concerns + end + end +end diff --git a/backend/bin/rails b/backend/bin/rails index fa9738b3..5361cd9d 100755 --- a/backend/bin/rails +++ b/backend/bin/rails @@ -4,6 +4,6 @@ if ENV["RAILS_ENV"] == "test" SimpleCov.start "rails" puts "required simplecov" end -APP_PATH = File.expand_path("../../config/application", __FILE__) +APP_PATH = File.expand_path("../config/application", __dir__) require_relative "../config/boot" require "rails/commands" diff --git a/backend/bin/setup b/backend/bin/setup index d220dfa5..3cd5a9d7 100755 --- a/backend/bin/setup +++ b/backend/bin/setup @@ -1,30 +1,29 @@ #!/usr/bin/env ruby -require "pathname" require "fileutils" -include FileUtils # path to your application root. -APP_ROOT = Pathname.new File.expand_path("../../", __FILE__) +APP_ROOT = File.expand_path("..", __dir__) def system!(*args) - system(*args) || abort("\n== Command #{args} failed ==") + system(*args, exception: true) end -chdir APP_ROOT do - # This script is a starting point to setup your application. +FileUtils.chdir APP_ROOT do + # This script is a way to set up or update your development environment automatically. + # This script is idempotent, so that you can run it at any time and get an expectable outcome. # Add necessary setup steps to this file. puts "== Installing dependencies ==" system! "gem install bundler --conservative" - system("bundle check") or system!("bundle install") + system("bundle check") || system!("bundle install") # puts "\n== Copying sample files ==" - # unless File.exist?('config/database.yml') - # cp 'config/database.yml.sample', 'config/database.yml' + # unless File.exist?("config/database.yml") + # FileUtils.cp "config/database.yml.sample", "config/database.yml" # end puts "\n== Preparing database ==" - system! "bin/rails db:setup" + system! "bin/rails db:prepare" puts "\n== Removing old logs and tempfiles ==" system! "bin/rails log:clear tmp:clear" diff --git a/backend/config/application.rb b/backend/config/application.rb index 55c80691..2f848fe1 100644 --- a/backend/config/application.rb +++ b/backend/config/application.rb @@ -1,16 +1,18 @@ -require File.expand_path("../boot", __FILE__) +require_relative "boot" require "rails" # Pick the frameworks you want: require "active_model/railtie" require "active_job/railtie" require "active_record/railtie" +# require "active_storage/engine" require "action_controller/railtie" require "action_mailer/railtie" -require "action_view/railtie" require "sprockets/railtie" +# require "action_mailbox/engine" +# require "action_text/engine" +require "action_view/railtie" # require "action_cable/engine" -# require "sprockets/railtie" # require "rails/test_unit/railtie" # Require the gems listed in Gemfile, including any gems @@ -19,6 +21,11 @@ module Flaredown class Application < Rails::Application + # Initialize configuration defaults for originally generated Rails version. + config.load_defaults 7.1 + config.add_autoload_paths_to_load_path = false + config.active_support.cache_format_version = 7.1 + # https://medium.com/@Nicholson85/handling-cors-issues-in-your-rails-api-120dfbcb8a24 # fix CORS issues in staging? config.middleware.insert_before 0, Rack::Cors do @@ -27,14 +34,24 @@ class Application < Rails::Application resource "*", headers: :any, methods: [:get, :post, :put, :patch, :delete, :options, :head] end end - # Settings in config/environments/* take precedence over those specified here. - # Application configuration should go into files in config/initializers - # -- all .rb files in that directory are automatically loaded. - config.autoload_paths << Rails.root.join("lib") - config.autoload_paths << Rails.root.join("lib/*") - config.autoload_paths << Rails.root.join("lib/**/*") - config.autoload_paths << Rails.root.join("app/serializers/concerns") - config.autoload_paths << Rails.root.join("app/serializers/api/v1/concerns") + + config.add_autoload_paths_to_load_path = false + + # Please, add to the `ignore` list any other `lib` subdirectories that do + # not contain `.rb` files, or that should not be reloaded or eager loaded. + # Common ones are `templates`, `generators`, or `middleware`, for example. + config.autoload_lib(ignore: %w[assets tasks]) + + # Configuration for the application, engines, and railties goes here. + # + # These settings can be overridden in specific environments using the files + # in config/environments, which are processed later. + # + # config.time_zone = "Central Time (US & Canada)" + # config.eager_load_paths << Rails.root.join("extras") + + # Don't generate system test files. + config.generators.system_tests = nil # Only loads a smaller set of middleware suitable for API only apps. # Middleware like session, flash, cookies can be added back manually. diff --git a/backend/config/boot.rb b/backend/config/boot.rb index fb24cf2e..28201161 100644 --- a/backend/config/boot.rb +++ b/backend/config/boot.rb @@ -1,3 +1,3 @@ -ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", __FILE__) +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) require "bundler/setup" # Set up gems listed in the Gemfile. diff --git a/backend/config/environment.rb b/backend/config/environment.rb index 17119856..cac53157 100644 --- a/backend/config/environment.rb +++ b/backend/config/environment.rb @@ -1,5 +1,5 @@ # Load the Rails application. -require File.expand_path("../application", __FILE__) +require_relative "application" # Initialize the Rails application. Rails.application.initialize! diff --git a/backend/config/environments/development.rb b/backend/config/environments/development.rb index 56b13c4e..94ec5dbd 100644 --- a/backend/config/environments/development.rb +++ b/backend/config/environments/development.rb @@ -1,53 +1,72 @@ -Rails.application.configure do - config.after_initialize do - Bullet.enable = true - Bullet.alert = true - Bullet.bullet_logger = true - Bullet.console = true - # Bullet.growl = true - Bullet.rails_logger = true - Bullet.add_footer = true - end +require "active_support/core_ext/integer/time" +Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # In the development environment your application's code is reloaded on - # every request. This slows down response time but is perfect for development + # In the development environment your application's code is reloaded any time + # it changes. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. - config.cache_classes = false + config.enable_reloading = true # Do not eager load code on boot. config.eager_load = false - # Show full error reports and disable caching. + # Show full error reports. config.consider_all_requests_local = true - config.action_controller.perform_caching = false + + # Enable server timing + config.server_timing = true + + # Enable/disable caching. By default caching is disabled. + # Run rails dev:cache to toggle caching. + if Rails.root.join("tmp/caching-dev.txt").exist? + config.action_controller.perform_caching = true + config.action_controller.enable_fragment_cache_logging = true + + config.cache_store = :memory_store + config.public_file_server.headers = { + "Cache-Control" => "public, max-age=#{2.days.to_i}" + } + else + config.action_controller.perform_caching = false + + config.cache_store = :null_store + end # Don't care if the mailer can't send. config.action_mailer.raise_delivery_errors = false + config.action_mailer.perform_caching = false + # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Raise an error on page load if there are pending migrations. config.active_record.migration_error = :page_load - # Debug mode disables concatenation and preprocessing of assets. - # This option may cause significant delays in view rendering with a large - # number of complex assets. - config.assets.debug = true + # Highlight code that triggered database queries in logs. + config.active_record.verbose_query_logs = true + + # Highlight code that enqueued background job in logs. + config.active_job.verbose_enqueue_logs = true - # Asset digests allow you to set far-future HTTP expiration dates on all assets, - # yet still be able to expire them through the digest params. - config.assets.digest = true + # Suppress logger output for asset requests. + config.assets.quiet = true - # Adds additional error checking when serving assets at runtime. - # Checks for improperly declared sprockets dependencies. - # Raises helpful error messages. - config.assets.raise_runtime_errors = true + # Raises error for missing translations. + config.i18n.raise_on_missing_translations = true - # Raises error for missing translations - # config.action_view.raise_on_missing_translations = true + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true + + # Raise error when a before_action's only/except options reference missing actions + config.action_controller.raise_on_missing_callback_actions = true # Delivery with letter opener config.action_mailer.delivery_method = :letter_opener @@ -57,6 +76,8 @@ Bullet.alert = true Bullet.bullet_logger = true Bullet.console = true + # Bullet.growl = true Bullet.rails_logger = true + Bullet.add_footer = true end end diff --git a/backend/config/environments/production.rb b/backend/config/environments/production.rb index 45a9cc0c..ab43a8d0 100644 --- a/backend/config/environments/production.rb +++ b/backend/config/environments/production.rb @@ -1,8 +1,10 @@ +require "active_support/core_ext/integer/time" + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. # Code is not reloaded between requests. - config.cache_classes = true + config.enable_reloading = false # Eager load code on boot. This eager loads most of Rails and # your application in memory, allowing both threaded web servers @@ -14,53 +16,54 @@ config.consider_all_requests_local = false config.action_controller.perform_caching = true - # Enable Rack::Cache to put a simple HTTP cache in front of your application - # Add `rack-cache` to your Gemfile before enabling this. - # For large-scale production use, consider using a caching reverse proxy like - # NGINX, varnish or squid. - # config.action_dispatch.rack_cache = true + # Ensures that a master key has been made available in ENV["RAILS_MASTER_KEY"], config/master.key, or an environment + # key such as config/credentials/production.key. This key is used to decrypt credentials (and other encrypted files). + # config.require_master_key = true - # Disable serving static files from the `/public` folder by default since - # Apache or NGINX already handles this. + # Disable serving static files from `public/`, relying on NGINX/Apache to do so instead. config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present? - # config.serve_static_files = ENV['RAILS_SERVE_STATIC_FILES'].present? - - # Compress JavaScripts and CSS. - # config.assets.js_compressor = :uglifier + # Compress CSS using a preprocessor. # config.assets.css_compressor = :sass - # Do not fallback to assets pipeline if a precompiled asset is missed. + # Do not fall back to assets pipeline if a precompiled asset is missed. config.assets.compile = false - # Asset digests allow you to set far-future HTTP expiration dates on all assets, - # yet still be able to expire them through the digest params. - config.assets.digest = true - - # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb + # Enable serving of images, stylesheets, and JavaScripts from an asset server. + # config.asset_host = "http://assets.example.com" # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache - # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX + # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache + # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX + + # Assume all access to the app is happening through a SSL-terminating reverse proxy. + # Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies. + # config.assume_ssl = true # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. config.force_ssl = true - # Use the lowest log level to ensure availability of diagnostic information - # when problems arise. - config.log_level = :debug + # Log to STDOUT by default + config.logger = ActiveSupport::Logger.new(STDOUT) + .tap { |logger| logger.formatter = ::Logger::Formatter.new } + .then { |logger| ActiveSupport::TaggedLogging.new(logger) } # Prepend all log lines with the following tags. - # config.log_tags = [ :subdomain, :uuid ] + config.log_tags = [:request_id] - # Use a different logger for distributed setups. - # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) + # "info" includes generic and useful information about system operation, but avoids logging too much + # information to avoid inadvertent exposure of personally identifiable information (PII). If you + # want to log everything, set the level to "debug". + config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "debug") # Use a different cache store in production. # config.cache_store = :mem_cache_store - # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.action_controller.asset_host = 'http://assets.example.com' + # Use a real queuing backend for Active Job (and separate queues per environment). + # config.active_job.queue_adapter = :resque + # config.active_job.queue_name_prefix = "flaredown_production" + + config.action_mailer.perform_caching = false # Ignore bad email addresses and do not raise email delivery errors. # Set this to true and configure the email server for immediate delivery to raise delivery errors. @@ -70,12 +73,17 @@ # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = true - # Send deprecation notices to registered listeners. - config.active_support.deprecation = :notify - - # Use default logging formatter so that PID and timestamp are not suppressed. - config.log_formatter = ::Logger::Formatter.new + # Send deprecation notices to registered listeners. (false by default) + config.active_support.report_deprecations = :notify # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false + + # Enable DNS rebinding protection and other `Host` header attacks. + # config.hosts = [ + # "example.com", # Allow requests from example.com + # /.*\.example\.com/ # Allow requests from subdomains like `www.example.com` + # ] + # Skip DNS rebinding protection for the default health check endpoint. + # config.host_authorization = { exclude: ->(request) { request.path == "/up" } } end diff --git a/backend/config/environments/test.rb b/backend/config/environments/test.rb index f2d57420..772fdeec 100644 --- a/backend/config/environments/test.rb +++ b/backend/config/environments/test.rb @@ -1,44 +1,63 @@ +require "active_support/core_ext/integer/time" + +# The test environment is used exclusively to run your application's +# test suite. You never need to work with it otherwise. Remember that +# your test database is "scratch space" for the test suite and is wiped +# and recreated between test runs. Don't rely on the data there! + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # The test environment is used exclusively to run your application's - # test suite. You never need to work with it otherwise. Remember that - # your test database is "scratch space" for the test suite and is wiped - # and recreated between test runs. Don't rely on the data there! - config.cache_classes = true + # While tests run files are not watched, reloading is not necessary. + config.enable_reloading = false - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. - config.eager_load = false + # Eager loading loads your entire application. When running a single test locally, + # this is usually not necessary, and can slow down your test suite. However, it's + # recommended that you enable it in continuous integration systems to ensure eager + # loading is working properly before deploying your code. + config.eager_load = ENV["CI"].present? - # Configure static file server for tests with Cache-Control for performance. + # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true - config.public_file_server.headers = {"Cache-Control" => "public, max-age=3600"} + config.public_file_server.headers = { + "Cache-Control" => "public, max-age=#{1.hour.to_i}" + } # Show full error reports and disable caching. config.consider_all_requests_local = true config.action_controller.perform_caching = false + config.cache_store = :null_store - # Raise exceptions instead of rendering exception templates. - config.action_dispatch.show_exceptions = false + # Render exception templates for rescuable exceptions and raise for other exceptions. + config.action_dispatch.show_exceptions = :rescuable # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false + config.action_mailer.perform_caching = false + # Tell Action Mailer not to deliver emails to the real world. # The :test delivery method accumulates sent emails in the # ActionMailer::Base.deliveries array. config.action_mailer.delivery_method = :test - # Randomize the order test cases are executed. - config.active_support.test_order = :random - # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr - # Raises error for missing translations - # config.action_view.raise_on_missing_translations = true + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + + # Raises error for missing translations. + # config.i18n.raise_on_missing_translations = true + + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true + + # Raise error when a before_action's only/except options reference missing actions + config.action_controller.raise_on_missing_callback_actions = true config.after_initialize do Bullet.enable = true diff --git a/backend/config/initializers/assets.rb b/backend/config/initializers/assets.rb new file mode 100644 index 00000000..2eeef966 --- /dev/null +++ b/backend/config/initializers/assets.rb @@ -0,0 +1,12 @@ +# Be sure to restart your server when you modify this file. + +# Version of your assets, change this if you want to expire all your assets. +Rails.application.config.assets.version = "1.0" + +# Add additional assets to the asset load path. +# Rails.application.config.assets.paths << Emoji.images_path + +# Precompile additional assets. +# application.js, application.css, and all non-JS/CSS in the app/assets +# folder are already added. +# Rails.application.config.assets.precompile += %w( admin.js admin.css ) diff --git a/backend/config/initializers/content_security_policy.rb b/backend/config/initializers/content_security_policy.rb new file mode 100644 index 00000000..b3076b38 --- /dev/null +++ b/backend/config/initializers/content_security_policy.rb @@ -0,0 +1,25 @@ +# Be sure to restart your server when you modify this file. + +# Define an application-wide content security policy. +# See the Securing Rails Applications Guide for more information: +# https://guides.rubyonrails.org/security.html#content-security-policy-header + +# Rails.application.configure do +# config.content_security_policy do |policy| +# policy.default_src :self, :https +# policy.font_src :self, :https, :data +# policy.img_src :self, :https, :data +# policy.object_src :none +# policy.script_src :self, :https +# policy.style_src :self, :https +# # Specify URI for violation reports +# # policy.report_uri "/csp-violation-report-endpoint" +# end +# +# # Generate session nonces for permitted importmap, inline scripts, and inline styles. +# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } +# config.content_security_policy_nonce_directives = %w(script-src style-src) +# +# # Report violations without enforcing the policy. +# # config.content_security_policy_report_only = true +# end diff --git a/backend/config/initializers/filter_parameter_logging.rb b/backend/config/initializers/filter_parameter_logging.rb index 4a994e1e..3435964b 100644 --- a/backend/config/initializers/filter_parameter_logging.rb +++ b/backend/config/initializers/filter_parameter_logging.rb @@ -1,4 +1,8 @@ # Be sure to restart your server when you modify this file. -# Configure sensitive parameters which will be filtered from the log file. -Rails.application.config.filter_parameters += [:password] +# Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file. +# Use this to limit dissemination of sensitive information. +# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. +Rails.application.config.filter_parameters += [ + :password, :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn +] diff --git a/backend/config/initializers/inflections.rb b/backend/config/initializers/inflections.rb index ac033bf9..3860f659 100644 --- a/backend/config/initializers/inflections.rb +++ b/backend/config/initializers/inflections.rb @@ -4,13 +4,13 @@ # are locale specific, and you may define rules for as many different # locales as you wish. All of these examples are active by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.plural /^(ox)$/i, '\1en' -# inflect.singular /^(ox)en/i, '\1' -# inflect.irregular 'person', 'people' +# inflect.plural /^(ox)$/i, "\\1en" +# inflect.singular /^(ox)en/i, "\\1" +# inflect.irregular "person", "people" # inflect.uncountable %w( fish sheep ) # end # These inflection rules are supported but not enabled by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.acronym 'RESTful' +# inflect.acronym "RESTful" # end diff --git a/backend/config/initializers/mongoid.rb b/backend/config/initializers/mongoid.rb index fb11b035..e89b546f 100644 --- a/backend/config/initializers/mongoid.rb +++ b/backend/config/initializers/mongoid.rb @@ -1,3 +1,7 @@ +Mongoid.configure do |config| + config.load_defaults 8.1 +end + Mongoid::Document.send(:include, ActiveModel::SerializerSupport) Mongoid::Criteria.delegate(:active_model_serializer, to: :to_a) diff --git a/backend/config/initializers/new_framework_defaults_7_1.rb b/backend/config/initializers/new_framework_defaults_7_1.rb new file mode 100644 index 00000000..27d1fab2 --- /dev/null +++ b/backend/config/initializers/new_framework_defaults_7_1.rb @@ -0,0 +1,288 @@ +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 7.1 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `7.1`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html +# https://guides.rubyonrails.org/configuring.html#default-values-for-target-version-7-1 + +### +# No longer add autoloaded paths into `$LOAD_PATH`. This means that you won't be able +# to manually require files that are managed by the autoloader, which you shouldn't do anyway. +# +# This will reduce the size of the load path, making `require` faster if you don't use bootsnap, or reduce the size +# of the bootsnap cache if you use it. +# +# To set this configuration, add the following line to `config/application.rb` (NOT this file): +# config.add_autoload_paths_to_load_path = false (DONE) + +### +# Remove the default X-Download-Options headers since it is used only by Internet Explorer. +# If you need to support Internet Explorer, add back `"X-Download-Options" => "noopen"`. +#++ +Rails.application.config.action_dispatch.default_headers = { + "X-Frame-Options" => "SAMEORIGIN", + "X-XSS-Protection" => "0", + "X-Content-Type-Options" => "nosniff", + "X-Permitted-Cross-Domain-Policies" => "none", + "Referrer-Policy" => "strict-origin-when-cross-origin" +} + +### +# Do not treat an `ActionController::Parameters` instance +# as equal to an equivalent `Hash` by default. +#++ +Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality = false + +### +# Active Record Encryption now uses SHA-256 as its hash digest algorithm. +# +# There are 3 scenarios to consider. +# +# 1. If you have data encrypted with previous Rails versions, and you have +# +config.active_support.key_generator_hash_digest_class+ configured as SHA1 (the default +# before Rails 7.0), you need to configure SHA-1 for Active Record Encryption too: +#++ +# Rails.application.config.active_record.encryption.hash_digest_class = OpenSSL::Digest::SHA1 +# +# 2. If you have +config.active_support.key_generator_hash_digest_class+ configured as SHA256 (the new default +# in 7.0), then you need to configure SHA-256 for Active Record Encryption: +#++ +# Rails.application.config.active_record.encryption.hash_digest_class = OpenSSL::Digest::SHA256 +# +# 3. If you don't currently have data encrypted with Active Record encryption, you can disable this setting to +# configure the default behavior starting 7.1+: +#++ +# - NOTE: I don't see `key_generator_hash_digest_class`` or `encrypts` used anywhwere +# - If app is using Active Record Encryption, will need to do 1 or 2 above +Rails.application.config.active_record.encryption.support_sha1_for_non_deterministic_encryption = false + +### +# No longer run after_commit callbacks on the first of multiple Active Record +# instances to save changes to the same database row within a transaction. +# Instead, run these callbacks on the instance most likely to have internal +# state which matches what was committed to the database, typically the last +# instance to save. +#++ +Rails.application.config.active_record.run_commit_callbacks_on_first_saved_instances_in_transaction = false + +### +# Configures SQLite with a strict strings mode, which disables double-quoted string literals. +# +# SQLite has some quirks around double-quoted string literals. +# It first tries to consider double-quoted strings as identifier names, but if they don't exist +# it then considers them as string literals. Because of this, typos can silently go unnoticed. +# For example, it is possible to create an index for a non existing column. +# See https://www.sqlite.org/quirks.html#double_quoted_string_literals_are_accepted for more details. +#++ +Rails.application.config.active_record.sqlite3_adapter_strict_strings_by_default = true + +### +# Disable deprecated singular associations names. +#++ +Rails.application.config.active_record.allow_deprecated_singular_associations_name = false + +### +# Enable the Active Job `BigDecimal` argument serializer, which guarantees +# roundtripping. Without this serializer, some queue adapters may serialize +# `BigDecimal` arguments as simple (non-roundtrippable) strings. +# +# When deploying an application with multiple replicas, old (pre-Rails 7.1) +# replicas will not be able to deserialize `BigDecimal` arguments from this +# serializer. Therefore, this setting should only be enabled after all replicas +# have been successfully upgraded to Rails 7.1. +#++ +Rails.application.config.active_job.use_big_decimal_serializer = true + +### +# Specify if an `ArgumentError` should be raised if `Rails.cache` `fetch` or +# `write` are given an invalid `expires_at` or `expires_in` time. +# Options are `true`, and `false`. If `false`, the exception will be reported +# as `handled` and logged instead. +#++ +Rails.application.config.active_support.raise_on_invalid_cache_expiration_time = true + +### +# Specify whether Query Logs will format tags using the SQLCommenter format +# (https://open-telemetry.github.io/opentelemetry-sqlcommenter/), or using the legacy format. +# Options are `:legacy` and `:sqlcommenter`. +#++ +Rails.application.config.active_record.query_log_tags_format = :sqlcommenter + +### +# Specify the default serializer used by `MessageEncryptor` and `MessageVerifier` +# instances. +# +# The legacy default is `:marshal`, which is a potential vector for +# deserialization attacks in cases where a message signing secret has been +# leaked. +# +# In Rails 7.1, the new default is `:json_allow_marshal` which serializes and +# deserializes with `ActiveSupport::JSON`, but can fall back to deserializing +# with `Marshal` so that legacy messages can still be read. +# +# In Rails 7.2, the default will become `:json` which serializes and +# deserializes with `ActiveSupport::JSON` only. +# +# Alternatively, you can choose `:message_pack` or `:message_pack_allow_marshal`, +# which serialize with `ActiveSupport::MessagePack`. `ActiveSupport::MessagePack` +# can roundtrip some Ruby types that are not supported by JSON, and may provide +# improved performance, but it requires the `msgpack` gem. +# +# For more information, see +# https://guides.rubyonrails.org/v7.1/configuring.html#config-active-support-message-serializer +# +# NOTE: Does rolling deploy apply here? +# If you are performing a rolling deploy of a Rails 7.1 upgrade, wherein servers +# that have not yet been upgraded must be able to read messages from upgraded +# servers, first deploy without changing the serializer, then set the serializer +# in a subsequent deploy. +#++ +Rails.application.config.active_support.message_serializer = :json_allow_marshal + +### +# Enable a performance optimization that serializes message data and metadata +# together. This changes the message format, so messages serialized this way +# cannot be read by older versions of Rails. However, messages that use the old +# format can still be read, regardless of whether this optimization is enabled. +# +# NOTE: Does rolling deploy apply here? +# To perform a rolling deploy of a Rails 7.1 upgrade, wherein servers that have +# not yet been upgraded must be able to read messages from upgraded servers, +# leave this optimization off on the first deploy, then enable it on a +# subsequent deploy. +#++ +Rails.application.config.active_support.use_message_serializer_for_metadata = true + +### +# Set the maximum size for Rails log files. +# +# `config.load_defaults 7.1` does not set this value for environments other than +# development and test. +#++ +if Rails.env.local? + Rails.application.config.log_file_size = 100 * 1024 * 1024 +end + +### +# Enable raising on assignment to attr_readonly attributes. The previous +# behavior would allow assignment but silently not persist changes to the +# database. +#++ +Rails.application.config.active_record.raise_on_assign_to_attr_readonly = true + +### +# Enable validating only parent-related columns for presence when the parent is mandatory. +# The previous behavior was to validate the presence of the parent record, which performed an extra query +# to get the parent every time the child record was updated, even when parent has not changed. +#++ +Rails.application.config.active_record.belongs_to_required_validates_foreign_key = false + +### +# Enable precompilation of `config.filter_parameters`. Precompilation can +# improve filtering performance, depending on the quantity and types of filters. +#++ +Rails.application.config.precompile_filter_parameters = true + +### +# Enable before_committed! callbacks on all enrolled records in a transaction. +# The previous behavior was to only run the callbacks on the first copy of a record +# if there were multiple copies of the same record enrolled in the transaction. +#++ +Rails.application.config.active_record.before_committed_on_all_records = true + +### +# Disable automatic column serialization into YAML. +# To keep the historic behavior, you can set it to `YAML`, however it is +# recommended to explicitly define the serialization method for each column +# rather than to rely on a global default. +#++ +Rails.application.config.active_record.default_column_serializer = nil + +### +# Enable a performance optimization that serializes Active Record models +# in a faster and more compact way. +# +# NOTE: Does rolling deploy apply here? +# To perform a rolling deploy of a Rails 7.1 upgrade, wherein servers that have +# not yet been upgraded must be able to read caches from upgraded servers, +# leave this optimization off on the first deploy, then enable it on a +# subsequent deploy. +#++ +Rails.application.config.active_record.marshalling_format_version = 7.1 + +### +# Run `after_commit` and `after_*_commit` callbacks in the order they are defined in a model. +# This matches the behaviour of all other callbacks. +# In previous versions of Rails, they ran in the inverse order. +#++ +Rails.application.config.active_record.run_after_transaction_callbacks_in_order_defined = true + +### +# Whether a `transaction` block is committed or rolled back when exited via `return`, `break` or `throw`. +#++ +Rails.application.config.active_record.commit_transaction_on_non_local_return = true + +### +# Controls when to generate a value for has_secure_token declarations. +#++ +Rails.application.config.active_record.generate_secure_token_on = :initialize + +### +# ** Please read carefully, this must be configured in config/application.rb ** +# Change the format of the cache entry. +# +# Changing this default means that all new cache entries added to the cache +# will have a different format that is not supported by Rails 7.0 +# applications. +# +# Only change this value after your application is fully deployed to Rails 7.1 +# and you have no plans to rollback. +# When you're ready to change format, add this to `config/application.rb` (NOT +# this file): +# NOTE: Does rolling deploy apply here? +# - TODO: If so, revert change in app config & create issue for this to be done after deploying? +# config.active_support.cache_format_version = 7.1 (DOME) + +### +# Configure Action View to use HTML5 standards-compliant sanitizers when they are supported on your +# platform. +# +# `Rails::HTML::Sanitizer.best_supported_vendor` will cause Action View to use HTML5-compliant +# sanitizers if they are supported, else fall back to HTML4 sanitizers. +# +# In previous versions of Rails, Action View always used `Rails::HTML4::Sanitizer` as its vendor. +#++ +Rails.application.config.action_view.sanitizer_vendor = Rails::HTML::Sanitizer.best_supported_vendor + +### +# Configure Action Text to use an HTML5 standards-compliant sanitizer when it is supported on your +# platform. +# +# `Rails::HTML::Sanitizer.best_supported_vendor` will cause Action Text to use HTML5-compliant +# sanitizers if they are supported, else fall back to HTML4 sanitizers. +# +# In previous versions of Rails, Action Text always used `Rails::HTML4::Sanitizer` as its vendor. +#++ +# NOTE: App is not using Action Text, this is ignored when load_defaults: 7.1 is enabled. +# Rails.application.config.action_text.sanitizer_vendor = Rails::HTML::Sanitizer.best_supported_vendor + +### +# Configure the log level used by the DebugExceptions middleware when logging +# uncaught exceptions during requests. +#++ +Rails.application.config.action_dispatch.debug_exception_log_level = :error + +### +# Configure the test helpers in Action View, Action Dispatch, and rails-dom-testing to use HTML5 +# parsers. +# +# Nokogiri::HTML5 isn't supported on JRuby, so JRuby applications must set this to :html4. +# +# In previous versions of Rails, these test helpers always used an HTML4 parser. +#++ +Rails.application.config.dom_testing_default_html_version = :html5 diff --git a/backend/config/initializers/permissions_policy.rb b/backend/config/initializers/permissions_policy.rb new file mode 100644 index 00000000..7db3b957 --- /dev/null +++ b/backend/config/initializers/permissions_policy.rb @@ -0,0 +1,13 @@ +# Be sure to restart your server when you modify this file. + +# Define an application-wide HTTP permissions policy. For further +# information see: https://developers.google.com/web/updates/2018/06/feature-policy + +# Rails.application.config.permissions_policy do |policy| +# policy.camera :none +# policy.gyroscope :none +# policy.microphone :none +# policy.usb :none +# policy.fullscreen :self +# policy.payment :self, "https://secure.example.com" +# end diff --git a/backend/config/mongoid.yml b/backend/config/mongoid.yml index dd6ced10..b8c8e1b3 100644 --- a/backend/config/mongoid.yml +++ b/backend/config/mongoid.yml @@ -3,7 +3,11 @@ development: clients: # Defines the default client. (required) default: - # Defines the name of the default database that Mongoid can connect to. + # Mongoid can connect to a URI accepted by the driver: + # uri: mongodb://user:password@mongodb.domain.com:27017/flaredown_development + + # Otherwise define the parameters separately. + # This defines the name of the default database that Mongoid can connect to. # (required). database: flaredown_development # Provides the hosts the default client can connect to. Must be an array @@ -11,9 +15,14 @@ development: hosts: - <%= ENV['MONGODB_HOST'] || "localhost" %>:27017 options: + # Note that all options listed below are Ruby driver client options (the mongo gem). + # Please refer to the driver documentation of the version of the mongo gem you are using + # for the most up-to-date list of options. + # # Change the default write concern. (default = { w: 1 }) # write: # w: 1 + # Change the default read preference. Valid options for mode are: :secondary, # :secondary_preferred, :primary, :primary_preferred, :nearest # (default: primary) @@ -33,11 +42,13 @@ development: # - 'dbOwner' # Change the default authentication mechanism. Valid options are: :scram, - # :mongodb_cr, :mongodb_x509, and :plain. (default on 3.0 is :scram, default - # on 2.4 and 2.6 is :plain) + # :mongodb_cr, :mongodb_x509, and :plain. Note that all authentication + # mechanisms require username and password, with the exception of :mongodb_x509. + # Default on mongoDB 3.0 is :scram, default on 2.4 and 2.6 is :plain. # auth_mech: :scram - # The database or source to authenticate the user against. (default: admin) + # The database or source to authenticate the user against. + # (default: the database specified above or admin) # auth_source: admin # Force a the driver cluster to behave in a certain manner instead of auto- @@ -46,11 +57,11 @@ development: # connect: :direct # Changes the default time in seconds the server monitors refresh their status - # via ismaster commands. (default: 10) + # via hello commands. (default: 10) # heartbeat_frequency: 10 - # The time in seconds for selecting servers for a near read preference. (default: 5) - # local_threshold: 5 + # The time in seconds for selecting servers for a near read preference. (default: 0.015) + # local_threshold: 0.015 # The timeout in seconds for selecting a server for an operation. (default: 30) # server_selection_timeout: 30 @@ -66,11 +77,16 @@ development: # wait_queue_timeout: 5 # The time to wait to establish a connection before timing out, in seconds. - # (default: 5) - # connect_timeout: 5 - - # The timeout to wait to execute operations on a socket before raising an error. - # (default: 5) + # (default: 10) + # connect_timeout: 10 + + # How long to wait for a response for each operation sent to the + # server. This timeout should be set to a value larger than the + # processing time for the longest operation that will be executed + # by the application. Note that this is a client-side timeout; + # the server may continue executing an operation after the client + # aborts it with the SocketTimeout exception. + # (default: nil, meaning no timeout) # socket_timeout: 5 # The name of the replica set to connect to. Servers provided as seeds that do @@ -91,22 +107,46 @@ development: # A passphrase for the private key. # ssl_key_pass_phrase: password - # Whether or not to do peer certification validation. (default: false) + # Whether to do peer certification validation. (default: true) # ssl_verify: true - # The file containing a set of concatenated certification authority certifications + # The file containing concatenated certificate authority certificates # used to validate certs passed from the other end of the connection. # ssl_ca_cert: /path/to/ca.cert + # Whether to truncate long log lines. (default: true) + # truncate_logs: true # Configure Mongoid specific options. (optional) options: - # Includes the root model name in json serialization. (default: false) + # Application name that is printed to the mongodb logs upon establishing + # a connection in server versions >= 3.4. Note that the name cannot + # exceed 128 bytes. It is also used as the database name if the + # database name is not explicitly defined. (default: nil) + # app_name: MyApplicationName + + # Mark belongs_to associations as required by default, so that saving a + # model with a missing belongs_to association will trigger a validation + # error. (default: true) + # belongs_to_required_by_default: true + + # Raise an exception when a field is redefined. (default: false) + # duplicate_fields_exception: false + + # Include the root model name in json serialization. (default: false) # include_root_in_json: false # Include the _type field in serialization. (default: false) # include_type_for_serialization: false + # Whether to join nested persistence contexts for atomic operations + # to parent contexts by default. (default: false) + # join_contexts: false + + # Set the Mongoid and Ruby driver log levels when Mongoid is not using + # Ruby on Rails logger instance. (default: :info) + # log_level: :info + # Preload all models in development, needed when models use # inheritance. (default: false) # preload_models: false @@ -119,11 +159,20 @@ development: # existing method. (default: false) # scope_overwrite_exception: false - # Use Active Support's time zone in conversions. (default: true) + # Use ActiveSupport's time zone in time operations instead of + # the Ruby default time zone. See the time zone section below for + # further information. (default: true) # use_activesupport_time_zone: true - # Ensure all times are UTC in the app side. (default: false) + # Return stored times as UTC. See the time zone section below for + # further information. Most applications should not use this option. + # (default: false) # use_utc: false + + # (Deprecated) In MongoDB 4.0 and earlier, set whether to create + # indexes in the background by default. (default: false) + # background_indexing: false + test: clients: default: diff --git a/backend/spec/models/checkin/condition_spec.rb b/backend/spec/models/checkin/condition_spec.rb index 2efc9099..4279c222 100644 --- a/backend/spec/models/checkin/condition_spec.rb +++ b/backend/spec/models/checkin/condition_spec.rb @@ -3,15 +3,9 @@ RSpec.describe Checkin::Condition, type: :model do include Mongoid::Matchers + it_behaves_like "fiveable" + describe "Relations" do it { is_expected.to belong_to(:checkin) } end - - describe "Respond to" do - it { is_expected.to respond_to(:value) } - end - - describe "Validations" do - it { is_expected.to validate_inclusion_of(:value).to_allow(0..4) } - end end diff --git a/backend/spec/models/checkin/symptom_spec.rb b/backend/spec/models/checkin/symptom_spec.rb index 530d8951..2cc648c4 100644 --- a/backend/spec/models/checkin/symptom_spec.rb +++ b/backend/spec/models/checkin/symptom_spec.rb @@ -3,15 +3,9 @@ RSpec.describe Checkin::Symptom, type: :model do include Mongoid::Matchers + it_behaves_like "fiveable" + describe "Relations" do it { is_expected.to belong_to(:checkin) } end - - describe "Respond to" do - it { is_expected.to respond_to(:value) } - end - - describe "Validations" do - it { is_expected.to validate_inclusion_of(:value).to_allow(0..4) } - end end diff --git a/backend/spec/models/tracking_spec.rb b/backend/spec/models/tracking_spec.rb index 99b10ee9..5e6e642e 100644 --- a/backend/spec/models/tracking_spec.rb +++ b/backend/spec/models/tracking_spec.rb @@ -25,9 +25,13 @@ it { is_expected.to validate_presence_of(:user) } it { is_expected.to validate_presence_of(:trackable) } it { is_expected.to validate_inclusion_of(:trackable_type).in_array(%w[Condition Symptom Treatment]) } + context "without foreign key checks" do + subject { create :tracking, :for_condition, :active } + before { disable_foreign_key_checks("trackings") } after { enable_foreign_key_checks("trackings") } + it do is_expected.to( validate_uniqueness_of(:user_id) diff --git a/backend/spec/services/checkin/updater_spec.rb b/backend/spec/services/checkin/updater_spec.rb index 9124f510..79a56b46 100644 --- a/backend/spec/services/checkin/updater_spec.rb +++ b/backend/spec/services/checkin/updater_spec.rb @@ -190,7 +190,8 @@ end end context "on a past checkin" do - before { checkin.update!(date: Time.zone.today - 1.day) } + let(:checkin) { create(:checkin, user_id: user.id, date: Time.zone.today - 1.day) } + it "updates trackables positions in checkin but doesn't save them in profile" do params[:checkin][:conditions_attributes].each do |condition_attr| checkin_condition = subject.conditions.find(condition_attr[:id]) diff --git a/backend/spec/spec_helper.rb b/backend/spec/spec_helper.rb index 022a6073..dbacc836 100644 --- a/backend/spec/spec_helper.rb +++ b/backend/spec/spec_helper.rb @@ -10,6 +10,19 @@ require "webmock/rspec" WebMock.disable_net_connect!(allow_localhost: true) +Geocoder.configure(lookup: :test, ip_lookup: :test) +minneapolis_geo = { + # match the WeatherRetriever vcr stub + "coordinates" => [44.967486, -93.2897678], + "address" => "Minneapolis, Minnesota, USA", + "state" => "Minnesota", + "state_code" => "MN", + "country" => "United States", + "country_code" => "US", + "postal_code" => "55403" +} +Geocoder::Lookup::Test.set_default_stub([minneapolis_geo]) + Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f } RSpec.configure do |config| diff --git a/backend/spec/support/shared_examples/fiveable.rb b/backend/spec/support/shared_examples/fiveable.rb new file mode 100644 index 00000000..5a2bdab8 --- /dev/null +++ b/backend/spec/support/shared_examples/fiveable.rb @@ -0,0 +1,8 @@ +require "spec_helper" + +shared_examples_for "fiveable" do + include Mongoid::Matchers + + it { is_expected.to respond_to(:value) } + it { is_expected.to validate_inclusion_of(:value).to_allow(0..4) } +end