diff --git a/Dockerfile b/Dockerfile index bff2272c..0b4f9aa1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,6 +36,7 @@ RUN export DATABASE_URL=mysql2://localhost/temp?encoding=utf8 && \ apt-get update && \ apt-get install -y mariadb-server && \ /etc/init.d/mysql start && \ + mariadb -e "CREATE DATABASE temp" && \ cp config/app_config.yml.SAMPLE config/app_config.yml && \ cp config/database.yml.MySQL_SAMPLE config/database.yml && \ bundle exec rake db:setup assets:precompile && \ diff --git a/Gemfile b/Gemfile index 9cbd85e0..4043fa67 100644 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,7 @@ # A sample Gemfile source "https://rubygems.org" -gem "rails", '< 5.2' +gem "rails", '~> 5.2' gem 'sass-rails' gem 'less-rails' @@ -18,6 +18,7 @@ gem 'date_time_attribute' gem 'rails-assets-listjs', '0.2.0.beta.4' # remember to maintain list.*.js plugins and template engines on update gem 'i18n-js', '~> 3.0.0.rc8' gem 'rails-i18n' +gem 'bootsnap', require: false gem 'mysql2' gem 'prawn' diff --git a/Gemfile.lock b/Gemfile.lock index fc413425..e2edb9f7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -65,25 +65,25 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.1.7) - actionpack (= 5.1.7) + actioncable (5.2.4.3) + actionpack (= 5.2.4.3) nio4r (~> 2.0) - websocket-driver (~> 0.6.1) - actionmailer (5.1.7) - actionpack (= 5.1.7) - actionview (= 5.1.7) - activejob (= 5.1.7) + websocket-driver (>= 0.6.1) + actionmailer (5.2.4.3) + actionpack (= 5.2.4.3) + actionview (= 5.2.4.3) + activejob (= 5.2.4.3) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.1.7) - actionview (= 5.1.7) - activesupport (= 5.1.7) - rack (~> 2.0) + actionpack (5.2.4.3) + actionview (= 5.2.4.3) + activesupport (= 5.2.4.3) + rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.1.7) - activesupport (= 5.1.7) + actionview (5.2.4.3) + activesupport (= 5.2.4.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) @@ -93,16 +93,20 @@ GEM activemodel (>= 4.1, < 6.1) case_transform (>= 0.2) jsonapi-renderer (>= 0.1.1.beta1, < 0.3) - activejob (5.1.7) - activesupport (= 5.1.7) + activejob (5.2.4.3) + activesupport (= 5.2.4.3) globalid (>= 0.3.6) - activemodel (5.1.7) - activesupport (= 5.1.7) - activerecord (5.1.7) - activemodel (= 5.1.7) - activesupport (= 5.1.7) - arel (~> 8.0) - activesupport (5.1.7) + activemodel (5.2.4.3) + activesupport (= 5.2.4.3) + activerecord (5.2.4.3) + activemodel (= 5.2.4.3) + activesupport (= 5.2.4.3) + arel (>= 9.0) + activestorage (5.2.4.3) + actionpack (= 5.2.4.3) + activerecord (= 5.2.4.3) + marcel (~> 0.3.1) + activesupport (5.2.4.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -121,7 +125,7 @@ GEM apparition (0.6.0) capybara (~> 3.13, < 4) websocket-driver (>= 0.6.5) - arel (8.0.0) + arel (9.0.0) attribute_normalizer (1.2.0) base32 (0.3.4) better_errors (2.7.1) @@ -131,6 +135,8 @@ GEM bindex (0.8.1) binding_of_caller (0.8.0) debug_inspector (>= 0.0.1) + bootsnap (1.4.8) + msgpack (~> 1.0) bootstrap-datepicker-rails (1.9.0.1) railties (>= 3.0) builder (3.2.4) @@ -149,9 +155,9 @@ GEM activesupport chronic (0.10.2) coderay (1.1.3) - coffee-rails (4.2.2) + coffee-rails (5.0.0) coffee-script (>= 2.2.0) - railties (>= 4.0.0) + railties (>= 5.2.0) coffee-script (2.4.1) coffee-script-source execjs @@ -160,12 +166,12 @@ GEM concurrent-ruby (1.1.7) connection_pool (2.2.3) content_for_in_controllers (0.0.2) - coveralls (0.7.2) + coveralls (0.7.1) multi_json (~> 1.3) - rest-client (= 1.6.7) + rest-client simplecov (>= 0.7) - term-ansicolor (= 1.2.2) - thor (= 0.18.1) + term-ansicolor + thor crass (1.0.6) daemons (1.3.1) database_cleaner (1.8.5) @@ -180,6 +186,8 @@ GEM diff-lcs (1.4.4) diffy (3.4.0) docile (1.3.2) + domain_name (0.5.20190701) + unf (>= 0.0.5, < 1.0.0) doorkeeper (5.4.0) railties (>= 5) doorkeeper-i18n (5.2.2) @@ -224,6 +232,9 @@ GEM nokogiri (>= 1.6.0) ruby_parser (~> 3.5) htmlentities (4.3.4) + http-accept (1.7.0) + http-cookie (1.0.3) + domain_name (~> 0.5) i18n (1.8.5) concurrent-ruby (~> 1.0) i18n-js (3.0.11) @@ -284,6 +295,8 @@ GEM skinny (>= 0.1.2) sqlite3-ruby thin + marcel (0.3.3) + mimemagic (~> 0.3.2) meta_request (0.7.2) rack-contrib (>= 1.1, < 3) railties (>= 3.0.0, < 7) @@ -292,20 +305,23 @@ GEM mime-types (3.3.1) mime-types-data (~> 3.2015) mime-types-data (3.2020.0512) + mimemagic (0.3.5) mini_mime (1.0.2) mini_portile2 (2.4.0) minitest (5.14.2) mono_logger (1.1.0) + msgpack (1.3.3) multi_json (1.15.0) mustermann (1.1.1) ruby2_keywords (~> 0.0.1) mysql2 (0.5.3) + netrc (0.11.0) nio4r (2.5.2) nokogiri (1.10.10) mini_portile2 (~> 2.4.0) pdf-core (0.8.1) - polyamorous (2.3.0) - activerecord (>= 5.0) + polyamorous (2.3.2) + activerecord (>= 5.2.1) polyglot (0.3.5) prawn (2.3.0) pdf-core (~> 0.8.1) @@ -333,17 +349,18 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (5.1.7) - actioncable (= 5.1.7) - actionmailer (= 5.1.7) - actionpack (= 5.1.7) - actionview (= 5.1.7) - activejob (= 5.1.7) - activemodel (= 5.1.7) - activerecord (= 5.1.7) - activesupport (= 5.1.7) + rails (5.2.4.3) + actioncable (= 5.2.4.3) + actionmailer (= 5.2.4.3) + actionpack (= 5.2.4.3) + actionview (= 5.2.4.3) + activejob (= 5.2.4.3) + activemodel (= 5.2.4.3) + activerecord (= 5.2.4.3) + activestorage (= 5.2.4.3) + activesupport (= 5.2.4.3) bundler (>= 1.3.0) - railties (= 5.1.7) + railties (= 5.2.4.3) sprockets-rails (>= 2.0.0) rails-assets-listjs (0.2.0.beta.4) railties (>= 3.1) @@ -359,28 +376,27 @@ GEM rails (>= 4.2.0) rails_tokeninput (1.7.0) railties (>= 3.1.0) - railties (5.1.7) - actionpack (= 5.1.7) - activesupport (= 5.1.7) + railties (5.2.4.3) + actionpack (= 5.2.4.3) + activesupport (= 5.2.4.3) method_source rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) + thor (>= 0.19.0, < 2.0) rainbow (3.0.0) rake (13.0.1) - ransack (2.3.0) - actionpack (>= 5.0) - activerecord (>= 5.0) - activesupport (>= 5.0) + ransack (2.3.2) + activerecord (>= 5.2.1) + activesupport (>= 5.2.1) i18n - polyamorous (= 2.3.0) + polyamorous (= 2.3.2) rb-fsevent (0.10.4) rb-inotify (0.10.1) ffi (~> 1.0) - recurring_select (2.1.0) + recurring_select (3.0.0) coffee-rails (>= 3.1) ice_cube (>= 0.11) jquery-rails (>= 3.0) - rails (>= 3.2) + rails (>= 5.2) sass-rails (>= 4.0) redis (4.2.1) redis-namespace (1.8.0) @@ -396,8 +412,11 @@ GEM redis-namespace (~> 1.6) sinatra (>= 0.9.2) vegas (~> 0.1.2) - rest-client (1.6.7) - mime-types (>= 1.16) + rest-client (2.1.0) + http-accept (>= 1.7.0, < 2.0) + http-cookie (>= 1.0.2, < 2.0) + mime-types (>= 1.16, < 4.0) + netrc (~> 0.8) roo (2.8.3) nokogiri (~> 1) rubyzip (>= 1.3.0, < 3.0.0) @@ -480,9 +499,10 @@ GEM sqlite3 (1.3.13) sqlite3-ruby (1.3.3) sqlite3 (>= 1.3.3) + sync (0.5.0) temple (0.8.2) - term-ansicolor (1.2.2) - tins (~> 0.8) + term-ansicolor (1.7.1) + tins (~> 1.0) therubyracer (0.12.3) libv8 (~> 3.16.14.15) ref @@ -490,10 +510,11 @@ GEM daemons (~> 1.0, >= 1.0.9) eventmachine (~> 1.0, >= 1.0.4) rack (>= 1, < 3) - thor (0.18.1) + thor (1.0.1) thread_safe (0.3.6) tilt (2.0.10) - tins (0.13.2) + tins (1.25.0) + sync ttfunk (1.6.2.1) twitter-bootstrap-rails (2.2.8) actionpack (>= 3.1) @@ -517,7 +538,7 @@ GEM activemodel (>= 5.0) bindex (>= 0.4.0) railties (>= 5.0) - websocket-driver (0.6.5) + websocket-driver (0.7.3) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) whenever (1.0.0) @@ -543,6 +564,7 @@ DEPENDENCIES attribute_normalizer better_errors binding_of_caller + bootsnap bootstrap-datepicker-rails bullet capybara @@ -586,7 +608,7 @@ DEPENDENCIES pry-stack_explorer puma rack-cors - rails (< 5.2) + rails (~> 5.2) rails-assets-listjs (= 0.2.0.beta.4) rails-i18n rails-settings-cached (= 0.4.3) diff --git a/bin/bundle b/bin/bundle index 66e9889e..f19acf5b 100755 --- a/bin/bundle +++ b/bin/bundle @@ -1,3 +1,3 @@ #!/usr/bin/env ruby -ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) load Gem.bin_path('bundler', 'bundle') diff --git a/bin/setup b/bin/setup index 78c4e861..94fd4d79 100755 --- a/bin/setup +++ b/bin/setup @@ -1,10 +1,9 @@ #!/usr/bin/env ruby -require 'pathname' require 'fileutils' include FileUtils # path to your application root. -APP_ROOT = Pathname.new File.expand_path('../../', __FILE__) +APP_ROOT = File.expand_path('..', __dir__) def system!(*args) system(*args) || abort("\n== Command #{args} failed ==") @@ -21,7 +20,6 @@ chdir APP_ROOT do # Install JavaScript dependencies if using Yarn # system('bin/yarn') - # puts "\n== Copying sample files ==" # unless File.exist?('config/database.yml') # cp 'config/database.yml.sample', 'config/database.yml' diff --git a/bin/update b/bin/update index a8e4462f..58bfaed5 100755 --- a/bin/update +++ b/bin/update @@ -1,10 +1,9 @@ #!/usr/bin/env ruby -require 'pathname' require 'fileutils' include FileUtils # path to your application root. -APP_ROOT = Pathname.new File.expand_path('../../', __FILE__) +APP_ROOT = File.expand_path('..', __dir__) def system!(*args) system(*args) || abort("\n== Command #{args} failed ==") @@ -18,6 +17,9 @@ chdir APP_ROOT do system! 'gem install bundler --conservative' system('bundle check') || system!('bundle install') + # Install JavaScript dependencies if using Yarn + # system('bin/yarn') + puts "\n== Updating database ==" system! 'bin/rails db:migrate' diff --git a/bin/yarn b/bin/yarn index c2bacef8..460dd565 100755 --- a/bin/yarn +++ b/bin/yarn @@ -1,8 +1,8 @@ #!/usr/bin/env ruby -VENDOR_PATH = File.expand_path('..', __dir__) -Dir.chdir(VENDOR_PATH) do +APP_ROOT = File.expand_path('..', __dir__) +Dir.chdir(APP_ROOT) do begin - exec "yarnpkg #{ARGV.join(" ")}" + exec "yarnpkg", *ARGV rescue Errno::ENOENT $stderr.puts "Yarn executable was not detected in the system." $stderr.puts "Download Yarn at https://yarnpkg.com/en/docs/install" diff --git a/config/application.rb b/config/application.rb index efd08658..50f40161 100644 --- a/config/application.rb +++ b/config/application.rb @@ -8,9 +8,13 @@ Bundler.require(*Rails.groups) module Foodsoft class Application < Rails::Application + # Initialize configuration defaults for originally generated Rails version. + config.load_defaults 5.0 + # Settings in config/environments/* take precedence over those specified here. - # Application configuration should go into files in config/initializers - # -- all .rb files in that directory are automatically loaded. + # Application configuration can go into files in config/initializers + # -- all .rb files in that directory are automatically loaded after loading + # the framework and any gems in your application. # Custom directories with classes and modules you want to be autoloadable. config.eager_load_paths << Rails.root.join('lib') diff --git a/config/boot.rb b/config/boot.rb index 30f5120d..b9e460ce 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,3 +1,4 @@ ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) require 'bundler/setup' # Set up gems listed in the Gemfile. +require 'bootsnap/setup' # Speed up boot time by caching expensive operations. diff --git a/config/environments/development.rb.SAMPLE b/config/environments/development.rb.SAMPLE index 4dae3939..f7642f44 100644 --- a/config/environments/development.rb.SAMPLE +++ b/config/environments/development.rb.SAMPLE @@ -17,12 +17,13 @@ Rails.application.configure do config.consider_all_requests_local = true # Enable/disable caching. By default caching is disabled. - if Rails.root.join('tmp/caching-dev.txt').exist? + # Run rails dev:cache to toggle caching. + if Rails.root.join('tmp', 'caching-dev.txt').exist? config.action_controller.perform_caching = true config.cache_store = :memory_store config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{2.days.seconds.to_i}" + 'Cache-Control' => "public, max-age=#{2.days.to_i}" } else config.action_controller.perform_caching = false diff --git a/config/environments/production.rb b/config/environments/production.rb index 202daab1..a4dd695f 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -18,10 +18,9 @@ Rails.application.configure do config.consider_all_requests_local = false config.action_controller.perform_caching = true - # Attempt to read encrypted secrets from `config/secrets.yml.enc`. - # Requires an encryption key in `ENV["RAILS_MASTER_KEY"]` or - # `config/secrets.yml.key`. - config.read_encrypted_secrets = true + # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"] + # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). + # config.require_master_key = true # Disable serving static files from the `/public` folder by default since # Apache or NGINX already handles this. diff --git a/config/environments/test.rb b/config/environments/test.rb index a699d4d8..b10aeee0 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -19,7 +19,7 @@ Rails.application.configure do # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{1.hour.seconds.to_i}" + 'Cache-Control' => "public, max-age=#{1.hour.to_i}" } # Show full error reports and disable caching. diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb new file mode 100644 index 00000000..d3bcaa5e --- /dev/null +++ b/config/initializers/content_security_policy.rb @@ -0,0 +1,25 @@ +# Be sure to restart your server when you modify this file. + +# Define an application-wide content security policy +# For further information see the following documentation +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy + +# Rails.application.config.content_security_policy do |policy| +# policy.default_src :self, :https +# policy.font_src :self, :https, :data +# policy.img_src :self, :https, :data +# policy.object_src :none +# policy.script_src :self, :https +# policy.style_src :self, :https + +# # Specify URI for violation reports +# # policy.report_uri "/csp-violation-report-endpoint" +# end + +# If you are using UJS then enable automatic nonce generation +# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } + +# Report CSP violations to a specified URI +# For further information see the following documentation: +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only +# Rails.application.config.content_security_policy_report_only = true diff --git a/config/initializers/new_framework_defaults_5_2.rb b/config/initializers/new_framework_defaults_5_2.rb new file mode 100644 index 00000000..5132a0b1 --- /dev/null +++ b/config/initializers/new_framework_defaults_5_2.rb @@ -0,0 +1,38 @@ +# Be sure to restart your server when you modify this file. +# +# This file contains migration options to ease your Rails 5.2 upgrade. +# +# Once upgraded flip defaults one by one to migrate to the new default. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. + +# Make Active Record use stable #cache_key alongside new #cache_version method. +# This is needed for recyclable cache keys. +# Rails.application.config.active_record.cache_versioning = true + +# Use AES-256-GCM authenticated encryption for encrypted cookies. +# Also, embed cookie expiry in signed or encrypted cookies for increased security. +# +# This option is not backwards compatible with earlier Rails versions. +# It's best enabled when your entire app is migrated and stable on 5.2. +# +# Existing cookies will be converted on read then written with the new scheme. +# Rails.application.config.action_dispatch.use_authenticated_cookie_encryption = true + +# Use AES-256-GCM authenticated encryption as default cipher for encrypting messages +# instead of AES-256-CBC, when use_authenticated_message_encryption is set to true. +# Rails.application.config.active_support.use_authenticated_message_encryption = true + +# Add default protection from forgery to ActionController::Base instead of in +# ApplicationController. +# Rails.application.config.action_controller.default_protect_from_forgery = true + +# Store boolean values are in sqlite3 databases as 1 and 0 instead of 't' and +# 'f' after migrating old data. +Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true + +# Use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header. +# Rails.application.config.active_support.use_sha1_digests = true + +# Make `form_with` generate id attributes for any generated HTML tags. +# Rails.application.config.action_view.form_with_generates_ids = true