In the same way that requests may need to be excluded from forced SSL,
requests may also need to be excluded from the Host Authorization
checks. By providing this additional flexibility more applications
will be able to enable Host Authorization while excluding requests
that may not conform. For example, AWS Classic Load Balancers don't
provide a Host header and cannot be configured to send one. This means
that Host Authorization must be disabled to use the health check
provided by the load balancer. This change will allow an application
to exclude the health check requests from the Host Authorization
requirements.
I've modified the `ActionDispatch::HostAuthorization` middleware to
accept arguments in a similar way to `ActionDispatch::SSL`. The hosts
configuration setting still exists separately as does the
hosts_response_app but I've tried to group the Host Authorization
settings like the ssl_options. It may make sense to deprecate the
global hosts_response_app if it's only used as part of the Host
Authorization failure response. I've also updated the existing tests
as the method signature changed and added new tests to verify the
exclusion functionality.
- This is similar to other railties blocks (such as `console`,
`tasks` ...). The goal of this block is to allow the application
or a railtie to load code after the server start.
The use case can be to fire the webpack or react server in
development or start some job worker like sidekiq or resque.
Right now, all these tasks needs to be done in a separate
shell and gem maintainer needs to add documentation on
how to run their libraries if another program needs to run
next to the Rails server.
This feature can be used like this:
```ruby
class SuperRailtie < Rails::Railtie
server do
WebpackServer.run
end
end
```
Follow-up to #34218.
This removes some filters that could filter innocuous fields such as
`author_name`. Filtering such fields might be surprising, especially to
people generating their first Rails app.
This commit also changes the `:password` filter to `:passw` so that it
can also filter fields such as `passwd`.
by setting `config.action_dispatch.request_id_header` to the desired value
* Ensure HTTP_X_REQUEST_ID presence to maintain compatiblility
* Use req.headers[] to fetch header rather than ENV methods
* Update configuration doc to match existing descriptions
* Add changelog entry for action_dispatch.request_id_header
This change allows for a connection to be swapped on role or shard for a
class. Previously calling `connected_to` would swap all the connections
to a particular role or shard. Granular connection swapping is useful
for swapping one connection to reading while leaving all other
connection classes on writing.
The public methods on connection handler have been updated to behave the
same as they did previously on the different handlers. The difference
however is instead of calling
`ActiveRecord::Base.connection_handlers[:reading].clear_all_connections!`
you now call
`ActiveRecord::Base.connection_handler.clear_all_connections!` which
will clear based on current role set by a `connected_to` block. Outside
the context of a `connected_to` block, `clear_all_connections!` can take
an optional parameter to clear specific connections by role.
The major changes in this PR are:
* We introduced a `legacy_connection_handling` configuration option that
is set to true by default. It will be set to `false` for all new
applications.
* In the new connection handling there will be one only connection
handler. Previously there was a connection handler for each role. Now
the role is stored in the `PoolManager`. In order to maintain backwards
compatibility we introduced a `LegacyPoolManager` to avoid duplicate
conditionals. See diagram in PR body for changes to connection
management.
* `connected_to` will now use a stacked concurrent map to keep track of
the connection for each class. For each opened block the `class`,
`role`, and `shard` will be added to the stack, when the block is exited
the `class`, `role`, `shard` array will be removed from the stack.
* With these changes `ActiveRecord::Base.connected_to` will remain
global. If called all connections in the block will use the `role` and
`shard` that was switched to. If called with a parent class like
`AnimalsRecord.connected_to` only models under `AnimalsRecord` will be
switched and everything else will remain the same.
Examples:
Given an application we have a `User` model that inherits from
`ApplicationRecord` and a `Dog` model that inherits from
`AnimalsRecord`. `AnimalsRecord` and `ApplicationRecord` have writing
and reading connections as well as shard `default`, `one`, and `two`.
```ruby
ActiveRecord::Base.connected_to(role: :reading) do
User.first # reads from default replica
Dog.first # reads from default replica
AnimalsRecord.connected_to(role: :writing, shard: :one) do
User.first # reads from default replica
Dog.first # reads from shard one primary
end
User.first # reads from default replica
Dog.first # reads from default replica
ApplicationRecord.connected_to(role: :writing, shard: :two) do
User.first # reads from shard two primary
Dog.first # reads from default replica
end
end
```
Things this PR does not solve:
* Currently there is no API for swapping more than one but not all
connections. Apps with many primaries may want to swap 3 but not all 10
connections. We plan to build an API for that in a followup PR.
* The middleware remains the same and is using the global switching
methods. Therefore at this time to use this new feature applications
must manually switch connections. We will also address this in a
followup PR.
* The `schema_cache` is currently on the `PoolConfig`. We plan on trying
to move this up to the `PoolManager` or elsewhere later on so each
`PoolConfig` doesn't need to hold a reference to the `schema_cache`.
Co-authored-by: John Crepezzi <john.crepezzi@gmail.com>
In #39632, `boot.rb` was changed to load `bin/spring`, with the
intention of adding a check to Spring itself that would prevent Spring
from running in production environments. However, in a production
environment, the Spring gem may not be installed. Furthermore,
`bin/spring` may raise an error other than `LoadError` if it has been
overwritten by e.g. `bundle binstubs` as part of the deployment process.
Therefore, this commit adds the environment check to `boot.rb`.
This commit also changes the app generator to generate `bin/spring`
directly, instead of delegating to `bundle exec spring binstub`. This
addresses an issue with the `--skip-bundle` flag. Previously,
`--skip-bundle` caused `bin/spring` to not be generated. Thus the user
had to manually run `bundle exec spring binstub` later, though that was
not documented nor explained. Now, `bin/spring` is always generated.
Additionally, by guaranteeing that `bin/stub` is generated, we avoid the
need for `rescue LoadError` in `boot.rb`.
* Refactor railsrc file location to be xdg compliant
The XDG Base Directory Specification (which is currently used by
FOSS projects such as Git, Tmux, Pry, Rspec) provides a default
location for various file formats, including config/rc files.
This comment refactors app_generator.rb to load railsrc from
XDG_CONFIG_HOME if both XDG_CONFIG_HOME is set and rails/railrc
exists within the XDG_CONFIG_HOME location.
To maintain backwards compatibility it defaults back to ~/.railsrc
if either XDG_CONFIG_HOME is not set or there is no rails/railsrc.
* Refactor default_rc_file based on jonathanhefner PR feedback
* Update generators/rails/app/USAGE to explain railsrc XDG compliance
* Refactor default_rc_file based on sinsoku PR feedback
* Add test for ARGVScrubber.default_rc_file method
fileutils is required because tmpdir does not allow you to create a new
temp directory with a set title 'inside' another temporary directory, a
file is created for railsrc because tempfile creates a custom and unique
name preventing the specification of a file called 'railsrc'
Currently this test is failing because the ARGVScrubber class seems to
be loading directly from the gem (which still has the previous code)
rather than from the file itself. (loading the code in a pry session
and using show-method ARGVScrubber.default_rc_file reveals it is coming
from
gems/railties-6.0.3.3/lib/rails/generators/rails/app/app_generator.rb:536
instead of
railties/lib/rails/generators/rails/app/app_generator.rb
* Switch to double quote strings
* Add file deletion for argv_scrubber test
* Refactor test_xdg_config_no_custom_rc with jonathanhefner feedback
* Add Changelog for railsrc xdg-specification compliance
* Apply backtick and whitespace refactoring suggestsions from jonathanhefner
* Apply jonathanhefner suggested Changelog refactoring
[Rafael Mendonça França + Nick Wolf + Jonathan Hefner]
Currently when a new rails app is created it uses the app name as it and puts
it in the package.json name. According to npm and JS standards package names
do not have capital letters and should not be using the PascalCase that is
used in Rails app name. This change is to convert app name to using snake case
but with dashes
`Minitest.plugin_rails_init` sets `Minitest.backtrace_filter` to
`Rails.backtrace_cleaner` right before tests are run, overwriting the
value set in test_helper.rb.
`Rails.backtrace_cleaner` silences backtrace lines that do not start
with `Rails.root` followed by e.g. "lib/" or "test/". Thus when
`Rails.root` is a subdirectory of the project directory -- for example,
when testing a plugin that has a dummy app -- all lines of the backtrace
are silenced.
This commit adds a fallback such that when all backtrace lines are
silenced, the original `Minitest.backtrace_filter` is used instead.
Additionally, this commit refactors and expands existing test coverage.
Each stacked operation is a Proc object instead of operation name since fedde239dc,
and so we can now simply inline the target method for each operation
Rafael França