# HG changeset patch # User nanaya # Date 1734268686 -32400 # Node ID 92929378413ef6811325caf8608ed62eeb90fbad # Parent e508d32262146782f1890b8b7c2a9fbe0f175673 Update to latest rails diff -r e508d3226214 -r 92929378413e Gemfile --- a/Gemfile Sun Oct 29 23:24:13 2023 +0900 +++ b/Gemfile Sun Dec 15 22:18:06 2024 +0900 @@ -1,6 +1,6 @@ source "https://rubygems.org" -gem "rails", "~> 7.0.1" +gem "rails", "~> 8.0.0" gem "sass-rails" gem "autoprefixer-rails" gem "sprockets-rails" diff -r e508d3226214 -r 92929378413e Gemfile.lock --- a/Gemfile.lock Sun Oct 29 23:24:13 2023 +0900 +++ b/Gemfile.lock Sun Dec 15 22:18:06 2024 +0900 @@ -1,77 +1,88 @@ GEM remote: https://rubygems.org/ specs: - actioncable (7.0.8) - actionpack (= 7.0.8) - activesupport (= 7.0.8) + actioncable (8.0.1) + actionpack (= 8.0.1) + activesupport (= 8.0.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.8) - actionpack (= 7.0.8) - activejob (= 7.0.8) - activerecord (= 7.0.8) - activestorage (= 7.0.8) - activesupport (= 7.0.8) - mail (>= 2.7.1) - net-imap - net-pop - net-smtp - actionmailer (7.0.8) - actionpack (= 7.0.8) - actionview (= 7.0.8) - activejob (= 7.0.8) - activesupport (= 7.0.8) - mail (~> 2.5, >= 2.5.4) - net-imap - net-pop - net-smtp - rails-dom-testing (~> 2.0) - actionpack (7.0.8) - actionview (= 7.0.8) - activesupport (= 7.0.8) - rack (~> 2.0, >= 2.2.4) + zeitwerk (~> 2.6) + actionmailbox (8.0.1) + actionpack (= 8.0.1) + activejob (= 8.0.1) + activerecord (= 8.0.1) + activestorage (= 8.0.1) + activesupport (= 8.0.1) + mail (>= 2.8.0) + actionmailer (8.0.1) + actionpack (= 8.0.1) + actionview (= 8.0.1) + activejob (= 8.0.1) + activesupport (= 8.0.1) + mail (>= 2.8.0) + rails-dom-testing (~> 2.2) + actionpack (8.0.1) + actionview (= 8.0.1) + activesupport (= 8.0.1) + nokogiri (>= 1.8.5) + rack (>= 2.2.4) + rack-session (>= 1.0.1) rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.8) - actionpack (= 7.0.8) - activerecord (= 7.0.8) - activestorage (= 7.0.8) - activesupport (= 7.0.8) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + useragent (~> 0.16) + actiontext (8.0.1) + actionpack (= 8.0.1) + activerecord (= 8.0.1) + activestorage (= 8.0.1) + activesupport (= 8.0.1) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.8) - activesupport (= 7.0.8) + actionview (8.0.1) + activesupport (= 8.0.1) builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.8) - activesupport (= 7.0.8) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activejob (8.0.1) + activesupport (= 8.0.1) globalid (>= 0.3.6) - activemodel (7.0.8) - activesupport (= 7.0.8) - activerecord (7.0.8) - activemodel (= 7.0.8) - activesupport (= 7.0.8) - activestorage (7.0.8) - actionpack (= 7.0.8) - activejob (= 7.0.8) - activerecord (= 7.0.8) - activesupport (= 7.0.8) + activemodel (8.0.1) + activesupport (= 8.0.1) + activerecord (8.0.1) + activemodel (= 8.0.1) + activesupport (= 8.0.1) + timeout (>= 0.4.0) + activestorage (8.0.1) + actionpack (= 8.0.1) + activejob (= 8.0.1) + activerecord (= 8.0.1) + activesupport (= 8.0.1) marcel (~> 1.0) - mini_mime (>= 1.1.0) - activesupport (7.0.8) - concurrent-ruby (~> 1.0, >= 1.0.2) + activesupport (8.0.1) + base64 + benchmark (>= 0.3) + bigdecimal + concurrent-ruby (~> 1.0, >= 1.3.1) + connection_pool (>= 2.2.5) + drb i18n (>= 1.6, < 2) + logger (>= 1.4.2) minitest (>= 5.1) - tzinfo (~> 2.0) + securerandom (>= 0.3) + tzinfo (~> 2.0, >= 2.0.5) + uri (>= 0.13.1) autoprefixer-rails (10.4.15.0) execjs (~> 2) + base64 (0.2.0) + benchmark (0.4.0) + bigdecimal (3.1.8) builder (3.2.4) - concurrent-ruby (1.2.2) + concurrent-ruby (1.3.4) + connection_pool (2.4.1) crass (1.0.6) - date (3.3.3) + date (3.4.1) + drb (2.2.1) erubi (1.12.0) execjs (2.9.1) ffi (1.16.3) @@ -79,8 +90,13 @@ activesupport (>= 6.1) i18n (1.14.1) concurrent-ruby (~> 1.0) + io-console (0.7.2) + irb (1.14.0) + rdoc (>= 4.0.0) + reline (>= 0.4.2) jsbundling-rails (1.2.1) railties (>= 6.0.0) + logger (1.6.1) loofah (2.21.4) crass (~> 1.0.2) nokogiri (>= 1.12.0) @@ -89,19 +105,18 @@ net-imap net-pop net-smtp - marcel (1.0.2) - method_source (1.0.0) + marcel (1.0.4) mini_mime (1.1.5) mini_portile2 (2.8.5) minitest (5.20.0) - net-imap (0.4.2) + net-imap (0.5.1) date net-protocol net-pop (0.1.2) net-protocol - net-protocol (0.2.1) + net-protocol (0.2.2) timeout - net-smtp (0.4.0) + net-smtp (0.5.0) net-protocol newrelic_rpm (9.5.0) nio4r (2.5.9) @@ -109,26 +124,33 @@ mini_portile2 (~> 2.8.2) racc (~> 1.4) pg (1.5.4) + psych (5.1.2) + stringio puma (6.4.0) nio4r (~> 2.0) racc (1.7.1) rack (2.2.8) + rack-session (1.0.2) + rack (< 3) rack-test (2.1.0) rack (>= 1.3) - rails (7.0.8) - actioncable (= 7.0.8) - actionmailbox (= 7.0.8) - actionmailer (= 7.0.8) - actionpack (= 7.0.8) - actiontext (= 7.0.8) - actionview (= 7.0.8) - activejob (= 7.0.8) - activemodel (= 7.0.8) - activerecord (= 7.0.8) - activestorage (= 7.0.8) - activesupport (= 7.0.8) + rackup (1.0.0) + rack (< 3) + webrick + rails (8.0.1) + actioncable (= 8.0.1) + actionmailbox (= 8.0.1) + actionmailer (= 8.0.1) + actionpack (= 8.0.1) + actiontext (= 8.0.1) + actionview (= 8.0.1) + activejob (= 8.0.1) + activemodel (= 8.0.1) + activerecord (= 8.0.1) + activestorage (= 8.0.1) + activesupport (= 8.0.1) bundler (>= 1.15.0) - railties (= 7.0.8) + railties (= 8.0.1) rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest @@ -136,14 +158,19 @@ rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - railties (7.0.8) - actionpack (= 7.0.8) - activesupport (= 7.0.8) - method_source + railties (8.0.1) + actionpack (= 8.0.1) + activesupport (= 8.0.1) + irb (~> 1.13) + rackup (>= 1.0.0) rake (>= 12.2) - thor (~> 1.0) - zeitwerk (~> 2.5) + thor (~> 1.0, >= 1.2.2) + zeitwerk (~> 2.6) rake (13.1.0) + rdoc (6.7.0) + psych (>= 4.0.0) + reline (0.5.9) + io-console (~> 0.5) sass-rails (6.0.0) sassc-rails (~> 2.1, >= 2.1.1) sassc (2.4.0) @@ -154,6 +181,7 @@ sprockets (> 3.0) sprockets-rails tilt + securerandom (0.3.1) sprockets (4.2.1) concurrent-ruby (~> 1.0) rack (>= 2.2.4, < 4) @@ -161,11 +189,15 @@ actionpack (>= 5.2) activesupport (>= 5.2) sprockets (>= 3.0.0) + stringio (3.1.1) thor (1.3.0) tilt (2.3.0) - timeout (0.4.0) + timeout (0.4.2) tzinfo (2.0.6) concurrent-ruby (~> 1.0) + uri (1.0.2) + useragent (0.16.10) + webrick (1.8.1) websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -180,7 +212,7 @@ newrelic_rpm pg puma - rails (~> 7.0.1) + rails (~> 8.0.0) sass-rails sprockets-rails diff -r e508d3226214 -r 92929378413e bin/dev --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/bin/dev Sun Dec 15 22:18:06 2024 +0900 @@ -0,0 +1,2 @@ +#!/usr/bin/env ruby +exec "./bin/rails", "server", *ARGV diff -r e508d3226214 -r 92929378413e bin/setup --- a/bin/setup Sun Oct 29 23:24:13 2023 +0900 +++ b/bin/setup Sun Dec 15 22:18:06 2024 +0900 @@ -1,11 +1,10 @@ #!/usr/bin/env ruby require "fileutils" -# path to your application root. APP_ROOT = File.expand_path("..", __dir__) def system!(*args) - system(*args) || abort("\n== Command #{args} failed ==") + system(*args, exception: true) end FileUtils.chdir APP_ROOT do @@ -14,7 +13,6 @@ # Add necessary setup steps to this file. puts "== Installing dependencies ==" - system! "gem install bundler --conservative" system("bundle check") || system!("bundle install") # puts "\n== Copying sample files ==" @@ -28,6 +26,9 @@ puts "\n== Removing old logs and tempfiles ==" system! "bin/rails log:clear tmp:clear" - puts "\n== Restarting application server ==" - system! "bin/rails restart" + unless ARGV.include?("--skip-server") + puts "\n== Starting development server ==" + STDOUT.flush # flush the output before exec(2) so that it displays + exec "bin/dev" + end end diff -r e508d3226214 -r 92929378413e config/application.rb --- a/config/application.rb Sun Oct 29 23:24:13 2023 +0900 +++ b/config/application.rb Sun Dec 15 22:18:06 2024 +0900 @@ -1,70 +1,43 @@ +require_relative "config_init" require_relative "boot" -# To allow setting environment variable ZP_DATABASE_URL instead of DATABASE_URL. -ENV["DATABASE_URL"] = ENV["ZP_DATABASE_URL"] if ENV["ZP_DATABASE_URL"] - -require_relative "config_init" - +require "rails" +# Pick the frameworks you want: require "active_model/railtie" # require "active_job/railtie" require "active_record/railtie" # require "active_storage/engine" require "action_controller/railtie" # require "action_mailer/railtie" +# require "action_mailbox/engine" +# require "action_text/engine" require "action_view/railtie" # require "action_cable/engine" -require "sprockets/railtie" require "rails/test_unit/railtie" -# If you precompile assets before deploying to production, use this line -Bundler.require(*$cfg[:bundler_groups]) -# If you want your assets lazily compiled in production, use this line -# Bundler.require(:default, :assets, Rails.env) +# Require the gems listed in Gemfile, including any gems +# you've limited to :test, :development, or :production. +Bundler.require(*Rails.groups) module Zeropaste class Application < Rails::Application - config.load_defaults 7.0 - # Settings in config/environments/* take precedence over those specified here. - # Application configuration should go into files in config/initializers - # -- all .rb files in that directory are automatically loaded. - - # Custom directories with classes and modules you want to be autoloadable. - # config.autoload_paths += %W(#{config.root}/extras) + # Initialize configuration defaults for originally generated Rails version. + config.load_defaults 8.0 - # Only load the plugins named here, in the order given (default is alphabetical). - # :all can be used as a placeholder for all plugins not explicitly named. - # config.plugins = [ :exception_notification, :ssl_requirement, :all ] - - # Activate observers that should always be running. - # config.active_record.observers = :cacher, :garbage_collector, :forum_observer - - # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. - # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. - # config.time_zone = "Central Time (US & Canada)" + # Please, add to the `ignore` list any other `lib` subdirectories that do + # not contain `.rb` files, or that should not be reloaded or eager loaded. + # Common ones are `templates`, `generators`, or `middleware`, for example. + config.autoload_lib(ignore: %w[assets tasks]) - # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. - # config.i18n.load_path += Dir[Rails.root.join("my", "locales", "*.{rb,yml}").to_s] - # config.i18n.default_locale = :de - - # Configure the default encoding used in templates for Ruby 1.9. - config.encoding = "utf-8" - - # Enable escaping HTML in JSON. - config.active_support.escape_html_entities_in_json = true + # Configuration for the application, engines, and railties goes here. + # + # These settings can be overridden in specific environments using the files + # in config/environments, which are processed later. + # + # config.time_zone = "Central Time (US & Canada)" + # config.eager_load_paths << Rails.root.join("extras") - # Use SQL instead of Active Record's schema dumper when creating the database. - # This is necessary if your schema can't be completely dumped by the schema dumper, - # like if you have constraints or database-specific column types config.active_record.schema_format = :sql - - # Enable the asset pipeline - config.assets.enabled = true - - # No need to initialize application when precompiling assets - config.assets.initialize_on_precompile = false - - config.action_view.field_error_proc = proc { |html| html } - config.middleware.delete ActionDispatch::HostAuthorization end end diff -r e508d3226214 -r 92929378413e config/environments/development.rb --- a/config/environments/development.rb Sun Oct 29 23:24:13 2023 +0900 +++ b/config/environments/development.rb Sun Dec 15 22:18:06 2024 +0900 @@ -3,10 +3,8 @@ Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # In the development environment your application's code is reloaded any time - # it changes. This slows down response time but is perfect for development - # since you don't have to restart the web server when you make code changes. - config.cache_classes = false + # Make code changes take effect immediately without server restart. + config.enable_reloading = true # Do not eager load code on boot. config.eager_load = false @@ -14,49 +12,40 @@ # Show full error reports. config.consider_all_requests_local = true - # Enable server timing + # Enable server timing. config.server_timing = true - # Enable/disable caching. By default caching is disabled. - # Run rails dev:cache to toggle caching. + # Enable/disable Action Controller caching. By default Action Controller caching is disabled. + # Run rails dev:cache to toggle Action Controller caching. if Rails.root.join("tmp/caching-dev.txt").exist? config.action_controller.perform_caching = true config.action_controller.enable_fragment_cache_logging = true - - config.cache_store = :memory_store - config.public_file_server.headers = { - "Cache-Control" => "public, max-age=#{2.days.to_i}" - } + config.public_file_server.headers = { "cache-control" => "public, max-age=#{2.days.to_i}" } else config.action_controller.perform_caching = false + end - config.cache_store = :null_store - end + # Change to :null_store to avoid any caching. + config.cache_store = :memory_store # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log - # Raise exceptions for disallowed deprecations. - config.active_support.disallowed_deprecation = :raise - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] - # Raise an error on page load if there are pending migrations. config.active_record.migration_error = :page_load # Highlight code that triggered database queries in logs. config.active_record.verbose_query_logs = true - # Suppress logger output for asset requests. - config.assets.quiet = true + # Append comments with runtime information tags to SQL queries in logs. + config.active_record.query_log_tags_enabled = true # Raises error for missing translations. # config.i18n.raise_on_missing_translations = true # Annotate rendered view with file names. - # config.action_view.annotate_rendered_view_with_filenames = true + config.action_view.annotate_rendered_view_with_filenames = true - # Uncomment if you wish to allow Action Cable access from any origin. - # config.action_cable.disable_request_forgery_protection = true + # Raise error when a before_action's only/except options reference missing actions. + config.action_controller.raise_on_missing_callback_actions = true end diff -r e508d3226214 -r 92929378413e config/environments/production.rb --- a/config/environments/production.rb Sun Oct 29 23:24:13 2023 +0900 +++ b/config/environments/production.rb Sun Dec 15 22:18:06 2024 +0900 @@ -4,76 +4,64 @@ # Settings specified here will take precedence over those in config/application.rb. # Code is not reloaded between requests. - config.cache_classes = true + config.enable_reloading = false - # Eager load code on boot. This eager loads most of Rails and - # your application in memory, allowing both threaded web servers - # and those relying on copy on write to perform better. - # Rake tasks automatically ignore this option for performance. + # Eager load code on boot for better performance and memory savings (ignored by Rake tasks). config.eager_load = true - # Full error reports are disabled and caching is turned on. - config.consider_all_requests_local = false + # Full error reports are disabled. + config.consider_all_requests_local = false + + # Turn on fragment caching in view templates. config.action_controller.perform_caching = true - # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"] - # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). - # config.require_master_key = true - - # Disable serving static files from the `/public` folder by default since - # Apache or NGINX already handles this. - config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present? - - # Compress CSS using a preprocessor. - # config.assets.css_compressor = :sass - - # Do not fallback to assets pipeline if a precompiled asset is missed. - config.assets.compile = false + # Cache assets for far-future expiry since they are all digest stamped. + config.public_file_server.headers = { "cache-control" => "public, max-age=#{1.year.to_i}" } # Enable serving of images, stylesheets, and JavaScripts from an asset server. # config.asset_host = "http://assets.example.com" - # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache - # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX + # Assume all access to the app is happening through a SSL-terminating reverse proxy. + config.assume_ssl = true # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - # config.force_ssl = true + config.force_ssl = true - # Include generic and useful information about system operation, but avoid logging too much - # information to avoid inadvertent exposure of personally identifiable information (PII). - config.log_level = :info + # Skip http-to-https redirect for the default health check endpoint. + # config.ssl_options = { redirect: { exclude: ->(request) { request.path == "/up" } } } - # Prepend all log lines with the following tags. + # Log to STDOUT with the current request id as a default log tag. config.log_tags = [ :request_id ] + config.logger = ActiveSupport::TaggedLogging.logger(STDOUT) - # Use a different cache store in production. - # config.cache_store = :mem_cache_store + # Change to "debug" to log everything (including potentially personally-identifiable information!) + config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info") - # Use a real queuing backend for Active Job (and separate queues per environment). - # config.active_job.queue_adapter = :resque - # config.active_job.queue_name_prefix = "zeropaste_production" + # Prevent health checks from clogging up the logs. + config.silence_healthcheck_path = "/up" + + # Don't log any deprecations. + config.active_support.report_deprecations = false + + # Replace the default in-process memory cache store with a durable alternative. + # config.cache_store = :mem_cache_store # Enable locale fallbacks for I18n (makes lookups for any locale fall back to # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = true - # Don't log any deprecations. - config.active_support.report_deprecations = false - - # Use default logging formatter so that PID and timestamp are not suppressed. - config.log_formatter = ::Logger::Formatter.new - - # Use a different logger for distributed setups. - # require "syslog/logger" - # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name") - - if ENV["RAILS_LOG_TO_STDOUT"].present? - logger = ActiveSupport::Logger.new(STDOUT) - logger.formatter = config.log_formatter - config.logger = ActiveSupport::TaggedLogging.new(logger) - end - # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false + + # Only use :id for inspections in production. + config.active_record.attributes_for_inspect = [ :id ] + + # Enable DNS rebinding protection and other `Host` header attacks. + # config.hosts = [ + # "example.com", # Allow requests from example.com + # /.*\.example\.com/ # Allow requests from subdomains like `www.example.com` + # ] + # + # Skip DNS rebinding protection for the default health check endpoint. + # config.host_authorization = { exclude: ->(request) { request.path == "/up" } } end diff -r e508d3226214 -r 92929378413e config/environments/test.rb --- a/config/environments/test.rb Sun Oct 29 23:24:13 2023 +0900 +++ b/config/environments/test.rb Sun Dec 15 22:18:06 2024 +0900 @@ -1,5 +1,3 @@ -require "active_support/core_ext/integer/time" - # The test environment is used exclusively to run your application's # test suite. You never need to work with it otherwise. Remember that # your test database is "scratch space" for the test suite and is wiped @@ -8,27 +6,24 @@ Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # Turn false under Spring and add config.action_view.cache_template_loading = true. - config.cache_classes = true + # While tests run files are not watched, reloading is not necessary. + config.enable_reloading = false - # Eager loading loads your whole application. When running a single test locally, - # this probably isn't necessary. It's a good idea to do in a continuous integration - # system, or in some way before deploying your code. + # Eager loading loads your entire application. When running a single test locally, + # this is usually not necessary, and can slow down your test suite. However, it's + # recommended that you enable it in continuous integration systems to ensure eager + # loading is working properly before deploying your code. config.eager_load = ENV["CI"].present? - # Configure public file server for tests with Cache-Control for performance. - config.public_file_server.enabled = true - config.public_file_server.headers = { - "Cache-Control" => "public, max-age=#{1.hour.to_i}" - } + # Configure public file server for tests with cache-control for performance. + config.public_file_server.headers = { "cache-control" => "public, max-age=3600" } - # Show full error reports and disable caching. - config.consider_all_requests_local = true - config.action_controller.perform_caching = false + # Show full error reports. + config.consider_all_requests_local = true config.cache_store = :null_store - # Raise exceptions instead of rendering exception templates. - config.action_dispatch.show_exceptions = false + # Render exception templates for rescuable exceptions and raise for other exceptions. + config.action_dispatch.show_exceptions = :rescuable # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false @@ -36,15 +31,12 @@ # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr - # Raise exceptions for disallowed deprecations. - config.active_support.disallowed_deprecation = :raise - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] - # Raises error for missing translations. # config.i18n.raise_on_missing_translations = true # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true + + # Raise error when a before_action's only/except options reference missing actions. + config.action_controller.raise_on_missing_callback_actions = true end diff -r e508d3226214 -r 92929378413e config/initializers/assets.rb --- a/config/initializers/assets.rb Sun Oct 29 23:24:13 2023 +0900 +++ b/config/initializers/assets.rb Sun Dec 15 22:18:06 2024 +0900 @@ -6,8 +6,3 @@ # Add additional assets to the asset load path. # Rails.application.config.assets.paths << Emoji.images_path Rails.application.config.assets.paths << Rails.root.join("node_modules") - -# Precompile additional assets. -# application.js, application.css, and all non-JS/CSS in the app/assets -# folder are already added. -# Rails.application.config.assets.precompile += %w( admin.js admin.css ) diff -r e508d3226214 -r 92929378413e config/initializers/content_security_policy.rb --- a/config/initializers/content_security_policy.rb Sun Oct 29 23:24:13 2023 +0900 +++ b/config/initializers/content_security_policy.rb Sun Dec 15 22:18:06 2024 +0900 @@ -1,8 +1,8 @@ # Be sure to restart your server when you modify this file. -# Define an application-wide content security policy -# For further information see the following documentation -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +# Define an application-wide content security policy. +# See the Securing Rails Applications Guide for more information: +# https://guides.rubyonrails.org/security.html#content-security-policy-header # Rails.application.configure do # config.content_security_policy do |policy| @@ -16,11 +16,10 @@ # # policy.report_uri "/csp-violation-report-endpoint" # end # -# # Generate session nonces for permitted importmap and inline scripts +# # Generate session nonces for permitted importmap, inline scripts, and inline styles. # config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } -# config.content_security_policy_nonce_directives = %w(script-src) +# config.content_security_policy_nonce_directives = %w(script-src style-src) # -# # Report CSP violations to a specified URI. See: -# # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only +# # Report violations without enforcing the policy. # # config.content_security_policy_report_only = true # end diff -r e508d3226214 -r 92929378413e config/initializers/filter_parameter_logging.rb --- a/config/initializers/filter_parameter_logging.rb Sun Oct 29 23:24:13 2023 +0900 +++ b/config/initializers/filter_parameter_logging.rb Sun Dec 15 22:18:06 2024 +0900 @@ -1,6 +1,8 @@ # Be sure to restart your server when you modify this file. -# Configure sensitive parameters which will be filtered from the log file. +# Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file. +# Use this to limit dissemination of sensitive information. +# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. Rails.application.config.filter_parameters += [ - :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn + :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc ] diff -r e508d3226214 -r 92929378413e config/initializers/permissions_policy.rb --- a/config/initializers/permissions_policy.rb Sun Oct 29 23:24:13 2023 +0900 +++ b/config/initializers/permissions_policy.rb Sun Dec 15 22:18:06 2024 +0900 @@ -1,11 +1,13 @@ +# Be sure to restart your server when you modify this file. + # Define an application-wide HTTP permissions policy. For further -# information see https://developers.google.com/web/updates/2018/06/feature-policy -# -# Rails.application.config.permissions_policy do |f| -# f.camera :none -# f.gyroscope :none -# f.microphone :none -# f.usb :none -# f.fullscreen :self -# f.payment :self, "https://secure.example.com" +# information see: https://developers.google.com/web/updates/2018/06/feature-policy + +# Rails.application.config.permissions_policy do |policy| +# policy.camera :none +# policy.gyroscope :none +# policy.microphone :none +# policy.usb :none +# policy.fullscreen :self +# policy.payment :self, "https://secure.example.com" # end diff -r e508d3226214 -r 92929378413e config/puma.rb --- a/config/puma.rb Sun Oct 29 23:24:13 2023 +0900 +++ b/config/puma.rb Sun Dec 15 22:18:06 2024 +0900 @@ -1,47 +1,41 @@ -# Puma can serve each request in a thread from an internal thread pool. -# The `threads` method setting takes two numbers a minimum and maximum. -# Any libraries that use thread pools should be configured to match -# the maximum value specified for Puma. Default is set to 5 threads for minimum -# and maximum, this matches the default thread size of Active Record. +# This configuration file will be evaluated by Puma. The top-level methods that +# are invoked here are part of Puma's configuration DSL. For more information +# about methods provided by the DSL, see https://puma.io/puma/Puma/DSL.html. +# +# Puma starts a configurable number of processes (workers) and each process +# serves each request in a thread from an internal thread pool. +# +# You can control the number of workers using ENV["WEB_CONCURRENCY"]. You +# should only set this value when you want to run 2 or more workers. The +# default is already 1. # -threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 }.to_i +# The ideal number of threads per worker depends both on how much time the +# application spends waiting for IO operations and on how much you wish to +# prioritize throughput over latency. +# +# As a rule of thumb, increasing the number of threads will increase how much +# traffic a given process can handle (throughput), but due to CRuby's +# Global VM Lock (GVL) it has diminishing returns and will degrade the +# response time (latency) of the application. +# +# The default is set to 3 threads as it's deemed a decent compromise between +# throughput and latency for the average Rails application. +# +# Any libraries that use a connection pool or another resource pool should +# be configured to provide at least as many connections as the number of +# threads. This includes Active Record's `pool` parameter in `database.yml`. +threads_count = ENV.fetch("RAILS_MAX_THREADS", 3) threads threads_count, threads_count -# Specifies the `port` that Puma will listen on to receive requests, default is 3000. -# -port ENV.fetch("PORT") { 3000 } - -# Specifies the `environment` that Puma will run in. -# -environment ENV.fetch("RAILS_ENV") { "development" } +# Specifies the `port` that Puma will listen on to receive requests; default is 3000. +port ENV.fetch("PORT", 3000) -# Specifies the number of `workers` to boot in clustered mode. -# Workers are forked webserver processes. If using threads and workers together -# the concurrency of the application would be max `threads` * `workers`. -# Workers do not work on JRuby or Windows (both of which do not support -# processes). -# -# workers ENV.fetch("WEB_CONCURRENCY") { 2 } +# Allow puma to be restarted by `bin/rails restart` command. +plugin :tmp_restart -# Use the `preload_app!` method when specifying a `workers` number. -# This directive tells Puma to first boot the application and load code -# before forking the application. This takes advantage of Copy On Write -# process behavior so workers use less memory. If you use this option -# you need to make sure to reconnect any threads in the `on_worker_boot` -# block. -# -# preload_app! +# Run the Solid Queue supervisor inside of Puma for single-server deployments +plugin :solid_queue if ENV["SOLID_QUEUE_IN_PUMA"] -# The code in the `on_worker_boot` will be called if you are using -# clustered mode by specifying a number of `workers`. After each worker -# process is booted this block will be run, if you are using `preload_app!` -# option you will want to use this block to reconnect to any threads -# or connections that may have been created at application boot, Ruby -# cannot share connections between processes. -# -# on_worker_boot do -# ActiveRecord::Base.establish_connection if defined?(ActiveRecord) -# end - -# Allow puma to be restarted by `rails restart` command. -plugin :tmp_restart +# Specify the PID file. Defaults to tmp/pids/server.pid in development. +# In other environments, only set the PID file if requested. +pidfile ENV["PIDFILE"] if ENV["PIDFILE"] diff -r e508d3226214 -r 92929378413e db/structure.sql --- a/db/structure.sql Sun Oct 29 23:24:13 2023 +0900 +++ b/db/structure.sql Sun Dec 15 22:18:06 2024 +0900 @@ -5,12 +5,13 @@ SET standard_conforming_strings = on; SELECT pg_catalog.set_config('search_path', '', false); SET check_function_bodies = false; +SET xmloption = content; SET client_min_messages = warning; SET row_security = off; SET default_tablespace = ''; -SET default_with_oids = false; +SET default_table_access_method = heap; -- -- Name: ar_internal_metadata; Type: TABLE; Schema: public; Owner: - @@ -122,15 +123,14 @@ SET search_path TO "$user", public; INSERT INTO "schema_migrations" (version) VALUES -('20120826180414'), -('20120826182012'), -('20120905072325'), -('20120905074204'), -('20130201150322'), +('20180625074738'), +('20150916161622'), +('20150914054154'), +('20130512032335'), ('20130511133450'), -('20130512032335'), -('20150914054154'), -('20150916161622'), -('20180625074738'); +('20130201150322'), +('20120905074204'), +('20120905072325'), +('20120826182012'), +('20120826180414'); - diff -r e508d3226214 -r 92929378413e package.json --- a/package.json Sun Oct 29 23:24:13 2023 +0900 +++ b/package.json Sun Dec 15 22:18:06 2024 +0900 @@ -16,5 +16,6 @@ "build": "esbuild app/javascript/application.js app/javascript/*.* --bundle --outdir=app/assets/builds --sourcemap", "lint": "semistandard app/assets/javascripts/**/*.js app/javascript/**/*.js" }, - "type": "module" + "type": "module", + "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" } diff -r e508d3226214 -r 92929378413e public/400.html --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/public/400.html Sun Dec 15 22:18:06 2024 +0900 @@ -0,0 +1,114 @@ + + + + + + + The server cannot process the request due to a client error (400 Bad Request) + + + + + + + + + + + + + +
+
+ +
+
+

The server cannot process the request due to a client error. Please check the request and try again. If you’re the application owner check the logs for more information.

+
+
+ + + + diff -r e508d3226214 -r 92929378413e public/404.html --- a/public/404.html Sun Oct 29 23:24:13 2023 +0900 +++ b/public/404.html Sun Dec 15 22:18:06 2024 +0900 @@ -1,26 +1,114 @@ - - - - The page you were looking for doesn't exist (404) - - + + + + + + + The page you were looking for doesn’t exist (404 Not found) + + + + + + + + + + + + + +
+
+ +
+
+

The page you were looking for doesn’t exist. You may have mistyped the address or the page may have moved. If you’re the application owner check the logs for more information.

+
+
+ + + diff -r e508d3226214 -r 92929378413e public/406-unsupported-browser.html --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/public/406-unsupported-browser.html Sun Dec 15 22:18:06 2024 +0900 @@ -0,0 +1,114 @@ + + + + + + + Your browser is not supported (406 Not Acceptable) + + + + + + + + + + + + + +
+
+ +
+
+

Your browser is not supported.
Please upgrade your browser to continue.

+
+
+ + + + diff -r e508d3226214 -r 92929378413e public/422.html --- a/public/422.html Sun Oct 29 23:24:13 2023 +0900 +++ b/public/422.html Sun Dec 15 22:18:06 2024 +0900 @@ -1,26 +1,114 @@ - - - - The change you wanted was rejected (422) - - + + + + + + + The change you wanted was rejected (422 Unprocessable Entity) + + + + + + + + + + + + + +
+
+ +
+
+

The change you wanted was rejected. Maybe you tried to change something you didn’t have access to. If you’re the application owner check the logs for more information.

+
+
+ + + diff -r e508d3226214 -r 92929378413e public/500.html --- a/public/500.html Sun Oct 29 23:24:13 2023 +0900 +++ b/public/500.html Sun Dec 15 22:18:06 2024 +0900 @@ -1,25 +1,114 @@ - - - - We're sorry, but something went wrong (500) - - + + + + + + + We’re sorry, but something went wrong (500 Internal Server Error) + + + + + + + + + + + + + +
+
+ +
+
+

We’re sorry, but something went wrong.
If you’re the application owner check the logs for more information.

+
+
+ + + diff -r e508d3226214 -r 92929378413e public/icon.png Binary file public/icon.png has changed diff -r e508d3226214 -r 92929378413e public/icon.svg --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/public/icon.svg Sun Dec 15 22:18:06 2024 +0900 @@ -0,0 +1,3 @@ + + + diff -r e508d3226214 -r 92929378413e test/test_helper.rb --- a/test/test_helper.rb Sun Oct 29 23:24:13 2023 +0900 +++ b/test/test_helper.rb Sun Dec 15 22:18:06 2024 +0900 @@ -1,10 +1,8 @@ ENV["RAILS_ENV"] ||= "test" -require File.expand_path("../../config/environment", __FILE__) +require_relative "../config/environment" require "rails/test_help" class ActiveSupport::TestCase - ActiveRecord::Migration.check_pending! - # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order. # # Note: You'll currently still have to declare fixtures explicitly in integration tests