diff --git a/server/src/main/webapp/WEB-INF/rails/bin/rails b/server/src/main/webapp/WEB-INF/rails/bin/rails index 20941721a6bf..2684a3dcb550 100755 --- a/server/src/main/webapp/WEB-INF/rails/bin/rails +++ b/server/src/main/webapp/WEB-INF/rails/bin/rails @@ -1,4 +1,4 @@ #!/usr/bin/env jruby -APP_PATH = File.expand_path('../config/application', __dir__) +APP_PATH = File.expand_path("../config/application", __dir__) require_relative "../config/boot" require "rails/commands" diff --git a/server/src/main/webapp/WEB-INF/rails/config/application.rb b/server/src/main/webapp/WEB-INF/rails/config/application.rb index 0dad8fd2bff4..2fdcdab4a36b 100644 --- a/server/src/main/webapp/WEB-INF/rails/config/application.rb +++ b/server/src/main/webapp/WEB-INF/rails/config/application.rb @@ -23,13 +23,13 @@ require "sprockets/railtie" require "rails/test_unit/railtie" +# Require the gems listed in Gemfile, including any gems +# you've limited to :test, :development, or :production. Bundler.require(*Rails.groups(assets: %w[development test])) module Go class Application < Rails::Application - # Initialize configuration defaults for originally generated Rails version. - config.load_defaults 6.1 - config.autoloader = :zeitwerk + config.load_defaults 7.0 require_relative "../lib/all_libs" # Configuration for the application, engines, and railties goes here. @@ -37,13 +37,14 @@ class Application < Rails::Application # These settings can be overridden in specific environments using the files # in config/environments, which are processed later. # + # config.time_zone = "Central Time (US & Canada)" # config.eager_load_paths << Rails.root.join("extras") - # Rails4 does not load lib/* by default. Forcing it to do so. + # Rails does not load lib/* by default. Forcing it to do so. config.autoload_paths += Dir[ - Rails.root.join("lib"), - Rails.root.join("app", "models"), - Rails.root.join("app", "presenters") + Rails.root.join("lib"), + Rails.root.join("app", "models"), + Rails.root.join("app", "presenters") ] # Add catch-all route, after all Rails routes and Engine routes are initialized. @@ -60,7 +61,7 @@ class Application < Rails::Application g.test_framework :rspec, :fixture_replacement => nil end - config.action_controller.include_all_helpers = true + config.action_controller.include_all_helpers = true config.action_controller.per_form_csrf_tokens = false # Disable default headers in rails, since they are added from other filters like DefaultHeadersFilter diff --git a/server/src/main/webapp/WEB-INF/rails/config/boot.rb b/server/src/main/webapp/WEB-INF/rails/config/boot.rb index 4153a886bfcb..72d10399248a 100644 --- a/server/src/main/webapp/WEB-INF/rails/config/boot.rb +++ b/server/src/main/webapp/WEB-INF/rails/config/boot.rb @@ -16,8 +16,6 @@ ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) -# Set up gems listed in the Gemfile. -# # When running in production (NOT just building FOR production), force bundler to ignore groups including the assets pipeline stuff if ENV["RAILS_ENV"] == "production" and not ENV.has_key?("RAILS_GROUPS") require "bundler" diff --git a/server/src/main/webapp/WEB-INF/rails/config/environment.rb b/server/src/main/webapp/WEB-INF/rails/config/environment.rb index 39fd2a7283de..cac531577525 100644 --- a/server/src/main/webapp/WEB-INF/rails/config/environment.rb +++ b/server/src/main/webapp/WEB-INF/rails/config/environment.rb @@ -1,19 +1,3 @@ -# -# Copyright 2023 Thoughtworks, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - # Load the Rails application. require_relative "application" diff --git a/server/src/main/webapp/WEB-INF/rails/config/environments/development.rb b/server/src/main/webapp/WEB-INF/rails/config/environments/development.rb index 937bc7c05c99..fee36977b19c 100644 --- a/server/src/main/webapp/WEB-INF/rails/config/environments/development.rb +++ b/server/src/main/webapp/WEB-INF/rails/config/environments/development.rb @@ -14,6 +14,8 @@ # limitations under the License. # +require "active_support/core_ext/integer/time" + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. @@ -28,6 +30,9 @@ # Show full error reports. config.consider_all_requests_local = true + # Enable server timing + config.server_timing = true + # Disable caching config.action_controller.perform_caching = false config.cache_store = :null_store @@ -55,6 +60,9 @@ # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true + # Uncomment if you wish to allow Action Cable access from any origin. + # config.action_cable.disable_request_forgery_protection = true + # Use an evented file watcher to asynchronously detect changes in source code, # routes, locales, etc. This feature depends on the listen gem. # config.file_watcher = ActiveSupport::EventedFileUpdateChecker diff --git a/server/src/main/webapp/WEB-INF/rails/config/environments/production.rb b/server/src/main/webapp/WEB-INF/rails/config/environments/production.rb index dc9c9d4882aa..c1ef22495866 100644 --- a/server/src/main/webapp/WEB-INF/rails/config/environments/production.rb +++ b/server/src/main/webapp/WEB-INF/rails/config/environments/production.rb @@ -14,6 +14,8 @@ # limitations under the License. # +require "active_support/core_ext/integer/time" + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. @@ -38,7 +40,7 @@ # Disable serving static files from the `/public` folder by default since # Apache or NGINX already handles this. - config.public_file_server.enabled = true + config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present? # Compress CSS using a preprocessor. # config.assets.css_compressor = :sass @@ -47,11 +49,11 @@ config.assets.compile = false # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.asset_host = 'http://assets.example.com' + # config.asset_host = "http://assets.example.com" # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache - # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX + # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache + # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. # config.force_ssl = true @@ -66,46 +68,25 @@ # Use a different cache store in production. # config.cache_store = :mem_cache_store - # Use a real queuing backend for Active Job (and separate queues per environment). - # config.active_job.queue_adapter = :resque - # config.active_job.queue_name_prefix = "go_production" - # Enable locale fallbacks for I18n (makes lookups for any locale fall back to # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = true - # Send deprecation notices to registered listeners. - config.active_support.deprecation = :notify - - # Log disallowed deprecations. - config.active_support.disallowed_deprecation = :log - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] + # Don't log any deprecations. + config.active_support.report_deprecations = false # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = ::Logger::Formatter.new - # Inserts middleware to perform automatic connection switching. - # The `database_selector` hash is used to pass options to the DatabaseSelector - # middleware. The `delay` is used to determine how long to wait after a write - # to send a subsequent read to the primary. - # - # The `database_resolver` class is used by the middleware to determine which - # database is appropriate to use based on the time delay. - # - # The `database_resolver_context` class is used by the middleware to set - # timestamps for the last write to the primary. The resolver uses the context - # class timestamps to determine how long to wait before reading from the - # replica. - # - # By default Rails will store a last write timestamp in the session. The - # DatabaseSelector middleware is designed as such you can define your own - # strategy for connection switching and pass that into the middleware through - # these configuration options. - # config.active_record.database_selector = { delay: 2.seconds } - # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver - # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session + # Use a different logger for distributed setups. + # require "syslog/logger" + # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name") + + if ENV["RAILS_LOG_TO_STDOUT"].present? + logger = ActiveSupport::Logger.new(STDOUT) + logger.formatter = config.log_formatter + config.logger = ActiveSupport::TaggedLogging.new(logger) + end config.java_services_cache = :ServiceCache end diff --git a/server/src/main/webapp/WEB-INF/rails/config/environments/test.rb b/server/src/main/webapp/WEB-INF/rails/config/environments/test.rb index e6a0e8ceffe3..4d0439610a2a 100644 --- a/server/src/main/webapp/WEB-INF/rails/config/environments/test.rb +++ b/server/src/main/webapp/WEB-INF/rails/config/environments/test.rb @@ -14,6 +14,8 @@ # limitations under the License. # +require "active_support/core_ext/integer/time" + # The test environment is used exclusively to run your application's # test suite. You never need to work with it otherwise. Remember that # your test database is "scratch space" for the test suite and is wiped @@ -22,12 +24,13 @@ Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. + # Turn false under Spring and add config.action_view.cache_template_loading = true. config.cache_classes = true - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. - config.eager_load = false + # Eager loading loads your whole application. When running a single test locally, + # this probably isn't necessary. It's a good idea to do in a continuous integration + # system, or in some way before deploying your code. + config.eager_load = ENV["CI"].present? # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true @@ -41,7 +44,7 @@ # Show full error reports and disable caching. config.consider_all_requests_local = true config.action_controller.perform_caching = false - config.cache_store = :null_store + config.cache_store = :null_store # Raise exceptions instead of rendering exception templates. config.action_dispatch.show_exceptions = false diff --git a/server/src/main/webapp/WEB-INF/rails/config/initializers/content_security_policy.rb b/server/src/main/webapp/WEB-INF/rails/config/initializers/content_security_policy.rb index d9ae8814e44a..7a456596f096 100644 --- a/server/src/main/webapp/WEB-INF/rails/config/initializers/content_security_policy.rb +++ b/server/src/main/webapp/WEB-INF/rails/config/initializers/content_security_policy.rb @@ -16,29 +16,26 @@ # Be sure to restart your server when you modify this file. -# Define an application-wide content security policy -# For further information see the following documentation -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +# Define an application-wide content security policy. +# See the Securing Rails Applications Guide for more information: +# https://guides.rubyonrails.org/security.html#content-security-policy-header -# Rails.application.config.content_security_policy do |policy| -# policy.default_src :self, :https -# policy.font_src :self, :https, :data -# policy.img_src :self, :https, :data -# policy.object_src :none -# policy.script_src :self, :https -# policy.style_src :self, :https - -# # Specify URI for violation reports -# # policy.report_uri "/csp-violation-report-endpoint" +# Rails.application.configure do +# config.content_security_policy do |policy| +# policy.default_src :self, :https +# policy.font_src :self, :https, :data +# policy.img_src :self, :https, :data +# policy.object_src :none +# policy.script_src :self, :https +# policy.style_src :self, :https +# # Specify URI for violation reports +# # policy.report_uri "/csp-violation-report-endpoint" +# end +# +# # Generate session nonces for permitted importmap and inline scripts +# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } +# config.content_security_policy_nonce_directives = %w(script-src) +# +# # Report violations without enforcing the policy. +# # config.content_security_policy_report_only = true # end - -# If you are using UJS then enable automatic nonce generation -# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } - -# Set the nonce only to specific directives -# Rails.application.config.content_security_policy_nonce_directives = %w(script-src) - -# Report CSP violations to a specified URI -# For further information see the following documentation: -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only -# Rails.application.config.content_security_policy_report_only = true diff --git a/server/src/main/webapp/WEB-INF/rails/config/initializers/filter_parameter_logging.rb b/server/src/main/webapp/WEB-INF/rails/config/initializers/filter_parameter_logging.rb index d4d9a7cd5cb9..6f63d6327388 100644 --- a/server/src/main/webapp/WEB-INF/rails/config/initializers/filter_parameter_logging.rb +++ b/server/src/main/webapp/WEB-INF/rails/config/initializers/filter_parameter_logging.rb @@ -16,7 +16,9 @@ # Be sure to restart your server when you modify this file. -# Configure sensitive parameters which will be filtered from the log file. +# Configure parameters to be filtered from the log file. Use this to limit dissemination of +# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported +# notations and behaviors. Rails.application.config.filter_parameters += [ - :password, :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn + :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn ] diff --git a/server/src/main/webapp/WEB-INF/rails/config/initializers/inflections.rb b/server/src/main/webapp/WEB-INF/rails/config/initializers/inflections.rb index 812ff3ea01f8..a12bb8baa61d 100644 --- a/server/src/main/webapp/WEB-INF/rails/config/initializers/inflections.rb +++ b/server/src/main/webapp/WEB-INF/rails/config/initializers/inflections.rb @@ -20,13 +20,13 @@ # are locale specific, and you may define rules for as many different # locales as you wish. All of these examples are active by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.plural /^(ox)$/i, '\1en' -# inflect.singular /^(ox)en/i, '\1' -# inflect.irregular 'person', 'people' +# inflect.plural /^(ox)$/i, "\\1en" +# inflect.singular /^(ox)en/i, "\\1" +# inflect.irregular "person", "people" # inflect.uncountable %w( fish sheep ) # end # These inflection rules are supported but not enabled by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.acronym 'RESTful' +# inflect.acronym "RESTful" # end