diff --git a/Gemfile b/Gemfile index bc5a905e..8b87f16c 100644 --- a/Gemfile +++ b/Gemfile @@ -53,7 +53,7 @@ gem "rack", "~> 2" gem "rack-cors" -gem "rails", ">= 7.1", "<7.2" +gem "rails", "~> 7.2" #git: "https://github.com/rails/rails.git", branch: "6-1-stable" gem "rails-i18n" diff --git a/Gemfile.lock b/Gemfile.lock index f3cd2019..151e2975 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -35,10 +35,10 @@ GIT GIT remote: https://gitlab.com/pasosdeJesus/heb412_gen.git - revision: 3695771db89aee8864f4807ba32aedb4a9c762ab + revision: 7eea7af9fade94b84d2ea674eefdf24971815c47 branch: main specs: - heb412_gen (2.3.0.alfa1) + heb412_gen (2.3.0.alfa2) mr519_gen msip redcarpet @@ -46,19 +46,19 @@ GIT GIT remote: https://gitlab.com/pasosdeJesus/mr519_gen.git - revision: 84f57864341b7bfa82084ce993b0e815769caf7f + revision: 22377b6b7e036add62bffa62f66c6b7d7962fa09 branch: main specs: - mr519_gen (2.3.0.alfa1) + mr519_gen (2.3.0.alfa2) msip rails GIT remote: https://gitlab.com/pasosdeJesus/msip.git - revision: 30d642ca98c6ab54be31ec76d4d3bbc76efcd5cd + revision: 31bbedbafb0b8ce47e368f72adb50fb5ca5c413e branch: main specs: - msip (2.3.0.alfa1) + msip (2.3.0.alfa2) cancancan (~> 3) devise (~> 4) devise-i18n (~> 1) @@ -75,10 +75,10 @@ GIT GIT remote: https://gitlab.com/pasosdeJesus/sivel2_gen.git - revision: 35cecc9dbcbe43d64166f1462b8e3673bde7e6ae + revision: 8a320b2fd93ee0ac153b443a453719f1663155bd branch: main specs: - sivel2_gen (2.3.0.alfa1) + sivel2_gen (2.3.0.alfa2) color devise rails @@ -86,80 +86,76 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (7.1.4) - actionpack (= 7.1.4) - activesupport (= 7.1.4) + actioncable (7.2.1) + actionpack (= 7.2.1) + activesupport (= 7.2.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.1.4) - actionpack (= 7.1.4) - activejob (= 7.1.4) - activerecord (= 7.1.4) - activestorage (= 7.1.4) - activesupport (= 7.1.4) - mail (>= 2.7.1) - net-imap - net-pop - net-smtp - actionmailer (7.1.4) - actionpack (= 7.1.4) - actionview (= 7.1.4) - activejob (= 7.1.4) - activesupport (= 7.1.4) - mail (~> 2.5, >= 2.5.4) - net-imap - net-pop - net-smtp + actionmailbox (7.2.1) + actionpack (= 7.2.1) + activejob (= 7.2.1) + activerecord (= 7.2.1) + activestorage (= 7.2.1) + activesupport (= 7.2.1) + mail (>= 2.8.0) + actionmailer (7.2.1) + actionpack (= 7.2.1) + actionview (= 7.2.1) + activejob (= 7.2.1) + activesupport (= 7.2.1) + mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (7.1.4) - actionview (= 7.1.4) - activesupport (= 7.1.4) + actionpack (7.2.1) + actionview (= 7.2.1) + activesupport (= 7.2.1) nokogiri (>= 1.8.5) racc - rack (>= 2.2.4) + rack (>= 2.2.4, < 3.2) rack-session (>= 1.0.1) rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - actiontext (7.1.4) - actionpack (= 7.1.4) - activerecord (= 7.1.4) - activestorage (= 7.1.4) - activesupport (= 7.1.4) + useragent (~> 0.16) + actiontext (7.2.1) + actionpack (= 7.2.1) + activerecord (= 7.2.1) + activestorage (= 7.2.1) + activesupport (= 7.2.1) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.1.4) - activesupport (= 7.1.4) + actionview (7.2.1) + activesupport (= 7.2.1) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.1.4) - activesupport (= 7.1.4) + activejob (7.2.1) + activesupport (= 7.2.1) globalid (>= 0.3.6) - activemodel (7.1.4) - activesupport (= 7.1.4) - activerecord (7.1.4) - activemodel (= 7.1.4) - activesupport (= 7.1.4) + activemodel (7.2.1) + activesupport (= 7.2.1) + activerecord (7.2.1) + activemodel (= 7.2.1) + activesupport (= 7.2.1) timeout (>= 0.4.0) - activestorage (7.1.4) - actionpack (= 7.1.4) - activejob (= 7.1.4) - activerecord (= 7.1.4) - activesupport (= 7.1.4) + activestorage (7.2.1) + actionpack (= 7.2.1) + activejob (= 7.2.1) + activerecord (= 7.2.1) + activesupport (= 7.2.1) marcel (~> 1.0) - activesupport (7.1.4) + activesupport (7.2.1) base64 bigdecimal - concurrent-ruby (~> 1.0, >= 1.0.2) + concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) + logger (>= 1.4.2) minitest (>= 5.1) - mutex_m - tzinfo (~> 2.0) + securerandom (>= 0.3) + tzinfo (~> 2.0, >= 2.0.5) acts_as_list (1.2.2) activerecord (>= 6.1) activesupport (>= 6.1) @@ -266,6 +262,7 @@ GEM railties (>= 6.0.0) kgio (2.11.4) libxml-ruby (5.0.3) + logger (1.6.0) loofah (2.22.0) crass (~> 1.0.2) nokogiri (>= 1.12.0) @@ -283,7 +280,6 @@ GEM mini_portile2 (2.8.7) minitest (5.25.1) msgpack (1.7.2) - mutex_m (0.2.0) net-imap (0.4.14) date net-protocol @@ -341,20 +337,20 @@ GEM rackup (1.0.0) rack (< 3) webrick - rails (7.1.4) - actioncable (= 7.1.4) - actionmailbox (= 7.1.4) - actionmailer (= 7.1.4) - actionpack (= 7.1.4) - actiontext (= 7.1.4) - actionview (= 7.1.4) - activejob (= 7.1.4) - activemodel (= 7.1.4) - activerecord (= 7.1.4) - activestorage (= 7.1.4) - activesupport (= 7.1.4) + rails (7.2.1) + actioncable (= 7.2.1) + actionmailbox (= 7.2.1) + actionmailer (= 7.2.1) + actionpack (= 7.2.1) + actiontext (= 7.2.1) + actionview (= 7.2.1) + activejob (= 7.2.1) + activemodel (= 7.2.1) + activerecord (= 7.2.1) + activestorage (= 7.2.1) + activesupport (= 7.2.1) bundler (>= 1.15.0) - railties (= 7.1.4) + railties (= 7.2.1) rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest @@ -370,10 +366,10 @@ GEM rails-i18n (7.0.9) i18n (>= 0.7, < 2) railties (>= 6.0.0, < 8) - railties (7.1.4) - actionpack (= 7.1.4) - activesupport (= 7.1.4) - irb + railties (7.2.1) + actionpack (= 7.2.1) + activesupport (= 7.2.1) + irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) thor (~> 1.0, >= 1.2.2) @@ -406,6 +402,7 @@ GEM sprockets (> 3.0) sprockets-rails tilt + securerandom (0.3.1) simple_form (5.3.1) actionpack (>= 5.2) activemodel (>= 5.2) @@ -447,6 +444,7 @@ GEM unicorn (6.1.0) kgio (~> 2.6) raindrops (~> 0.7) + useragent (0.16.10) warden (1.2.9) rack (>= 2.0.9) web-console (4.2.1) @@ -512,7 +510,7 @@ DEPENDENCIES puma rack (~> 2) rack-cors - rails (>= 7.1, < 7.2) + rails (~> 7.2) rails-erd rails-i18n redcarpet @@ -534,4 +532,4 @@ DEPENDENCIES will_paginate BUNDLED WITH - 2.5.17 + 2.5.18 diff --git a/app/javascript/application.js b/app/javascript/application.js index 52e348f1..2ec9342c 100644 --- a/app/javascript/application.js +++ b/app/javascript/application.js @@ -12,8 +12,10 @@ import './jquery' import 'popper.js' // Dialogos emergentes usados por bootstrap import * as bootstrap from 'bootstrap' // Maquetacion y elementos de diseño import 'chosen-js/chosen.jquery'; // Cuadros de seleccion potenciados -import 'bootstrap-datepicker' -import 'bootstrap-datepicker/dist/locales/bootstrap-datepicker.es.min.js' + +import Msip__Motor from "./controllers/msip/motor" +window.Msip__Motor = Msip__Motor +Msip__Motor.iniciar() // Este se ejecuta una vez cuando se está cargando la aplicación tal vez antes que la página completa o los recursos // Apexcharts import ApexCharts from 'apexcharts' @@ -65,6 +67,8 @@ promesaRecursosSprocketsYDocumento.then((mensaje) => { apo214_prepara_eventos_comunes(root); sivel2_gen_prepara_eventos_unicos(root); + Msip__Motor.ejecutarAlCargarDocumentoYRecursos() // Este se ejecuta cada vez que se carga una página que no está en cache y tipicamente después de que se ha cargado la página completa y los recursos + var p = new URL(document.URL).pathname.split('/') var p2ult = '' if (p.length>2) { @@ -86,7 +90,9 @@ document.addEventListener('turbo:load', (e) => { console.log('Escuchador turbo:load') - msip_ejecutarAlCargarPagina(window) + msip_ejecutarAlCargarPagina(window) // Establece puntomontaje + Msip__Motor.ejecutarAlCargarPagina() + }) import "./controllers" diff --git a/bin/brakeman b/bin/brakeman index 60bc4ea9..ace1c9ba 100755 --- a/bin/brakeman +++ b/bin/brakeman @@ -1,3 +1,7 @@ -#!/bin/sh +#!/usr/bin/env ruby +require "rubygems" +require "bundler/setup" -bundle exec brakeman $@ +ARGV.unshift("--ensure-latest") + +load Gem.bin_path("brakeman", "brakeman") diff --git a/bin/setup b/bin/setup index ec47b79b..d6be768e 100755 --- a/bin/setup +++ b/bin/setup @@ -1,11 +1,11 @@ #!/usr/bin/env ruby require "fileutils" -# path to your application root. APP_ROOT = File.expand_path("..", __dir__) +APP_NAME = "sivel2" def system!(*args) - system(*args) || abort("\n== Command #{args} failed ==") + system(*args, exception: true) end FileUtils.chdir APP_ROOT do @@ -30,4 +30,8 @@ FileUtils.chdir APP_ROOT do puts "\n== Restarting application server ==" system! "bin/rails restart" + + # puts "\n== Configuring puma-dev ==" + # system "ln -nfs #{APP_ROOT} ~/.puma-dev/#{APP_NAME}" + # system "curl -Is https://#{APP_NAME}.test/up | head -n 1" end diff --git a/config/application.rb b/config/application.rb index ddfe428c..ef7421b9 100644 --- a/config/application.rb +++ b/config/application.rb @@ -49,7 +49,7 @@ class Application < Rails::Application config.hosts.concat( ENV.fetch('CONFIG_HOSTS', 'defensor.info').downcase.split(";")) - config.relative_url_root = ENV.fetch('RUTA_RELATIVA', "/sivel2_2") + config.relative_url_root = ENV.fetch('RUTA_RELATIVA', "/sivel2") config.action_dispatch.default_headers = { 'X-Frame-Options' => 'ALLOW' diff --git a/config/environments/development.rb b/config/environments/development.rb index 4e4de1b6..533f80c3 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -14,7 +14,7 @@ # Show full error reports. config.consider_all_requests_local = true - # Enable server timing + # Enable server timing. config.server_timing = true # Enable/disable caching. By default caching is disabled. @@ -24,9 +24,7 @@ config.action_controller.enable_fragment_cache_logging = true config.cache_store = :memory_store - config.public_file_server.headers = { - "Cache-Control" => "public, max-age=#{2.days.to_i}" - } + config.public_file_server.headers = { "Cache-Control" => "public, max-age=#{2.days.to_i}" } else config.action_controller.perform_caching = false @@ -36,8 +34,12 @@ # Don't care if the mailer can't send. config.action_mailer.raise_delivery_errors = false + # Disable caching for Action Mailer templates even if Action Controller + # caching is enabled. config.action_mailer.perform_caching = false + config.action_mailer.default_url_options = { host: "localhost", port: 3000 } + # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log @@ -63,11 +65,11 @@ # config.i18n.raise_on_missing_translations = true # Annotate rendered view with file names. - # config.action_view.annotate_rendered_view_with_filenames = true + config.action_view.annotate_rendered_view_with_filenames = true - # Raise error when a before_action's only/except options reference missing actions - config.action_controller.raise_on_missing_callback_actions = true + # Uncomment if you wish to allow Action Cable access from any origin. + # config.action_cable.disable_request_forgery_protection = true - config.web_console.permissions = ENV.fetch("WEB_CONSOLE_PERMISSIONS", ""). - split(",") + # Raise error when a before_action's only/except options reference missing actions. + config.action_controller.raise_on_missing_callback_actions = true end diff --git a/config/environments/production.rb b/config/environments/production.rb index 0d623133..7a0d0868 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -26,7 +26,7 @@ # Compress CSS using a preprocessor. # config.assets.css_compressor = :sass - # Do not fallback to assets pipeline if a precompiled asset is missed. + # Do not fall back to assets pipeline if a precompiled asset is missed. config.assets.compile = false # Enable serving of images, stylesheets, and JavaScripts from an asset server. @@ -36,6 +36,11 @@ # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX + # Mount Action Cable outside main process or domain. + # config.action_cable.mount_path = nil + # config.action_cable.url = "wss://example.com/cable" + # config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ] + # Assume all access to the app is happening through a SSL-terminating reverse proxy. # Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies. # config.assume_ssl = true @@ -43,6 +48,9 @@ # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. config.force_ssl = true + # Skip http-to-https redirect for the default health check endpoint. + # config.ssl_options = { redirect: { exclude: ->(request) { request.path == "/up" } } } + # Log to STDOUT by default config.logger = ActiveSupport::Logger.new(STDOUT) .tap { |logger| logger.formatter = ::Logger::Formatter.new } @@ -51,7 +59,7 @@ # Prepend all log lines with the following tags. config.log_tags = [ :request_id ] - # Info include generic and useful information about system operation, but avoids logging too much + # "info" includes generic and useful information about system operation, but avoids logging too much # information to avoid inadvertent exposure of personally identifiable information (PII). If you # want to log everything, set the level to "debug". config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info") @@ -61,8 +69,10 @@ # Use a real queuing backend for Active Job (and separate queues per environment). # config.active_job.queue_adapter = :resque - # config.active_job.queue_name_prefix = "dummy_production" + # config.active_job.queue_name_prefix = "sivel2_production" + # Disable caching for Action Mailer templates even if Action Controller + # caching is enabled. config.action_mailer.perform_caching = false # Ignore bad email addresses and do not raise email delivery errors. diff --git a/config/environments/test.rb b/config/environments/test.rb index c468e296..1735b493 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -18,10 +18,7 @@ config.eager_load = ENV["CI"].present? # Configure public file server for tests with Cache-Control for performance. - config.public_file_server.enabled = true - config.public_file_server.headers = { - "Cache-Control" => "public, max-age=#{1.hour.to_i}" - } + config.public_file_server.headers = { "Cache-Control" => "public, max-age=#{1.hour.to_i}" } # Show full error reports and disable caching. config.consider_all_requests_local = true @@ -34,6 +31,8 @@ # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false + # Disable caching for Action Mailer templates even if Action Controller + # caching is enabled. config.action_mailer.perform_caching = false # Tell Action Mailer not to deliver emails to the real world. @@ -41,6 +40,10 @@ # ActionMailer::Base.deliveries array. config.action_mailer.delivery_method = :test + # Unlike controllers, the mailer instance doesn't have any context about the + # incoming request so you'll need to provide the :host parameter yourself. + config.action_mailer.default_url_options = { host: "www.example.com" } + # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr @@ -56,6 +59,6 @@ # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true - # Raise error when a before_action's only/except options reference missing actions + # Raise error when a before_action's only/except options reference missing actions. config.action_controller.raise_on_missing_callback_actions = true end diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 5bfc571b..b3076b38 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -1,31 +1,25 @@ # Be sure to restart your server when you modify this file. -# Define an application-wide content security policy -# For further information see the following documentation -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +# Define an application-wide content security policy. +# See the Securing Rails Applications Guide for more information: +# https://guides.rubyonrails.org/security.html#content-security-policy-header - Rails.application.config.content_security_policy do |policy| -# policy.default_src :self, :https -# policy.font_src :self, :https, :data -# policy.img_src :self, :https, :data - policy.object_src :none -# policy.script_src :self, :https -# policy.style_src :self, :https - policy.frame_ancestors :self, 'https://www.nocheyniebla.org' - # If you are using webpack-dev-server then specify webpack-dev-server host -# policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development? - -# # Specify URI for violation reports -# # policy.report_uri "/csp-violation-report-endpoint" - end - -# If you are using UJS then enable automatic nonce generation -# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } - -# Set the nonce only to specific directives -# Rails.application.config.content_security_policy_nonce_directives = %w(script-src) - -# Report CSP violations to a specified URI -# For further information see the following documentation: -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only -# Rails.application.config.content_security_policy_report_only = true +# Rails.application.configure do +# config.content_security_policy do |policy| +# policy.default_src :self, :https +# policy.font_src :self, :https, :data +# policy.img_src :self, :https, :data +# policy.object_src :none +# policy.script_src :self, :https +# policy.style_src :self, :https +# # Specify URI for violation reports +# # policy.report_uri "/csp-violation-report-endpoint" +# end +# +# # Generate session nonces for permitted importmap, inline scripts, and inline styles. +# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } +# config.content_security_policy_nonce_directives = %w(script-src style-src) +# +# # Report violations without enforcing the policy. +# # config.content_security_policy_report_only = true +# end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 4b34a036..c010b83d 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,6 +1,8 @@ # Be sure to restart your server when you modify this file. -# Configure sensitive parameters which will be filtered from the log file. +# Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file. +# Use this to limit dissemination of sensitive information. +# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. Rails.application.config.filter_parameters += [ - :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn + :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn ] diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index ac033bf9..3860f659 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb @@ -4,13 +4,13 @@ # are locale specific, and you may define rules for as many different # locales as you wish. All of these examples are active by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.plural /^(ox)$/i, '\1en' -# inflect.singular /^(ox)en/i, '\1' -# inflect.irregular 'person', 'people' +# inflect.plural /^(ox)$/i, "\\1en" +# inflect.singular /^(ox)en/i, "\\1" +# inflect.irregular "person", "people" # inflect.uncountable %w( fish sheep ) # end # These inflection rules are supported but not enabled by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.acronym 'RESTful' +# inflect.acronym "RESTful" # end diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb deleted file mode 100644 index a579326e..00000000 --- a/config/initializers/new_framework_defaults_7_0.rb +++ /dev/null @@ -1,117 +0,0 @@ -# Be sure to restart your server when you modify this file. -# -# This file eases your Rails 7.0 framework defaults upgrade. -# -# Uncomment each configuration one by one to switch to the new default. -# Once your application is ready to run with all new defaults, you can remove -# this file and set the `config.load_defaults` to `7.0`. -# -# Read the Guide for Upgrading Ruby on Rails for more info on each option. -# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html - -# `button_to` view helper will render `