diff --git a/config/application.rb b/config/application.rb index 3acc35c0dd2..aa236f16715 100644 --- a/config/application.rb +++ b/config/application.rb @@ -27,7 +27,7 @@ module Gemcutter class Application < Rails::Application # Initialize configuration defaults for originally generated Rails version. - config.load_defaults 7.1 + config.load_defaults 7.2 # Please, add to the `ignore` list any other `lib` subdirectories that do # not contain `.rb` files, or that should not be reloaded or eager loaded. diff --git a/config/environments/development.rb b/config/environments/development.rb index 2384e1ee68d..b053a1c3781 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -17,8 +17,8 @@ # Enable server timing. config.server_timing = true - # Enable/disable caching. By default caching is disabled. - # Run rails dev:cache to toggle caching. + # Enable/disable Action Controller caching. By default Action Controller caching is disabled. + # Run rails dev:cache to toggle Action Controller caching. if Rails.root.join("tmp/caching-dev.txt").exist? config.action_controller.perform_caching = true config.action_controller.enable_fragment_cache_logging = true @@ -60,6 +60,9 @@ # Highlight code that triggered database queries in logs. config.active_record.verbose_query_logs = true + # Append comments with runtime information tags to SQL queries in logs. + config.active_record.query_log_tags_enabled = true + # Highlight code that enqueued background job in logs. config.active_job.verbose_enqueue_logs = true diff --git a/config/environments/production.rb b/config/environments/production.rb index 8d95758ee47..59845549237 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -1,4 +1,5 @@ require "active_support/core_ext/integer/time" +require_relative "../../lib/gemcutter/middleware/redirector" Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. @@ -6,14 +7,13 @@ # Code is not reloaded between requests. config.enable_reloading = false - # Eager load code on boot. This eager loads most of Rails and - # your application in memory, allowing both threaded web servers - # and those relying on copy on write to perform better. - # Rake tasks automatically ignore this option for performance. + # Eager load code on boot for better performance and memory savings (ignored by Rake tasks). config.eager_load = true - # Full error reports are disabled and caching is turned on. - config.consider_all_requests_local = false + # Full error reports are disabled. + config.consider_all_requests_local = false + + # Turn on fragment caching in view templates. config.action_controller.perform_caching = true # Ensures that a master key has been made available in ENV["RAILS_MASTER_KEY"], config/master.key, or an environment @@ -66,7 +66,10 @@ # want to log everything, set the level to "debug". config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info") - # Use a different cache store in production. + # Don't log any deprecations. + config.active_support.report_deprecations = false + + # Replace the default in-process memory cache store with a durable alternative. # config.cache_store = :mem_cache_store # Use a real queuing backend for Active Job (and separate queues per environment). @@ -90,18 +93,12 @@ # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = true - # Send deprecation notices to registered listeners. - config.active_support.deprecation = :notify - - # Log disallowed deprecations. - config.active_support.disallowed_deprecation = :log - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] - # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false + # Only use :id for inspections in production. + config.active_record.attributes_for_inspect = [:id] + # Enable DNS rebinding protection and other `Host` header attacks. # config.hosts = [ # "example.com", # Allow requests from example.com @@ -119,6 +116,5 @@ value_max_bytes: 2_097_152 # 2MB } - require_relative "../../lib/gemcutter/middleware/redirector" config.middleware.use Gemcutter::Middleware::Redirector end diff --git a/config/environments/staging.rb b/config/environments/staging.rb index ae4726d99a0..c7486aa792b 100644 --- a/config/environments/staging.rb +++ b/config/environments/staging.rb @@ -1,4 +1,5 @@ require Rails.root.join("config", "secret") if Rails.root.join("config", "secret.rb").file? +require "active_support/core_ext/integer/time" require_relative "../../lib/gemcutter/middleware/redirector" Rails.application.configure do @@ -7,14 +8,13 @@ # Code is not reloaded between requests. config.enable_reloading = false - # Eager load code on boot. This eager loads most of Rails and - # your application in memory, allowing both threaded web servers - # and those relying on copy on write to perform better. - # Rake tasks automatically ignore this option for performance. + # Eager load code on boot for better performance and memory savings (ignored by Rake tasks). config.eager_load = true - # Full error reports are disabled and caching is turned on. - config.consider_all_requests_local = false + # Full error reports are disabled. + config.consider_all_requests_local = false + + # Turn on fragment caching in view templates. config.action_controller.perform_caching = true # Attempt to read encrypted secrets from `config/secrets.yml.enc`. @@ -58,21 +58,32 @@ # Use the lowest log level to ensure availability of diagnostic information # when problems arise. - config.log_level = ENV['RAILS_LOG_LEVEL'].present? ? ENV['RAILS_LOG_LEVEL'].to_sym : :info + $stdout.sync = true config.rails_semantic_logger.format = :json config.rails_semantic_logger.semantic = true config.rails_semantic_logger.add_file_appender = false - SemanticLogger.add_appender(io: $stdout, formatter: :json) + config.semantic_logger.add_appender(io: $stdout, formatter: config.rails_semantic_logger.format) # Prepend all log lines with the following tags. # config.log_tags = [ :request_id ] + # "info" includes generic and useful information about system operation, but avoids logging too much + # information to avoid inadvertent exposure of personally identifiable information (PII). If you + # want to log everything, set the level to "debug". + config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info") + + # Don't log any deprecations. + config.active_support.report_deprecations = false + # Use a different cache store in production. # config.cache_store = :mem_cache_store # Use a real queuing backend for Active Job (and separate queues per environment) # config.active_job.queue_adapter = :resque # config.active_job.queue_name_prefix = "gemcutter_#{Rails.env}" + + # Disable caching for Action Mailer templates even if Action Controller + # caching is enabled. config.action_mailer.perform_caching = false # Ignore bad email addresses and do not raise email delivery errors. @@ -83,16 +94,17 @@ # roadie-rails recommends not setting action_mailer.asset_host and use its own configuration for URL options config.roadie.url_options = { host: Gemcutter::HOST, scheme: Gemcutter::PROTOCOL } + # Enable locale fallbacks for I18n (makes lookups for any locale fall back to # the I18n.default_locale when a translation cannot be found). - config.i18n.fallbacks = [:en] - - # Send deprecation notices to registered listeners. - config.active_support.deprecation = :notify + config.i18n.fallbacks = true # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false + # Only use :id for inspections in production. + config.active_record.attributes_for_inspect = [:id] + config.cache_store = :mem_cache_store, ENV['MEMCACHED_ENDPOINT'], { failover: true, socket_timeout: 1.5, diff --git a/config/environments/test.rb b/config/environments/test.rb index a65ac8280f1..3339774d871 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -23,12 +23,14 @@ "Cache-Control" => "public, max-age=#{1.hour.to_i}" } - # Show full error reports and disable caching. - config.consider_all_requests_local = true + # Show full error reports. + config.consider_all_requests_local = true config.action_controller.perform_caching = false config.cache_store = :mem_cache_store - # Raise exceptions instead of rendering exception templates. + # Render exception templates for rescuable exceptions and raise for other exceptions. + # config.action_dispatch.show_exceptions = :rescuable + # Using this setting seems broken in rails 8.0, causing the debug template to render in system tests. config.action_dispatch.show_exceptions = :none # Disable request forgery protection in test environment. diff --git a/config/initializers/new_framework_defaults_7_2.rb b/config/initializers/new_framework_defaults_7_2.rb deleted file mode 100644 index b549c4a258a..00000000000 --- a/config/initializers/new_framework_defaults_7_2.rb +++ /dev/null @@ -1,70 +0,0 @@ -# Be sure to restart your server when you modify this file. -# -# This file eases your Rails 7.2 framework defaults upgrade. -# -# Uncomment each configuration one by one to switch to the new default. -# Once your application is ready to run with all new defaults, you can remove -# this file and set the `config.load_defaults` to `7.2`. -# -# Read the Guide for Upgrading Ruby on Rails for more info on each option. -# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html - -### -# Controls whether Active Job's `#perform_later` and similar methods automatically defer -# the job queuing to after the current Active Record transaction is committed. -# -# Example: -# Topic.transaction do -# topic = Topic.create(...) -# NewTopicNotificationJob.perform_later(topic) -# end -# -# In this example, if the configuration is set to `:never`, the job will -# be enqueued immediately, even though the `Topic` hasn't been committed yet. -# Because of this, if the job is picked up almost immediately, or if the -# transaction doesn't succeed for some reason, the job will fail to find this -# topic in the database. -# -# If `enqueue_after_transaction_commit` is set to `:default`, the queue adapter -# will define the behaviour. -# -# Note: Active Job backends can disable this feature. This is generally done by -# backends that use the same database as Active Record as a queue, hence they -# don't need this feature. -#++ -# Rails.application.config.active_job.enqueue_after_transaction_commit = :default - -### -# Adds image/webp to the list of content types Active Storage considers as an image -# Prevents automatic conversion to a fallback PNG, and assumes clients support WebP, as they support gif, jpeg, and png. -# This is possible due to broad browser support for WebP, but older browsers and email clients may still not support -# WebP. Requires imagemagick/libvips built with WebP support. -#++ -# Rails.application.config.active_storage.web_image_content_types = %w[image/png image/jpeg image/gif image/webp] - -### -# Enable validation of migration timestamps. When set, an ActiveRecord::InvalidMigrationTimestampError -# will be raised if the timestamp prefix for a migration is more than a day ahead of the timestamp -# associated with the current time. This is done to prevent forward-dating of migration files, which can -# impact migration generation and other migration commands. -# -# Applications with existing timestamped migrations that do not adhere to the -# expected format can disable validation by setting this config to `false`. -#++ -# Rails.application.config.active_record.validate_migration_timestamps = true - -### -# Controls whether the PostgresqlAdapter should decode dates automatically with manual queries. -# -# Example: -# ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.select_value("select '2024-01-01'::date") #=> Date -# -# This query used to return a `String`. -#++ -# Rails.application.config.active_record.postgresql_adapter_decode_dates = true - -### -# Enables YJIT as of Ruby 3.3, to bring sizeable performance improvements. If you are -# deploying to a memory constrained environment you may want to set this to `false`. -#++ -# Rails.application.config.yjit = true diff --git a/config/initializers/new_framework_defaults_8_0.rb b/config/initializers/new_framework_defaults_8_0.rb new file mode 100644 index 00000000000..92efa951524 --- /dev/null +++ b/config/initializers/new_framework_defaults_8_0.rb @@ -0,0 +1,30 @@ +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 8.0 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `8.0`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +### +# Specifies whether `to_time` methods preserve the UTC offset of their receivers or preserves the timezone. +# If set to `:zone`, `to_time` methods will use the timezone of their receivers. +# If set to `:offset`, `to_time` methods will use the UTC offset. +# If `false`, `to_time` methods will convert to the local system UTC offset instead. +#++ +# Rails.application.config.active_support.to_time_preserves_timezone = :zone + +### +# When both `If-Modified-Since` and `If-None-Match` are provided by the client +# only consider `If-None-Match` as specified by RFC 7232 Section 6. +# If set to `false` both conditions need to be satisfied. +#++ +# Rails.application.config.action_dispatch.strict_freshness = true + +### +# Set `Regexp.timeout` to `1`s by default to improve security over Regexp Denial-of-Service attacks. +#++ +# Regexp.timeout = 1 diff --git a/public/400.html b/public/400.html new file mode 100644 index 00000000000..c2429c9a983 --- /dev/null +++ b/public/400.html @@ -0,0 +1,21 @@ + + + + + + + Client Error | RubyGems.org + + +
+
+ 400 error +
+
+

Client Error

+

Please check the request and try again.

+ Back to RubyGems.org → +
+
+ + diff --git a/public/403.html b/public/403.html index 4c6bb6bc39b..880f163855a 100644 --- a/public/403.html +++ b/public/403.html @@ -9,7 +9,7 @@
- 422 error + 403 error

Forbidden.

diff --git a/public/406-unsupported-browser.html b/public/406-unsupported-browser.html new file mode 100644 index 00000000000..be957625ecb --- /dev/null +++ b/public/406-unsupported-browser.html @@ -0,0 +1,21 @@ + + + + + + + Browser Not Supported | RubyGems.org + + +
+
+ 403 error +
+
+

Browser Not Supported

+

Please upgrade your browser to continue.

+ Back to RubyGems.org → +
+
+ +