Add dummy Hanami application for integration testing. (#7)

* Add dummy test app.

* Remove unsupported ruby versions from Travis.

Author: beauby

.gitignore

@@ -32,3 +32,7 @@ Gemfile.lock
 
 # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
 .rvmrc
+
+## Dummy application
+spec/dummy/db/*.sqlite
+spec/dummy/tmp

.travis.yml

@@ -2,9 +2,10 @@ language: ruby
 sudo: false
 before_install:
   - bundle update
+before_script:
+  - '$(cd spec/dummy HANAMI_ENV=test bundle exec hanami db create)'
+  - '$(cd spec/dummy HANAMI_ENV=test bundle exec hanami db migrate)'
 rvm:
-  - 2.1
-  - 2.2
   - 2.3.0
   - ruby-head
 matrix:

jsonapi-hanami.gemspec

@@ -16,6 +16,10 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency 'jsonapi-rb', '~> 0.1.1'
 
-  spec.add_development_dependency 'rake',  '~> 11.3'
-  spec.add_development_dependency 'rspec', '~> 3.5'
+  spec.add_development_dependency 'rake',   '~> 11.3'
+  spec.add_development_dependency 'rspec',  '~> 3.5'
+  spec.add_development_dependency 'hanami', '~> 1.0'
+  spec.add_development_dependency 'hanami-model', '~> 1.0'
+  spec.add_development_dependency 'sqlite3'
+  spec.add_development_dependency 'dotenv'
 end

spec/dummy/.env.development

@@ -0,0 +1,4 @@
+# Define ENV variables for development environment
+DATABASE_URL="sqlite://db/dummy_development.sqlite"
+SERVE_STATIC_ASSETS="true"
+API_SESSIONS_SECRET="33f5c30be87c43665bc7907f62cfd1096541056cf23e001aa95454b966b27439"

spec/dummy/.env.test

@@ -0,0 +1,4 @@
+# Define ENV variables for test environment
+DATABASE_URL="sqlite://db/dummy_test.sqlite"
+SERVE_STATIC_ASSETS="true"
+API_SESSIONS_SECRET="89e71edc5f4fab26e6f7bc3d2097e7039e40ffdfadef7234a90f10e0718307a1"

spec/dummy/.gitignore

@@ -0,0 +1,3 @@
+/db/*.sqlite
+/public/assets*
+/tmp

spec/dummy/.hanamirc

@@ -0,0 +1,4 @@
+project=dummy
+architecture=container
+test=minitest
+template=erb

spec/dummy/apps/api/application.rb

@@ -0,0 +1,330 @@
+require 'hanami/helpers'
+require 'hanami/assets'
+
+module Api
+  class Application < Hanami::Application
+    configure do
+      ##
+      # BASIC
+      #
+
+      # Define the root path of this application.
+      # All paths specified in this configuration are relative to path below.
+      #
+      root __dir__
+
+      # Relative load paths where this application will recursively load the
+      # code.
+      #
+      # When you add new directories, remember to add them here.
+      #
+      load_paths << [
+        'controllers',
+        'views',
+        'resources'
+      ]
+
+      # Handle exceptions with HTTP statuses (true) or don't catch them (false).
+      # Defaults to true.
+      # See: http://www.rubydoc.info/gems/hanami-controller/#Exceptions_management
+      #
+      # handle_exceptions true
+
+      ##
+      # HTTP
+      #
+
+      # Routes definitions for this application
+      # See: http://www.rubydoc.info/gems/hanami-router#Usage
+      #
+      routes 'config/routes'
+
+      # URI scheme used by the routing system to generate absolute URLs
+      # Defaults to "http"
+      #
+      # scheme 'https'
+
+      # URI host used by the routing system to generate absolute URLs
+      # Defaults to "localhost"
+      #
+      # host 'example.org'
+
+      # URI port used by the routing system to generate absolute URLs
+      # Argument: An object coercible to integer, defaults to 80 if the scheme
+      # is http and 443 if it's https
+      #
+      # This should only be configured if app listens to non-standard ports
+      #
+      # port 443
+
+      # Enable cookies
+      # Argument: boolean to toggle the feature
+      #           A Hash with options
+      #
+      # Options:
+      #   :domain   - The domain (String - nil by default, not required)
+      #   :path     - Restrict cookies to a relative URI
+      #               (String - nil by default)
+      #   :max_age  - Cookies expiration expressed in seconds
+      #               (Integer - nil by default)
+      #   :secure   - Restrict cookies to secure connections
+      #               (Boolean - Automatically true when using HTTPS)
+      #               See #scheme and #ssl?
+      #   :httponly - Prevent JavaScript access (Boolean - true by default)
+      #
+      # cookies true
+      # or
+      # cookies max_age: 300
+
+      # Enable sessions
+      # Argument: Symbol the Rack session adapter
+      #           A Hash with options
+      #
+      # See: http://www.rubydoc.info/gems/rack/Rack/Session/Cookie
+      #
+      # sessions :cookie, secret: ENV['API_SESSIONS_SECRET']
+
+      # Configure Rack middleware for this application
+      #
+      # middleware.use Rack::Protection
+
+      # Default format for the requests that don't specify an HTTP_ACCEPT header
+      # Argument: A symbol representation of a mime type, defaults to :html
+      #
+      # default_request_format :html
+
+      # Default format for responses that don't consider the request format
+      # Argument: A symbol representation of a mime type, defaults to :html
+      #
+      # default_response_format :html
+
+      # HTTP Body parsers
+      # Parse non GET responses body for a specific mime type
+      # Argument: Symbol, which represent the format of the mime type
+      #             (only `:json` is supported)
+      #           Object, the parser
+      #
+      body_parsers :json
+
+      # When it's true and the router receives a non-encrypted request (http),
+      # it redirects to the secure equivalent (https). Disabled by default.
+      #
+      # force_ssl true
+
+      ##
+      # TEMPLATES
+      #
+
+      # The layout to be used by all views
+      #
+      layout :application # It will load Api::Views::ApplicationLayout
+
+      # The relative path to templates
+      #
+      templates 'templates'
+
+      ##
+      # ASSETS
+      #
+      assets do
+        # JavaScript compressor
+        #
+        # Supported engines:
+        #
+        #   * :builtin
+        #   * :uglifier
+        #   * :yui
+        #   * :closure
+        #
+        # See: http://hanamirb.org/guides/assets/compressors
+        #
+        # In order to skip JavaScript compression comment the following line
+        javascript_compressor :builtin
+
+        # Stylesheet compressor
+        #
+        # Supported engines:
+        #
+        #   * :builtin
+        #   * :yui
+        #   * :sass
+        #
+        # See: http://hanamirb.org/guides/assets/compressors
+        #
+        # In order to skip stylesheet compression comment the following line
+        stylesheet_compressor :builtin
+
+        # Specify sources for assets
+        #
+        sources << [
+          'assets'
+        ]
+      end
+
+      ##
+      # SECURITY
+      #
+
+      # X-Frame-Options is a HTTP header supported by modern browsers.
+      # It determines if a web page can or cannot be included via <frame> and
+      # <iframe> tags by untrusted domains.
+      #
+      # Web applications can send this header to prevent Clickjacking attacks.
+      #
+      # Read more at:
+      #
+      #   * https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
+      #   * https://www.owasp.org/index.php/Clickjacking
+      #
+      security.x_frame_options 'DENY'
+
+      # X-Content-Type-Options prevents browsers from interpreting files as
+      # something else than declared by the content type in the HTTP headers.
+      #
+      # Read more at:
+      #
+      #   * https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Content-Type-Options
+      #   * https://msdn.microsoft.com/en-us/library/gg622941%28v=vs.85%29.aspx
+      #   * https://blogs.msdn.microsoft.com/ie/2008/09/02/ie8-security-part-vi-beta-2-update
+      #
+      security.x_content_type_options 'nosniff'
+
+      # X-XSS-Protection is a HTTP header to determine the behavior of the
+      # browser in case an XSS attack is detected.
+      #
+      # Read more at:
+      #
+      #   * https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
+      #   * https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-XSS-Protection
+      #
+      security.x_xss_protection '1; mode=block'
+
+      # Content-Security-Policy (CSP) is a HTTP header supported by modern
+      # browsers. It determines trusted sources of execution for dynamic
+      # contents (JavaScript) or other web related assets: stylesheets, images,
+      # fonts, plugins, etc.
+      #
+      # Web applications can send this header to mitigate Cross Site Scripting
+      # (XSS) attacks.
+      #
+      # The default value allows images, scripts, AJAX, fonts and CSS from the
+      # same origin, and does not allow any other resources to load (eg object,
+      # frame, media, etc).
+      #
+      # Inline JavaScript is NOT allowed. To enable it, please use:
+      # "script-src 'unsafe-inline'".
+      #
+      # Content Security Policy introduction:
+      #
+      #  * http://www.html5rocks.com/en/tutorials/security/content-security-policy/
+      #  * https://www.owasp.org/index.php/Content_Security_Policy
+      #  * https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
+      #
+      # Inline and eval JavaScript risks:
+      #
+      #   * http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
+      #   * http://www.html5rocks.com/en/tutorials/security/content-security-policy/#eval-too
+      #
+      # Content Security Policy usage:
+      #
+      #  * http://content-security-policy.com/
+      #  * https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Using_Content_Security_Policy
+      #
+      # Content Security Policy references:
+      #
+      #  * https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives
+      #
+      security.content_security_policy %{
+        form-action 'self';
+        frame-ancestors 'self';
+        base-uri 'self';
+        default-src 'none';
+        script-src 'self';
+        connect-src 'self';
+        img-src 'self' https: data:;
+        style-src 'self' 'unsafe-inline' https:;
+        font-src 'self';
+        object-src 'none';
+        plugin-types application/pdf;
+        child-src 'self';
+        frame-src 'self';
+        media-src 'self'
+      }
+
+      ##
+      # FRAMEWORKS
+      #
+
+      # Configure the code that will yield each time Api::Action is included
+      # This is useful for sharing common functionality
+      #
+      # See: http://www.rubydoc.info/gems/hanami-controller#Configuration
+      controller.prepare do
+        # include MyAuthentication # included in all the actions
+        # before :authenticate!    # run an authentication before callback
+      end
+
+      # Register the JSON API MIME type.
+      controller.format jsonapi: 'application/vnd.api+json'
+
+      # Configure the code that will yield each time Api::View is included
+      # This is useful for sharing common functionality
+      #
+      # See: http://www.rubydoc.info/gems/hanami-view#Configuration
+      view.prepare do
+        include Hanami::Helpers
+        include Api::Assets::Helpers
+      end
+    end
+
+    ##
+    # DEVELOPMENT
+    #
+    configure :development do
+      # Don't handle exceptions, render the stack trace
+      handle_exceptions false
+    end
+
+    ##
+    # TEST
+    #
+    configure :test do
+      # Don't handle exceptions, render the stack trace
+      handle_exceptions false
+    end
+
+    ##
+    # PRODUCTION
+    #
+    configure :production do
+      # scheme 'https'
+      # host   'example.org'
+      # port   443
+
+      assets do
+        # Don't compile static assets in production mode (eg. Sass, ES6)
+        #
+        # See: http://www.rubydoc.info/gems/hanami-assets#Configuration
+        compile false
+
+        # Use fingerprint file name for asset paths
+        #
+        # See: http://hanamirb.org/guides/assets/overview
+        fingerprint true
+
+        # Content Delivery Network (CDN)
+        #
+        # See: http://hanamirb.org/guides/assets/content-delivery-network
+        #
+        # scheme 'https'
+        # host   'cdn.example.org'
+        # port   443
+
+        # Subresource Integrity
+        #
+        # See: http://hanamirb.org/guides/assets/content-delivery-network/#subresource-integrity
+        subresource_integrity :sha256
+      end
+    end
+  end
+end

spec/dummy/apps/api/assets/favicon.ico

@@ -0,0 +1 @@
+#