source "https://rubygems.org"
# Require rails
-gem "rails", "6.1.4.6"
+gem "rails", "7.0.2.2"
# Require json for multi_json
gem "json"
gem "bootstrap", "~> 4.5.0"
gem "bootstrap_form", "~> 4.0"
gem "cancancan"
-gem "composite_primary_keys", "~> 13.0.0"
+gem "composite_primary_keys", "~> 14.0.0"
gem "config"
gem "delayed_job_active_record"
gem "http_accept_language", "~> 2.1.1"
gem "oauth-plugin", ">= 0.5.1"
gem "openstreetmap-deadlock_retry", ">= 1.3.1", :require => "deadlock_retry"
gem "rack-cors"
-gem "rails-i18n", "~> 6.0.0"
+gem "rails-i18n", "~> 7.0.0"
gem "rinku", ">= 2.0.6", :require => "rails_rinku"
gem "strong_migrations"
gem "validates_email_format_of", ">= 1.5.1"
gem "rubocop-performance"
gem "rubocop-rails"
gem "rubocop-rake"
- gem "selenium-webdriver", "~> 3.142.7"
+ gem "selenium-webdriver"
gem "simplecov", :require => false
gem "simplecov-lcov", :require => false
gem "webmock"
specs:
aasm (5.2.0)
concurrent-ruby (~> 1.0)
- actioncable (6.1.4.6)
- actionpack (= 6.1.4.6)
- activesupport (= 6.1.4.6)
+ actioncable (7.0.2.2)
+ actionpack (= 7.0.2.2)
+ activesupport (= 7.0.2.2)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
- actionmailbox (6.1.4.6)
- actionpack (= 6.1.4.6)
- activejob (= 6.1.4.6)
- activerecord (= 6.1.4.6)
- activestorage (= 6.1.4.6)
- activesupport (= 6.1.4.6)
+ actionmailbox (7.0.2.2)
+ actionpack (= 7.0.2.2)
+ activejob (= 7.0.2.2)
+ activerecord (= 7.0.2.2)
+ activestorage (= 7.0.2.2)
+ activesupport (= 7.0.2.2)
mail (>= 2.7.1)
- actionmailer (6.1.4.6)
- actionpack (= 6.1.4.6)
- actionview (= 6.1.4.6)
- activejob (= 6.1.4.6)
- activesupport (= 6.1.4.6)
+ net-imap
+ net-pop
+ net-smtp
+ actionmailer (7.0.2.2)
+ actionpack (= 7.0.2.2)
+ actionview (= 7.0.2.2)
+ activejob (= 7.0.2.2)
+ activesupport (= 7.0.2.2)
mail (~> 2.5, >= 2.5.4)
+ net-imap
+ net-pop
+ net-smtp
rails-dom-testing (~> 2.0)
- actionpack (6.1.4.6)
- actionview (= 6.1.4.6)
- activesupport (= 6.1.4.6)
- rack (~> 2.0, >= 2.0.9)
+ actionpack (7.0.2.2)
+ actionview (= 7.0.2.2)
+ activesupport (= 7.0.2.2)
+ rack (~> 2.0, >= 2.2.0)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
actionpack-page_caching (1.2.4)
actionpack (>= 4.0.0)
- actiontext (6.1.4.6)
- actionpack (= 6.1.4.6)
- activerecord (= 6.1.4.6)
- activestorage (= 6.1.4.6)
- activesupport (= 6.1.4.6)
+ actiontext (7.0.2.2)
+ actionpack (= 7.0.2.2)
+ activerecord (= 7.0.2.2)
+ activestorage (= 7.0.2.2)
+ activesupport (= 7.0.2.2)
+ globalid (>= 0.6.0)
nokogiri (>= 1.8.5)
- actionview (6.1.4.6)
- activesupport (= 6.1.4.6)
+ actionview (7.0.2.2)
+ activesupport (= 7.0.2.2)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
active_record_union (1.3.0)
activerecord (>= 4.0)
- activejob (6.1.4.6)
- activesupport (= 6.1.4.6)
+ activejob (7.0.2.2)
+ activesupport (= 7.0.2.2)
globalid (>= 0.3.6)
- activemodel (6.1.4.6)
- activesupport (= 6.1.4.6)
- activerecord (6.1.4.6)
- activemodel (= 6.1.4.6)
- activesupport (= 6.1.4.6)
+ activemodel (7.0.2.2)
+ activesupport (= 7.0.2.2)
+ activerecord (7.0.2.2)
+ activemodel (= 7.0.2.2)
+ activesupport (= 7.0.2.2)
activerecord-import (1.3.0)
activerecord (>= 4.2)
- activestorage (6.1.4.6)
- actionpack (= 6.1.4.6)
- activejob (= 6.1.4.6)
- activerecord (= 6.1.4.6)
- activesupport (= 6.1.4.6)
- marcel (~> 1.0.0)
+ activestorage (7.0.2.2)
+ actionpack (= 7.0.2.2)
+ activejob (= 7.0.2.2)
+ activerecord (= 7.0.2.2)
+ activesupport (= 7.0.2.2)
+ marcel (~> 1.0)
mini_mime (>= 1.1.0)
- activesupport (6.1.4.6)
+ activesupport (7.0.2.2)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
tzinfo (~> 2.0)
- zeitwerk (~> 2.3)
addressable (2.8.0)
public_suffix (>= 2.0.2, < 5.0)
annotate (3.2.0)
rack-test (>= 0.6.3)
regexp_parser (>= 1.5, < 3.0)
xpath (~> 3.2)
- childprocess (3.0.0)
+ childprocess (4.1.0)
coderay (1.1.3)
- composite_primary_keys (13.0.3)
- activerecord (~> 6.1.0)
+ composite_primary_keys (14.0.4)
+ activerecord (~> 7.0.2)
concurrent-ruby (1.1.9)
config (4.0.0)
deep_merge (~> 1.2, >= 1.2.1)
delayed_job_active_record (4.1.7)
activerecord (>= 3.0, < 8.0)
delayed_job (>= 3.0, < 5)
+ digest (3.1.0)
docile (1.4.0)
doorkeeper (5.5.4)
railties (>= 5)
ruby-vips (>= 2.0.17, < 3)
image_size (3.0.1)
in_threads (1.6.0)
+ io-wait (0.2.1)
jbuilder (2.11.5)
actionview (>= 5.0.0)
activesupport (>= 5.0.0)
multi_json (1.15.0)
multi_xml (0.6.0)
multipart-post (2.1.1)
+ net-imap (0.2.3)
+ digest
+ net-protocol
+ strscan
+ net-pop (0.1.1)
+ digest
+ net-protocol
+ timeout
+ net-protocol (0.1.2)
+ io-wait
+ timeout
+ net-smtp (0.3.1)
+ digest
+ net-protocol
+ timeout
nio4r (2.5.8)
nokogiri (1.13.1)
mini_portile2 (~> 2.7.0)
rack-test (1.1.0)
rack (>= 1.0, < 3)
rack-uri_sanitizer (0.0.2)
- rails (6.1.4.6)
- actioncable (= 6.1.4.6)
- actionmailbox (= 6.1.4.6)
- actionmailer (= 6.1.4.6)
- actionpack (= 6.1.4.6)
- actiontext (= 6.1.4.6)
- actionview (= 6.1.4.6)
- activejob (= 6.1.4.6)
- activemodel (= 6.1.4.6)
- activerecord (= 6.1.4.6)
- activestorage (= 6.1.4.6)
- activesupport (= 6.1.4.6)
+ rails (7.0.2.2)
+ actioncable (= 7.0.2.2)
+ actionmailbox (= 7.0.2.2)
+ actionmailer (= 7.0.2.2)
+ actionpack (= 7.0.2.2)
+ actiontext (= 7.0.2.2)
+ actionview (= 7.0.2.2)
+ activejob (= 7.0.2.2)
+ activemodel (= 7.0.2.2)
+ activerecord (= 7.0.2.2)
+ activestorage (= 7.0.2.2)
+ activesupport (= 7.0.2.2)
bundler (>= 1.15.0)
- railties (= 6.1.4.6)
- sprockets-rails (>= 2.0.0)
+ railties (= 7.0.2.2)
rails-controller-testing (1.0.5)
actionpack (>= 5.0.1.rc1)
actionview (>= 5.0.1.rc1)
nokogiri (>= 1.6)
rails-html-sanitizer (1.4.2)
loofah (~> 2.3)
- rails-i18n (6.0.0)
+ rails-i18n (7.0.2)
i18n (>= 0.7, < 2)
- railties (>= 6.0.0, < 7)
- railties (6.1.4.6)
- actionpack (= 6.1.4.6)
- activesupport (= 6.1.4.6)
+ railties (>= 6.0.0, < 8)
+ railties (7.0.2.2)
+ actionpack (= 7.0.2.2)
+ activesupport (= 7.0.2.2)
method_source
- rake (>= 0.13)
+ rake (>= 12.2)
thor (~> 1.0)
+ zeitwerk (~> 2.5)
rainbow (3.1.1)
rake (13.0.6)
rb-fsevent (0.11.1)
sprockets-rails
tilt
secure_headers (6.3.3)
- selenium-webdriver (3.142.7)
- childprocess (>= 0.5, < 4.0)
+ selenium-webdriver (4.1.0)
+ childprocess (>= 0.5, < 5.0)
+ rexml (~> 3.2, >= 3.2.5)
rubyzip (>= 1.2.2)
simplecov (0.21.2)
docile (~> 1.1)
sprockets (>= 3.0.0)
strong_migrations (0.8.0)
activerecord (>= 5.2)
+ strscan (3.0.1)
terser (1.1.8)
execjs (>= 0.3.0, < 3)
thor (1.2.1)
tilt (2.0.10)
+ timeout (0.2.0)
tzinfo (2.0.4)
concurrent-ruby (~> 1.0)
unicode-display_width (2.1.0)
cancancan
canonical-rails
capybara (>= 2.15)
- composite_primary_keys (~> 13.0.0)
+ composite_primary_keys (~> 14.0.0)
config
connection_pool
dalli
r2 (~> 0.2.7)
rack-cors
rack-uri_sanitizer
- rails (= 6.1.4.6)
+ rails (= 7.0.2.2)
rails-controller-testing
- rails-i18n (~> 6.0.0)
+ rails-i18n (~> 7.0.0)
rinku (>= 2.0.6)
rotp
rubocop
sanitize
sassc-rails
secure_headers
- selenium-webdriver (~> 3.142.7)
+ selenium-webdriver
simplecov
simplecov-lcov
strong_migrations
end
def preconditions_ok?(good_members = [])
+ raise OSM::APITooManyRelationMembersError.new(id, members.length, Settings.max_number_of_relation_members) if members.length > Settings.max_number_of_relation_members
+
# These are hastables that store an id in the index of all
# the nodes/way/relations that have already been added.
# If the member is valid and visible then we add it to the
api.note_area(:maximum => Settings.max_note_request_area)
api.tracepoints(:per_page => Settings.tracepoints_per_page)
api.waynodes(:maximum => Settings.max_number_of_way_nodes)
+ api.relationmembers(:maximum => Settings.max_number_of_relation_members)
api.changesets(:maximum_elements => Changeset::MAX_ELEMENTS)
api.timeout(:seconds => Settings.api_timeout)
api.status(:database => @database_status,
system! "gem install bundler --conservative"
system("bundle check") || system!("bundle install")
- # Install JavaScript dependencies
- system! "bin/yarn"
-
# puts "\n== Copying sample files =="
- # unless File.exist?('config/database.yml')
- # FileUtils.cp 'config/database.yml.sample', 'config/database.yml'
+ # unless File.exist?("config/database.yml")
+ # FileUtils.cp "config/database.yml.sample", "config/database.yml"
# end
puts "\n== Preparing database =="
# Show full error reports.
config.consider_all_requests_local = true
+ # Enable server timing
+ config.server_timing = true
+
# Enable/disable caching. By default caching is disabled.
# Run rails dev:cache to toggle caching.
if Rails.root.join("tmp/caching-dev.txt").exist?
# Highlight code that triggered database queries in logs.
config.active_record.verbose_query_logs = true unless Settings.status == "database_offline"
- # Debug mode disables concatenation and preprocessing of assets.
- # This option may cause significant delays in view rendering with a large
- # number of complex assets.
- config.assets.debug = true
-
# Suppress logger output for asset requests.
config.assets.quiet = true
# Annotate rendered view with file names.
# config.action_view.annotate_rendered_view_with_filenames = true
- # Use an evented file watcher to asynchronously detect changes in source code,
- # routes, locales, etc. This feature depends on the listen gem.
- config.file_watcher = ActiveSupport::EventedFileUpdateChecker
-
# Uncomment if you wish to allow Action Cable access from any origin.
# config.action_cable.disable_request_forgery_protection = true
config.assets.compile = false
# Enable serving of images, stylesheets, and JavaScripts from an asset server.
- # config.asset_host = 'http://assets.example.com'
+ # config.asset_host = "http://assets.example.com"
# Specifies the header that your server uses for sending files.
- # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
- # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
+ # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache
+ # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX
# Store uploaded files on the local file system (see config/storage.yml for options).
config.active_storage.service = :local
# Mount Action Cable outside main process or domain.
# config.action_cable.mount_path = nil
- # config.action_cable.url = 'wss://example.com/cable'
- # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
+ # config.action_cable.url = "wss://example.com/cable"
+ # config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ]
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# config.force_ssl = true
# the I18n.default_locale when a translation cannot be found).
config.i18n.fallbacks = true
- # Send deprecation notices to registered listeners.
- config.active_support.deprecation = :notify
-
- # Log disallowed deprecations.
- config.active_support.disallowed_deprecation = :log
-
- # Tell Active Support which deprecation messages to disallow.
- config.active_support.disallowed_deprecation_warnings = []
+ # Don't log any deprecations.
+ config.active_support.report_deprecations = false
# Use default logging formatter so that PID and timestamp are not suppressed.
config.log_formatter = ::Logger::Formatter.new
# Use a different logger for distributed setups.
- # require 'syslog/logger'
- # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name')
+ # require "syslog/logger"
+ # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name")
if ENV["RAILS_LOG_TO_STDOUT"].present?
logger = ActiveSupport::Logger.new($stdout)
# Do not dump schema after migrations.
config.active_record.dump_schema_after_migration = false unless Settings.status == "database_offline"
- # Inserts middleware to perform automatic connection switching.
- # The `database_selector` hash is used to pass options to the DatabaseSelector
- # middleware. The `delay` is used to determine how long to wait after a write
- # to send a subsequent read to the primary.
- #
- # The `database_resolver` class is used by the middleware to determine which
- # database is appropriate to use based on the time delay.
- #
- # The `database_resolver_context` class is used by the middleware to set
- # timestamps for the last write to the primary. The resolver uses the context
- # class timestamps to determine how long to wait before reading from the
- # replica.
- #
- # By default Rails will store a last write timestamp in the session. The
- # DatabaseSelector middleware is designed as such you can define your own
- # strategy for connection switching and pass that into the middleware through
- # these configuration options.
- # config.active_record.database_selector = { delay: 2.seconds }
- # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver
- # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session
-
# Enable autoloading of dependencies.
config.enable_dependency_loading = true
Rails.application.configure do
# Settings specified here will take precedence over those in config/application.rb.
+ # Turn false under Spring and add config.action_view.cache_template_loading = true
config.cache_classes = true
- # Do not eager load code on boot. This avoids loading your whole application
- # just for the purpose of running a single test. If you are using a tool that
- # preloads Rails for running tests, you may have to set it to true.
- config.eager_load = false
+ # Eager loading loads your whole application. When running a single test locally,
+ # this probably isn't necessary. It's a good idea to do in a continuous integration
+ # system, or in some way before deploying your code.
+ config.eager_load = ENV["CI"].present?
# Configure public file server for tests with Cache-Control for performance.
config.public_file_server.enabled = true
required(:max_note_request_area).filled(:number?)
required(:tracepoints_per_page).filled(:int?)
required(:max_number_of_way_nodes).filled(:int?)
+ required(:max_number_of_relation_members).filled(:int?)
required(:api_timeout).filled(:int?)
required(:imagery_blacklist).maybe(:array?)
required(:status).filled(:str?, :included_in? => ALLOWED_STATUS)
# For further information see the following documentation
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
-# Rails.application.config.content_security_policy do |policy|
-# policy.default_src :self, :https
-# policy.font_src :self, :https, :data
-# policy.img_src :self, :https, :data
-# policy.object_src :none
-# policy.script_src :self, :https
-# policy.style_src :self, :https
-# # If you are using webpack-dev-server then specify webpack-dev-server host
-# policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development?
-
-# # Specify URI for violation reports
-# # policy.report_uri "/csp-violation-report-endpoint"
+# Rails.application.configure do
+# config.content_security_policy do |policy|
+# policy.default_src :self, :https
+# policy.font_src :self, :https, :data
+# policy.img_src :self, :https, :data
+# policy.object_src :none
+# policy.script_src :self, :https
+# policy.style_src :self, :https
+# # Specify URI for violation reports
+# # policy.report_uri "/csp-violation-report-endpoint"
+# end
+#
+# # Generate session nonces for permitted importmap and inline scripts
+# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
+# config.content_security_policy_nonce_directives = %w(script-src)
+#
+# # Report CSP violations to a specified URI. See:
+# # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
+# # config.content_security_policy_report_only = true
# end
-
-# If you are using UJS then enable automatic nonce generation
-# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }
-
-# Set the nonce only to specific directives
-# Rails.application.config.content_security_policy_nonce_directives = %w(script-src)
-
-# Report CSP violations to a specified URI
-# For further information see the following documentation:
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
-# Rails.application.config.content_security_policy_report_only = true
# are locale specific, and you may define rules for as many different
# locales as you wish. All of these examples are active by default:
# ActiveSupport::Inflector.inflections(:en) do |inflect|
-# inflect.plural /^(ox)$/i, '\1en'
-# inflect.singular /^(ox)en/i, '\1'
-# inflect.irregular 'person', 'people'
+# inflect.plural /^(ox)$/i, "\\1en"
+# inflect.singular /^(ox)en/i, "\\1"
+# inflect.irregular "person", "people"
# inflect.uncountable %w( fish sheep )
# end
# These inflection rules are supported but not enabled by default:
# ActiveSupport::Inflector.inflections(:en) do |inflect|
-# inflect.acronym 'RESTful'
+# inflect.acronym "RESTful"
# end
--- /dev/null
+# Be sure to restart your server when you modify this file.
+#
+# This file eases your Rails 7.0 framework defaults upgrade.
+#
+# Uncomment each configuration one by one to switch to the new default.
+# Once your application is ready to run with all new defaults, you can remove
+# this file and set the `config.load_defaults` to `7.0`.
+#
+# Read the Guide for Upgrading Ruby on Rails for more info on each option.
+# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html
+
+# `button_to` view helper will render `<button>` element, regardless of whether
+# or not the content is passed as the first argument or as a block.
+# Rails.application.config.action_view.button_to_generates_button_tag = true
+
+# `stylesheet_link_tag` view helper will not render the media attribute by default.
+# Rails.application.config.action_view.apply_stylesheet_media_default = false
+
+# Change the digest class for the key generators to `OpenSSL::Digest::SHA256`.
+# Changing this default means invalidate all encrypted messages generated by
+# your application and, all the encrypted cookies. Only change this after you
+# rotated all the messages using the key rotator.
+#
+# See upgrading guide for more information on how to build a rotator.
+# https://guides.rubyonrails.org/v7.0/upgrading_ruby_on_rails.html
+# Rails.application.config.active_support.key_generator_hash_digest_class = OpenSSL::Digest::SHA256
+
+# Change the digest class for ActiveSupport::Digest.
+# Changing this default means that for example Etags change and
+# various cache keys leading to cache invalidation.
+# Rails.application.config.active_support.hash_digest_class = OpenSSL::Digest::SHA256
+
+# Don't override ActiveSupport::TimeWithZone.name and use the default Ruby
+# implementation.
+# Rails.application.config.active_support.remove_deprecated_time_with_zone_name = true
+
+# Change the format of the cache entry.
+# Changing this default means that all new cache entries added to the cache
+# will have a different format that is not supported by Rails 6.1 applications.
+# Only change this value after your application is fully deployed to Rails 7.0
+# and you have no plans to rollback.
+# Rails.application.config.active_support.cache_format_version = 7.0
+
+# Calls `Rails.application.executor.wrap` around test cases.
+# This makes test cases behave closer to an actual request or job.
+# Several features that are normally disabled in test, such as Active Record query cache
+# and asynchronous queries will then be enabled.
+# Rails.application.config.active_support.executor_around_test_case = true
+
+# Define the isolation level of most of Rails internal state.
+# If you use a fiber based server or job processor, you should set it to `:fiber`.
+# Otherwise the default of `:thread` if preferable.
+# Rails.application.config.active_support.isolation_level = :thread
+
+# Set both the `:open_timeout` and `:read_timeout` values for `:smtp` delivery method.
+# Rails.application.config.action_mailer.smtp_timeout = 5
+
+# The ActiveStorage video previewer will now use scene change detection to generate
+# better preview images (rather than the previous default of using the first frame
+# of the video).
+# Rails.application.config.active_storage.video_preview_arguments =
+# "-vf 'select=eq(n\\,0)+eq(key\\,1)+gt(scene\\,0.015),loop=loop=-1:size=2,trim=start_frame=1' -frames:v 1 -f image2"
+
+# Automatically infer `inverse_of` for associations with a scope.
+# Rails.application.config.active_record.automatic_scope_inversing = true
+
+# Raise when running tests if fixtures contained foreign key violations
+# Rails.application.config.active_record.verify_foreign_keys_for_fixtures = true
+
+# Disable partial inserts.
+# This default means that all columns will be referenced in INSERT queries
+# regardless of whether they have a default or not.
+# Rails.application.config.active_record.partial_inserts = false
+#
+# Protect from open redirect attacks in `redirect_back_or_to` and `redirect_to`.
+# Rails.application.config.action_controller.raise_on_open_redirects = true
+
+# Change the variant processor for Active Storage.
+# Changing this default means updating all places in your code that
+# generate variants to use image processing macros and ruby-vips
+# operations. See the upgrading guide for detail on the changes required.
+# The `:mini_magick` option is not deprecated; it's fine to keep using it.
+# Rails.application.config.active_storage.variant_processor = :vips
+
+# If you're upgrading and haven't set `cookies_serializer` previously, your cookie serializer
+# was `:marshal`. Convert all cookies to JSON, using the `:hybrid` formatter.
+#
+# If you're confident all your cookies are JSON formatted, you can switch to the `:json` formatter.
+#
+# Continue to use `:marshal` for backward-compatibility with old cookies.
+#
+# If you have configured the serializer elsewhere, you can remove this.
+#
+# See https://guides.rubyonrails.org/action_controller_overview.html#cookies for more information.
+# Rails.application.config.action_dispatch.cookies_serializer = :hybrid
+
+# Enable parameter wrapping for JSON.
+# Previously this was set in an initializer. It's fine to keep using that initializer if you've customized it.
+# To disable parameter wrapping entirely, set this config to `false`.
+# Rails.application.config.action_controller.wrap_parameters_by_default = true
+
+# Specifies whether generated namespaced UUIDs follow the RFC 4122 standard for namespace IDs provided as a
+# `String` to `Digest::UUID.uuid_v3` or `Digest::UUID.uuid_v5` method calls.
+#
+# See https://guides.rubyonrails.org/configuring.html#config-active-support-use-rfc4122-namespaced-uuids for
+# more information.
+# Rails.application.config.active_support.use_rfc4122_namespaced_uuids = true
+
+# Change the default headers to disable browsers' flawed legacy XSS protection.
+# Rails.application.config.action_dispatch.default_headers = {
+# "X-Frame-Options" => "SAMEORIGIN",
+# "X-XSS-Protection" => "0",
+# "X-Content-Type-Options" => "nosniff",
+# "X-Download-Options" => "noopen",
+# "X-Permitted-Cross-Domain-Policies" => "none",
+# "Referrer-Policy" => "strict-origin-when-cross-origin"
+# }
--- /dev/null
+# Define an application-wide HTTP permissions policy. For further
+# information see https://developers.google.com/web/updates/2018/06/feature-policy
+#
+# Rails.application.config.permissions_policy do |f|
+# f.camera :none
+# f.gyroscope :none
+# f.microphone :none
+# f.usb :none
+# f.fullscreen :self
+# f.payment :self, "https://secure.example.com"
+# end
max_number_of_nodes: 50000
# Maximum number of nodes that can be in a way (checked on save)
max_number_of_way_nodes: 2000
+# Maximum number of members that can be in a relation (checked on save)
+max_number_of_relation_members: 32000
# The maximum area you're allowed to request notes from, in square degrees
max_note_request_area: 25
# Zoom level to use for postcode results from the geocoder
create_table :oauth_access_grants do |t|
t.references :resource_owner, :null => false, :type => :bigint
- t.references :application, :null => false
+ t.references :application, :null => false, :type => :bigint
t.string :token, :null => false
t.integer :expires_in, :null => false
t.text :redirect_uri, :null => false
create_table :oauth_access_tokens do |t|
t.references :resource_owner, :index => true, :type => :bigint
- t.references :application, :null => false
+ t.references :application, :null => false, :type => :bigint
t.string :token, :null => false
t.string :refresh_token
t.integer :expires_in
class CreateActiveStorageVariantRecords < ActiveRecord::Migration[6.0]
def change
create_table :active_storage_variant_records do |t|
- t.belongs_to :blob, :null => false, :index => false
+ t.belongs_to :blob, :null => false, :type => :bigint, :index => false
t.string :variation_digest, :null => false
t.index [:blob_id, :variation_digest], :name => "index_active_storage_variant_records_uniqueness", :unique => true
--- /dev/null
+# This migration comes from active_storage (originally 20211119233751)
+class RemoveNotNullOnActiveStorageBlobsChecksum < ActiveRecord::Migration[6.0]
+ def change
+ change_column_null(:active_storage_blobs, :checksum, true)
+ end
+end
CREATE EXTENSION IF NOT EXISTS btree_gist WITH SCHEMA public;
---
--- Name: EXTENSION btree_gist; Type: COMMENT; Schema: -; Owner: -
---
-
-COMMENT ON EXTENSION btree_gist IS 'support for indexing common datatypes in GiST';
-
-
--
-- Name: format_enum; Type: TYPE; Schema: public; Owner: -
--
content_type character varying,
metadata text,
byte_size bigint NOT NULL,
- checksum character varying NOT NULL,
+ checksum character varying,
created_at timestamp without time zone NOT NULL,
service_name character varying NOT NULL
);
('20210510083027'),
('20210510083028'),
('20210511104518'),
+('20211216185316'),
('20220201183346'),
('21'),
('22'),
end
end
+ # Raised when a relation has more than the configured number of relation members.
+ # This prevents relations from being too complex and difficult to work with
+ class APITooManyRelationMembersError < APIError
+ def initialize(id, provided, max)
+ super "You tried to add #{provided} members to relation #{id}, however only #{max} are allowed"
+
+ @id = id
+ @provided = provided
+ @max = max
+ end
+
+ attr_reader :id, :provided, :max
+
+ def status
+ :bad_request
+ end
+ end
+
##
# raised when user input couldn't be parsed
class APIBadUserInput < APIError
assert_select "note_area[maximum='#{Settings.max_note_request_area}']", :count => 1
assert_select "tracepoints[per_page='#{Settings.tracepoints_per_page}']", :count => 1
assert_select "changesets[maximum_elements='#{Changeset::MAX_ELEMENTS}']", :count => 1
+ assert_select "relationmembers[maximum='#{Settings.max_number_of_relation_members}']", :count => 1
assert_select "status[database='online']", :count => 1
assert_select "status[api='online']", :count => 1
assert_select "status[gpx='online']", :count => 1
assert_equal 39, changeset.min_lat
assert_equal 116, changeset.max_lat
end
+
+ # Check that the preconditions fail when you are over the defined limit of
+ # the maximum number of members in a relation.
+ def test_max_members_per_relation_limit
+ # Speed up unit test by using a small relation member limit
+ default_limit = Settings.max_number_of_relation_members
+ Settings.max_number_of_relation_members = 20
+
+ user = create(:user)
+ changeset = create(:changeset, :user => user)
+ relation = create(:relation, :changeset => changeset)
+ node = create(:node, :longitude => 116, :latitude => 39)
+ # Create relation which exceeds the relation member limit by one
+ 0.upto(Settings.max_number_of_relation_members) do |i|
+ create(:relation_member, :relation => relation, :member_type => "Node", :member_id => node.id, :sequence_id => i)
+ end
+
+ assert_raise OSM::APITooManyRelationMembersError do
+ relation.create_with_history user
+ end
+
+ Settings.max_number_of_relation_members = default_limit
+ end
end