4cde466f9a
- Translate French comments to English in controllers and tests - Fix test failures: route helpers, validations, MySQL transaction issues - Add Timecop for time-dependent tests and update database config for isolation
44 lines
1.5 KiB
Ruby
Executable File
44 lines
1.5 KiB
Ruby
Executable File
# Base controller for the application
|
|
# Provides common functionality and security configurations for all controllers
|
|
class ApplicationController < ActionController::Base
|
|
# Protect against Cross-Site Request Forgery (CSRF) attacks
|
|
# Ensures that all non-GET requests include a valid authenticity token
|
|
protect_from_forgery with: :exception
|
|
|
|
# Redirect authenticated users to onboarding if not completed
|
|
before_action :require_onboarding_completion
|
|
|
|
# Restrict access to modern browsers only
|
|
# Requires browsers to support modern web standards:
|
|
# - WebP images for better compression
|
|
# - Web Push notifications
|
|
# - Badge API for notifications
|
|
# - Import maps for JavaScript modules
|
|
# - CSS nesting and :has() pseudo-class
|
|
# allow_browser versions: :modern
|
|
# allow_browser versions: { safari: 16.4, firefox: 121, ie: false }
|
|
|
|
private
|
|
|
|
def require_onboarding_completion
|
|
# Skip onboarding check for these paths
|
|
return if skip_onboarding_check?
|
|
|
|
# Only apply to signed-in users
|
|
if user_signed_in? && current_user.needs_onboarding?
|
|
redirect_to onboarding_path unless request.path == onboarding_path
|
|
end
|
|
end
|
|
|
|
def skip_onboarding_check?
|
|
# Skip for devise controllers (login, signup, password reset, etc.)
|
|
devise_controller? ||
|
|
# Skip for onboarding controller itself
|
|
controller_name == "onboarding" ||
|
|
# Skip for API endpoints
|
|
controller_name.start_with?("api/") ||
|
|
# Skip for health checks
|
|
controller_name == "rails/health"
|
|
end
|
|
end
|