Add History encryption

Author: skryukov

lib/inertia_rails.rb

@@ -16,6 +16,8 @@
     props: options[:props],
     view_data: options[:view_data],
     deep_merge: options[:deep_merge],
+    encrypt_history: options[:encrypt_history],
+    clear_history: options[:clear_history],
   ).render
 end
 

lib/inertia_rails/configuration.rb

@@ -16,6 +16,9 @@ class Configuration
       # controller configuration.
       layout: true,
 
+      # Whether to encrypt the history state in the client.
+      encrypt_history: false,
+
       # SSR options.
       ssr_enabled: false,
       ssr_url: 'http://localhost:13714',

lib/inertia_rails/controller.rb

@@ -123,7 +123,7 @@ def default_render
     end
 
     def redirect_to(options = {}, response_options = {})
-      capture_inertia_errors(response_options)
+      capture_inertia_session_options(response_options)
       super
     end
 
@@ -155,8 +155,10 @@ def inertia_location(url)
       head :conflict
     end
 
-    def capture_inertia_errors(options)
-      if (inertia_errors = options.dig(:inertia, :errors))
+    def capture_inertia_session_options(options)
+      return unless (inertia = options[:inertia])
+
+      if (inertia_errors = inertia[:errors])
         if inertia_errors.respond_to?(:to_hash)
           session[:inertia_errors] = inertia_errors.to_hash
         else
@@ -165,7 +167,10 @@ def capture_inertia_errors(options)
           )
           session[:inertia_errors] = inertia_errors
         end
+
       end
+
+      session[:inertia_clear_history] = inertia[:clear_history] if inertia[:clear_history]
     end
   end
 end

lib/inertia_rails/middleware.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module InertiaRails
   class Middleware
     def initialize(app)
@@ -20,7 +22,10 @@ def response
         request = ActionDispatch::Request.new(@env)
 
         # Inertia errors are added to the session via redirect_to
-        request.session.delete(:inertia_errors) unless keep_inertia_errors?(status)
+        unless keep_inertia_session_options?(status)
+          request.session.delete(:inertia_errors)
+          request.session.delete(:inertia_clear_history)
+        end
 
         status = 303 if inertia_non_post_redirect?(status)
 
@@ -29,7 +34,7 @@ def response
 
       private
 
-      def keep_inertia_errors?(status)
+      def keep_inertia_session_options?(status)
         redirect_status?(status) || stale_inertia_request?
       end
 

lib/inertia_rails/renderer.rb

@@ -15,9 +15,11 @@ class Renderer
       :controller,
       :props,
       :view_data,
+      :encrypt_history,
+      :clear_history
     )
 
-    def initialize(component, controller, request, response, render_method, props: nil, view_data: nil, deep_merge: nil)
+    def initialize(component, controller, request, response, render_method, props: nil, view_data: nil, deep_merge: nil, encrypt_history: nil, clear_history: nil)
       @controller = controller
       @configuration = controller.__send__(:inertia_configuration)
       @component = resolve_component(component)
@@ -27,6 +29,8 @@ def initialize(component, controller, request, response, render_method, props: n
       @props = props || controller.__send__(:inertia_view_assigns)
       @view_data = view_data || {}
       @deep_merge = !deep_merge.nil? ? deep_merge : configuration.deep_merge_shared_data
+      @encrypt_history = !encrypt_history.nil? ? encrypt_history : configuration.encrypt_history
+      @clear_history = clear_history || controller.session[:inertia_clear_history] || false
     end
 
     def render
@@ -101,6 +105,8 @@ def page
         props: computed_props,
         url: @request.original_fullpath,
         version: configuration.version,
+        encryptHistory: encrypt_history,
+        clearHistory: clear_history,
       }
 
       deferred_props = deferred_props_keys

spec/dummy/app/controllers/inertia_config_test_controller.rb

@@ -5,6 +5,7 @@ class InertiaConfigTestController < ApplicationController
     ssr_url: "http://localhost:7777",
     layout: "test",
     version: "1.0",
+    encrypt_history: false,
   )
 
   # Test that modules included in the same class can also call it.

spec/dummy/app/controllers/inertia_encrypt_history_controller.rb

@@ -0,0 +1,25 @@
+class InertiaEncryptHistoryController < ApplicationController
+  inertia_config(
+    encrypt_history: -> { action_name != "default_config" }
+  )
+
+  def default_config
+    render inertia: 'TestComponent'
+  end
+
+  def encrypt_history
+    render inertia: 'TestComponent'
+  end
+
+  def override_config
+    render inertia: 'TestComponent', encrypt_history: false
+  end
+
+  def clear_history
+    render inertia: 'TestComponent', clear_history: true
+  end
+
+  def clear_history_after_redirect
+    redirect_to :empty_test, inertia: {clear_history: true}
+  end
+end

spec/dummy/config/routes.rb

@@ -61,4 +61,10 @@
   get 'conditional_share_show' => 'inertia_conditional_sharing#show'
   get 'conditional_share_edit' => 'inertia_conditional_sharing#edit'
   get 'conditional_share_show_with_a_problem' => 'inertia_conditional_sharing#show_with_a_problem'
+
+  get 'encrypt_history_default_config' => 'inertia_encrypt_history#default_config'
+  get 'encrypt_history_encrypt_history' => 'inertia_encrypt_history#encrypt_history'
+  get 'encrypt_history_override_config' => 'inertia_encrypt_history#override_config'
+  get 'encrypt_history_clear_history' => 'inertia_encrypt_history#clear_history'
+  post 'encrypt_history_clear_history_after_redirect' => 'inertia_encrypt_history#clear_history_after_redirect'
 end

spec/inertia/configuration_spec.rb

@@ -29,6 +29,7 @@
         ssr_enabled: true,
         ssr_url: "http://localhost:7777",
         version: "2.0",
+        encrypt_history: false,
       )
     end
   end

spec/inertia/encrypt_history_spec.rb

@@ -0,0 +1,54 @@
+RSpec.describe 'Inertia encrypt history', type: :request do
+  let(:headers) { {'X-Inertia' => true} }
+
+  context 'with default config' do
+    it 'returns encryptHistory false' do
+      get encrypt_history_default_config_path, headers: headers
+
+      expect(response.parsed_body['encryptHistory']).to eq(false)
+      expect(response.parsed_body['clearHistory']).to eq(false)
+    end
+  end
+
+  context 'with encrypt history config' do
+    it 'returns encryptHistory true' do
+      get encrypt_history_encrypt_history_path, headers: headers
+
+      expect(response.parsed_body['encryptHistory']).to eq(true)
+      expect(response.parsed_body['clearHistory']).to eq(false)
+    end
+  end
+
+  context 'with override config' do
+
+    it 'returns encryptHistory false' do
+      get encrypt_history_override_config_path, headers: headers
+
+      expect(response.parsed_body['encryptHistory']).to eq(false)
+      expect(response.parsed_body['clearHistory']).to eq(false)
+    end
+  end
+
+  context 'with clear history' do
+    it 'returns clearHistory true' do
+      get encrypt_history_clear_history_path, headers: headers
+
+      expect(response.parsed_body['clearHistory']).to eq(true)
+    end
+  end
+
+  context 'with clear history on redirect' do
+    it 'returns clearHistory true after the redirect' do
+      post encrypt_history_clear_history_after_redirect_path, headers: headers
+
+      expect(response.headers['Location']).to eq(empty_test_url)
+      expect(session[:inertia_clear_history]).to eq(true)
+
+      follow_redirect!
+      expect(response.body).to include('"clearHistory":true')
+
+      get empty_test_path, headers: headers
+      expect(response.parsed_body['clearHistory']).to eq(false)
+    end
+  end
+end