Enhance configuration documentation and clarify directory structure for server and client bundles

AbanoubGhadban · AbanoubGhadban · commit a9aff90a77ff · 2025-09-23T18:21:32.000+03:00
- Added detailed comments in configuration.md to explain server bundle output path and security measures for loading server bundles.
- Introduced examples for organizing client and server assets to improve clarity for users.
- Updated comments in base_generator.rb and react_with_redux_generator.rb to reflect changes from 'auto-registration' to 'auto-bundling' terminology for consistency.

These changes aim to improve the understanding of asset management and security practices within the React on Rails framework.
diff --git a/docs/guides/configuration.md b/docs/guides/configuration.md
@@ -129,16 +129,51 @@ ReactOnRails.configure do |config|
   # This manifest file is automatically generated by the React Server Components Webpack plugin. Only set this if you've configured the plugin to use a different filename.
   config.react_server_client_manifest_file = "react-server-client-manifest.json"
 
-  # Directory where server bundles will be output during build process.
-  # This allows organizing server-side rendering assets separately from client assets.
-  # Default is nil (disabled). Set to "ssr-generated" or your preferred directory to enable.
+  ################################################################################
+  # SERVER BUNDLE SECURITY AND ORGANIZATION
+  ################################################################################
+
+  # This configures the directory (relative to the Rails root) where the server bundle will be output.
+  # By default, this is "ssr-generated". If set to nil, the server bundle will be loaded from the same
+  # public directory as client bundles. For enhanced security, use this option in conjunction with
+  # `enforce_private_server_bundles` to ensure server bundles are only loaded from private directories
   # config.server_bundle_output_path = "ssr-generated"
 
-  # When enabled, enforces that server bundles are only loaded from private, designated locations
-  # to prevent potential security risks from loading untrusted server-side code.
-  # Default is false for backward compatibility.
+  # When set to true, React on Rails will only load server bundles from private, explicitly configured directories (such as `ssr-generated`), and will raise an error if a server bundle is found in a public or untrusted location. This helps prevent accidental or malicious execution of untrusted JavaScript on the server, and is strongly recommended for production environments. And prevent leakage of server-side code to the client (Especially in the case of RSC).
+  # Default is false for backward compatibility, but enabling this option is a best practice for security.
   config.enforce_private_server_bundles = false
 
+  ################################################################################
+  # BUNDLE ORGANIZATION EXAMPLES
+  ################################################################################
+  #
+  # This configuration creates a clear separation between client and server assets:
+  #
+  # CLIENT BUNDLES (Public, Web-Accessible):
+  #   Location: public/webpack/[environment]/ or public/packs/ (According to your shakapacker.yml configuration)
+  #   Files: application.js, manifest.json, CSS files
+  #   Served by: Web server directly
+  #   Access: ReactOnRails::Utils.public_bundles_full_path
+  #
+  # SERVER BUNDLES (Private, Server-Only):
+  #   Location: ssr-generated/ (when server_bundle_output_path configured)
+  #   Files: server-bundle.js, rsc-bundle.js
+  #   Served by: Never served to browsers
+  #   Access: ReactOnRails::Utils.server_bundle_js_file_path
+  #
+  # Example directory structure with recommended configuration:
+  #   app/
+  #   ├── ssr-generated/           # Private server bundles
+  #   │   ├── server-bundle.js
+  #   │   └── rsc-bundle.js
+  #   └── public/
+  #       └── webpack/development/ # Public client bundles
+  #           ├── application.js
+  #           ├── manifest.json
+  #           └── styles.css
+  #
+  ################################################################################
+
   # `prerender` means server-side rendering
   # default is false. This is an option for view helpers `render_component` and `render_component_hash`.
   # Set to true to change the default value to true.
@@ -219,7 +254,7 @@ ReactOnRails.configure do |config|
   # | 8.2.0+            | ✅ Yes                | ✅ Yes             | ✅ Yes          | ✅ Yes         |
   #
   ################################################################################
-  # components_subdirectory is the name of the subdirectory matched to detect and register components automatically
+  # components_subdirectory is the name of the subdirectory matched to detect components for auto-bundle-loading
   # The default is nil. You can enable the feature by updating it in the next line.
   config.components_subdirectory = nil
   # Change to a value like this example to enable this feature
diff --git a/lib/generators/react_on_rails/base_generator.rb b/lib/generators/react_on_rails/base_generator.rb
@@ -24,7 +24,7 @@ def add_hello_world_route
       end
 
       def create_react_directories
-        # Create auto-registration directory structure for non-Redux components only
+        # Create auto-bundling directory structure for non-Redux components only
         # Redux components handle their own directory structure
         return if options.redux?
 
diff --git a/lib/generators/react_on_rails/react_with_redux_generator.rb b/lib/generators/react_on_rails/react_with_redux_generator.rb
@@ -19,7 +19,7 @@ class ReactWithReduxGenerator < Rails::Generators::Base
                    aliases: "-T"
 
       def create_redux_directories
-        # Create auto-registration directory structure for Redux
+        # Create auto-bundling directory structure for Redux
         empty_directory("app/javascript/src/HelloWorldApp/ror_components")
 
         # Create Redux support directories within the component directory
@@ -31,7 +31,7 @@ def copy_base_files
         base_js_path = "redux/base"
         ext = component_extension(options)
 
-        # Copy Redux-connected component to auto-registration structure
+        # Copy Redux-connected component to auto-bundling structure
         copy_file("#{base_js_path}/app/javascript/bundles/HelloWorld/startup/HelloWorldApp.client.#{ext}",
                   "app/javascript/src/HelloWorldApp/ror_components/HelloWorldApp.client.#{ext}")
         copy_file("#{base_js_path}/app/javascript/bundles/HelloWorld/startup/HelloWorldApp.server.#{ext}",
