Merge branch '2.x' into upgrade

Author: brendt

composer.json

@@ -228,8 +228,8 @@
     "scripts": {
         "phpunit": "@php -d memory_limit=2G vendor/bin/phpunit --display-warnings --display-skipped --display-deprecations --display-errors --display-notices",
         "coverage": "vendor/bin/phpunit --coverage-html build/reports/html --coverage-clover build/reports/clover.xml",
-        "mago:fmt": "vendor/bin/mago fmt && vendor/bin/mago lint --fix --potentially-unsafe --fmt",
-        "mago:lint": "vendor/bin/mago lint --minimum-level=note",
+        "fmt": "vendor/bin/mago fmt && vendor/bin/mago lint --fix --potentially-unsafe --fmt",
+        "lint": "vendor/bin/mago lint --minimum-level=note",
         "phpstan": "vendor/bin/phpstan analyse src tests --memory-limit=1G",
         "rector": "vendor/bin/rector process --no-ansi",
         "merge": "php -d\"error_reporting = E_ALL & ~E_DEPRECATED\" vendor/bin/monorepo-builder merge",
@@ -239,13 +239,13 @@
             "./bin/release"
         ],
         "qa": [
-            "composer mago:fmt",
+            "composer fmt",
             "composer merge",
             "./bin/validate-packages",
             "./tempest discovery:clear --no-interaction",
             "composer rector",
             "composer phpunit",
-            "composer mago:lint",
+            "composer lint",
             "composer phpstan"
         ]
     }

docs/1-essentials/01-routing.md

@@ -162,10 +162,10 @@ public function docsRedirect(string $path): Redirect
 
 ## Generating URIs
 
-Tempest provides a `\Tempest\uri` function that can be used to generate an URI to a controller method. This function accepts the FQCN of the controller or a callable to a method as its first argument, and named parameters as [the rest of its arguments](https://www.php.net/manual/en/functions.arguments.php#functions.variable-arg-list).
+Tempest provides a `\Tempest\uri` function that can be used to generate a URI to a controller method. This function accepts the FQCN of the controller or a callable to a method as its first argument, and named parameters as [the rest of its arguments](https://www.php.net/manual/en/functions.arguments.php#functions.variable-arg-list).
 
 ```php
-use function Tempest\uri;
+use function Tempest\Router\uri;
 
 // Invokable classes can be referenced directly:
 uri(HomeController::class);
@@ -181,15 +181,62 @@ uri([AircraftController::class, 'show'], id: $aircraft->id);
 ```
 
 :::info
-Note that Tempest does not have named routes, and currently doesn't plan on adding them. However, if you have an argument for them, feel free to hop on our [Discord server](/discord){:ssg-ignore="true"} to discuss it.
+URI-related methods are also available by injecting the {b`Tempest\Router\UriGenerator`} class into your controller.
 :::
 
-## Matching the current URI
+### Signed URIs
 
-To determine whether the current request matches a specific controller action, Tempest provides the `\Tempest\is_current_uri` function. This function accepts the same arguments as `uri`, and returns a boolean.
+A signed URI may be used to ensure that the URI was not modified after it was created. This is useful for implementing login links, or other endpoints that need protection against tampering.
+
+To create a signed URI, you may use the `signed_uri` function. This function accepts the same arguments as `uri`, and returns the URI with a `signature` parameter:
+
+```php
+use function Tempest\Router\signed_uri;
+
+signed_uri(
+    action: [MailingListController::class, 'unsubscribe'],
+    email: $email
+);
+```
+
+Alternatively, you may use `temporary_signed_uri` to provide a duration after which the signed URI will expire, providing an extra layer of security.
+
+```php
+use function Tempest\Router\temporary_signed_uri;
+
+temporary_signed_uri(
+    action: PasswordlessAuthenticationController::class,
+    duration: Duration::minutes(10),
+    userId: $userId
+);
+```
+
+To ensure the validity of a signed URL, you should call the `hasValidSignature` method on the {`Tempest\Router\UriGenerator`} class.
+
+```php
+final class PasswordlessAuthenticationController
+{
+    public function __construct(
+        private readonly UriGenerator $uri,
+    ) {}
+
+    public function __invoke(Request $request): Response
+    {
+        if (! $this->uri->hasValidSignature($request)) {
+            return new Invalid();
+        }
+
+        // ...
+    }
+}
+```
+
+### Matching the current URI
+
+To determine whether the current request matches a specific controller action, Tempest provides the `is_current_uri` function. This function accepts the same arguments as `uri`, and returns a boolean.
 
 ```php
-use function Tempest\is_current_uri;
+use function Tempest\Router\is_current_uri;
 
 // Current URI is: /aircraft/1
 
@@ -243,7 +290,7 @@ Once you have created a request class, you may simply inject it into a controlle
 use Tempest\Router\Post;
 use Tempest\Http\Responses\Redirect;
 use function Tempest\map;
-use function Tempest\uri;
+use function Tempest\Router\uri;
 
 final readonly class AirportController
 {

docs/1-essentials/03-database.md

@@ -270,6 +270,40 @@ final class Book
 }
 ```
 
+### Hashed properties
+
+The {`#[Tempest\Database\Hashed]`} attribute will hash the model's property during serialization. If the property was already hashed, Tempest will detect that and avoid re-hashing it.
+
+```php
+final class User
+{
+    public PrimaryKey $id;
+
+    public string $email;
+
+    #[Hashed]
+    public ?string $password;
+}
+```
+
+Hashing requires the `SIGNING_KEY` environment variable to be set, as it's used as the hashing key.
+
+### Encrypted properties
+
+The {`#[Tempest\Database\Encrypted]`} attribute will encrypt the model's property during serialization and decrypt it during deserialization. If the property was already encrypted, Tempest will detect that and avoid re-encrypting it.
+
+```php
+final class User
+{
+    // ...
+
+    #[Encrypted]
+    public ?string $accessToken;
+}
+```
+
+The encryption key is taken from the `SIGNING_KEY` environment variable.
+
 ### DTO properties
 
 Sometimes, you might want to store data objects as-is in a table, without there needing to be a relation to another table. To do so, it's enough to add a serializer and caster to the data object's class, and Tempest will know that these objects aren't meant to be treated as database models. Next, you can store the object's data as a json field on the table (see [migrations](#migrations) for more info).

docs/1-essentials/07-testing.md

@@ -22,7 +22,7 @@ composer phpunit
 
 ## Test-specific discovery locations
 
-Tempest will only discover non-dev namespaces defined in composer.json automatically. That means that `{:hl-keyword:require-dev:}` namespaces aren't discovered automatically. Whenever you need Tempest to discover test-specific locations, you may specify them within the `discoverTestLocations()` method of the provided `IntegrationTest` class. 
+Tempest will only discover non-dev namespaces defined in composer.json automatically. That means that `{:hl-keyword:require-dev:}` namespaces aren't discovered automatically. Whenever you need Tempest to discover test-specific locations, you may specify them within the `discoverTestLocations()` method of the provided `IntegrationTest` class.
 
 On top of that, Tempest _will_ look for files in the `tests/Fixtures` directory and discover them by default. You can override this behavior by providing your own implementation of `discoverTestLocations()`, where you can return an array of `DiscoveryLocation` objects (or nothing).
 
@@ -46,7 +46,7 @@ final class HomeControllerTest extends IntegrationTest
 If you want to test code that interacts with the database, your test class can call the `setupDatabase()` method. This method will create and migrate a clean database for you on the fly.
 
 ```php
-class TodoControllerTest extends IntegrationTest
+final class TodoControllerTest extends IntegrationTest
 {
     protected function setUp(): void
     {
@@ -60,8 +60,6 @@ class TodoControllerTest extends IntegrationTest
 Most likely, you'll want to use a test-specific database connection. You can create a `database.config.php` file anywhere within test-specific discovery locations, and Tempest will use that connection instead of the project's default. For example, you can create a file `tests/Fixtures/database.config.php` like so:
 
 ```php tests/Fixtures/database.config.php
-<?php
-
 use Tempest\Database\Config\SQLiteConfig;
 
 return new SQLiteConfig(
@@ -72,7 +70,7 @@ return new SQLiteConfig(
 By default, no tables will be migrated. You can choose to provide a list of migrations that will be run for every test that calls `setupDatabase()`, or you can run specific migrations on a per-test basis.
 
 ```php
-class TodoControllerTest extends IntegrationTest
+final class TodoControllerTest extends IntegrationTest
 {
     protected function migrateDatabase(): void
     {
@@ -85,7 +83,7 @@ class TodoControllerTest extends IntegrationTest
 ```
 
 ```php
-class TodoControllerTest extends IntegrationTest
+final class TodoControllerTest extends IntegrationTest
 {
     public function test_create_todo(): void
     {

docs/4-internals/03-view-spec.md

@@ -103,7 +103,7 @@ Tempest will merge all imports at the top of the compiled view, meaning that eac
 ```html
 <?php
 use App\PostController;
-use function Tempest\uri;
+use function Tempest\Router\uri;
 ?>
 
 {{ uri([PostController::class, 'show'], post: $post->id) }}
@@ -608,7 +608,7 @@ Referencing a symbol within a view will automatically import it at the top of th
 ```html
 <?php
 use App\PostController;
-use function Tempest\uri;
+use function Tempest\Router\uri;
 ?>
 
 {{ uri([PostController::class, 'show'], post: $post->id) }}

packages/auth/src/Install/CreatePermissionsTable.php

@@ -4,13 +4,14 @@
 
 namespace Tempest\Auth\Install;
 
-use Tempest\Database\DatabaseMigration;
+use Tempest\Database\MigratesDown;
+use Tempest\Database\MigratesUp;
 use Tempest\Database\QueryStatements\CreateTableStatement;
 use Tempest\Database\QueryStatements\DropTableStatement;
 use Tempest\Discovery\SkipDiscovery;
 
 #[SkipDiscovery]
-final class CreatePermissionsTable implements DatabaseMigration
+final class CreatePermissionsTable implements MigratesUp, MigratesDown
 {
     private(set) string $name = '0000-00-01_create_permissions_table';
 
@@ -23,6 +24,6 @@ public function up(): CreateTableStatement
 
     public function down(): DropTableStatement
     {
-        return DropTableStatement::forModel(Permission::class);
+        return new DropTableStatement('permissions');
     }
 }

packages/auth/src/Install/CreateUserPermissionsTable.php

@@ -4,13 +4,14 @@
 
 namespace Tempest\Auth\Install;
 
-use Tempest\Database\DatabaseMigration;
+use Tempest\Database\MigratesDown;
+use Tempest\Database\MigratesUp;
 use Tempest\Database\QueryStatements\CreateTableStatement;
 use Tempest\Database\QueryStatements\DropTableStatement;
 use Tempest\Discovery\SkipDiscovery;
 
 #[SkipDiscovery]
-final class CreateUserPermissionsTable implements DatabaseMigration
+final class CreateUserPermissionsTable implements MigratesUp, MigratesDown
 {
     private(set) string $name = '0000-00-02_create_user_permissions_table';
 
@@ -24,6 +25,6 @@ public function up(): CreateTableStatement
 
     public function down(): DropTableStatement
     {
-        return DropTableStatement::forModel(Permission::class);
+        return new DropTableStatement('user_permissions');
     }
 }

packages/auth/src/Install/CreateUsersTable.php

@@ -4,13 +4,14 @@
 
 namespace Tempest\Auth\Install;
 
-use Tempest\Database\DatabaseMigration;
+use Tempest\Database\MigratesDown;
+use Tempest\Database\MigratesUp;
 use Tempest\Database\QueryStatements\CreateTableStatement;
 use Tempest\Database\QueryStatements\DropTableStatement;
 use Tempest\Discovery\SkipDiscovery;
 
 #[SkipDiscovery]
-final class CreateUsersTable implements DatabaseMigration
+final class CreateUsersTable implements MigratesUp, MigratesDown
 {
     private(set) string $name = '0000-00-00_create_users_table';
 
@@ -26,6 +27,6 @@ public function up(): CreateTableStatement
 
     public function down(): DropTableStatement
     {
-        return DropTableStatement::forModel(User::class);
+        return new DropTableStatement('users');
     }
 }

packages/container/src/GenericContainer.php

@@ -419,13 +419,15 @@ private function autowire(string $className, mixed ...$params): object
         }
 
         foreach ($classReflector->getProperties() as $property) {
-            if ($property->hasAttribute(Inject::class) && ! $property->isInitialized($instance)) {
+            $inject = $property->getAttribute(Inject::class);
+
+            if ($inject && ! $property->isInitialized($instance)) {
                 if ($property->hasAttribute(Proxy::class)) {
                     $property->set($instance, $property->getType()->asClass()->getReflection()->newLazyProxy(
-                        fn () => $this->get($property->getType()->getName()),
+                        fn () => $this->get($property->getType()->getName(), $inject->tag),
                     ));
                 } else {
-                    $property->set($instance, $this->get($property->getType()->getName()));
+                    $property->set($instance, $this->get($property->getType()->getName(), $inject->tag));
                 }
             }
         }

packages/container/src/Inject.php

@@ -9,4 +9,7 @@
 #[Attribute(Attribute::TARGET_PROPERTY)]
 final readonly class Inject
 {
+    public function __construct(
+        public ?string $tag = null,
+    ) {}
 }