active_canvas 0.0.1

data/app/models/active_canvas/media.rb

@@ -0,0 +1,141 @@
+module ActiveCanvas
+  class Media < ApplicationRecord
+    # Use configured storage service if specified, otherwise default
+    # Host app can set ActiveCanvas.config.storage_service = :public
+    # and define a 'public' service in config/storage.yml for cloud storage
+    has_one_attached :file, service: (ActiveCanvas.config.storage_service rescue nil) do |attachable|
+      attachable.variant :thumb, resize_to_limit: [200, 200]
+    end
+
+    serialize :metadata, coder: JSON
+
+    validates :filename, presence: true
+    validates :file, presence: true, on: :create
+
+    validate :acceptable_file, on: :create
+
+    before_save :set_file_attributes, if: -> { file.attached? && file.blob.present? }
+    after_commit :make_blob_public, on: [:create, :update], if: :should_make_public?
+
+    scope :images, -> { where(content_type: ActiveCanvas.config.allowed_content_types) }
+    scope :recent, -> { order(created_at: :desc) }
+
+    def metadata
+      super || {}
+    end
+
+    def url
+      return nil unless file.attached?
+
+      # If public_uploads is enabled and blob service supports public URLs
+      if ActiveCanvas.config.public_uploads &&
+         file.blob.service.respond_to?(:public?) &&
+         file.blob.service.public?
+        file.url
+      else
+        # Use signed URL with expiration for better security
+        Rails.application.routes.url_helpers.rails_blob_url(
+          file,
+          expires_in: 1.hour,
+          only_path: true
+        )
+      end
+    rescue ArgumentError
+      # Fallback for services that don't support expires_in
+      Rails.application.routes.url_helpers.rails_blob_url(file, only_path: true)
+    end
+
+    def public_url
+      return nil unless file.attached?
+
+      # Returns the direct public URL for cloud storage
+      # or the rails blob URL for local storage
+      if file.blob.service.respond_to?(:url)
+        file.url(expires_in: nil) rescue file.url
+      else
+        url
+      end
+    end
+
+    def as_json_for_editor
+      {
+        id: id,
+        src: url,
+        name: filename,
+        type: content_type,
+        width: metadata["width"],
+        height: metadata["height"]
+      }
+    end
+
+    private
+
+    def set_file_attributes
+      self.content_type = file.blob.content_type
+      self.byte_size = file.blob.byte_size
+      self.filename = file.blob.filename.to_s if filename.blank?
+
+      # Store blob metadata (dimensions for images) if available
+      if file.blob.metadata.present?
+        self.metadata = file.blob.metadata
+      end
+    end
+
+    def acceptable_file
+      return unless file.attached?
+
+      content_type = file.content_type
+      config = ActiveCanvas.config
+
+      # Check against dangerous content types first
+      if ActiveCanvas::Configuration::DANGEROUS_CONTENT_TYPES.include?(content_type)
+        errors.add(:file, "type is not allowed for security reasons")
+        return
+      end
+
+      # Special handling for SVG
+      if content_type == "image/svg+xml"
+        unless config.allow_svg_uploads
+          errors.add(:file, "SVG uploads are disabled for security reasons. Contact your administrator if you need to upload SVG files.")
+          return
+        end
+      end
+
+      # Check against allowed content types
+      unless config.effective_allowed_content_types.include?(content_type)
+        allowed = config.effective_allowed_content_types.map { |t| t.split("/").last.upcase }.join(", ")
+        errors.add(:file, "type is not allowed. Allowed types: #{allowed}")
+      end
+
+      if file.blob.byte_size > config.max_upload_size
+        errors.add(:file, "is too large (maximum is #{config.max_upload_size / 1.megabyte}MB)")
+      end
+    end
+
+    def should_make_public?
+      file.attached? && ActiveCanvas.config.public_uploads
+    end
+
+    def make_blob_public
+      return unless file.attached? && file.blob.present?
+
+      blob = file.blob
+
+      # For S3 and compatible services, set the blob to public-read ACL
+      if blob.service.respond_to?(:bucket)
+        begin
+          # AWS S3
+          if blob.service.respond_to?(:object_for)
+            object = blob.service.object_for(blob.key)
+            object.acl.put(acl: "public-read") if object.respond_to?(:acl)
+            Rails.logger.info "ActiveCanvas: Set public-read ACL for #{blob.key}"
+          end
+        rescue Aws::S3::Errors::AccessDenied => e
+          Rails.logger.warn "ActiveCanvas: Access denied setting public ACL. Ensure your S3 bucket allows public ACLs: #{e.message}"
+        rescue => e
+          Rails.logger.warn "ActiveCanvas: Could not set public ACL for blob #{blob.key}: #{e.message}"
+        end
+      end
+    end
+  end
+end

data/app/models/active_canvas/page.rb

@@ -0,0 +1,85 @@
+module ActiveCanvas
+  class Page < ApplicationRecord
+    belongs_to :page_type
+    has_many :versions, class_name: "ActiveCanvas::PageVersion", dependent: :destroy
+
+    validates :title, presence: true
+    validates :slug, uniqueness: true, allow_blank: true
+
+    before_save :set_default_slug
+    before_save :normalize_slug
+    before_save :sanitize_content_if_enabled
+    after_update :create_version_if_content_changed
+
+    scope :published, -> { where(published: true) }
+    scope :draft, -> { where(published: false) }
+
+    # Thread-local storage for tracking who made the change
+    thread_cattr_accessor :current_editor
+
+    def to_param
+      id&.to_s
+    end
+
+    def rendered_content
+      content.to_s.html_safe
+    end
+
+    def current_version_number
+      versions.maximum(:version_number) || 0
+    end
+
+    # Header/footer display (with fallback for when columns don't exist yet)
+    def show_header?
+      return true unless self.class.column_names.include?("show_header")
+      show_header != false
+    end
+
+    def show_footer?
+      return true unless self.class.column_names.include?("show_footer")
+      show_footer != false
+    end
+
+    private
+
+    def set_default_slug
+      self.slug = "active_canvas_id_#{id}" if slug.blank? && persisted?
+    end
+
+    def normalize_slug
+      self.slug = slug.parameterize if slug.present?
+    end
+
+    def sanitize_content_if_enabled
+      return unless ActiveCanvas.config.sanitize_content
+
+      if content_changed?
+        self.content = ContentSanitizer.sanitize_html(content)
+      end
+
+      if content_css_changed?
+        self.content_css = ContentSanitizer.sanitize_css(content_css)
+      end
+    end
+
+    def create_version_if_content_changed
+      return unless saved_change_to_content? || saved_change_to_content_css?
+
+      versions.create!(
+        content_before: content_before_last_save,
+        content_after: content,
+        css_before: content_css_before_last_save,
+        css_after: content_css,
+        changed_by: self.class.current_editor,
+        change_summary: generate_change_summary
+      )
+    end
+
+    def generate_change_summary
+      changes = []
+      changes << "content updated" if saved_change_to_content?
+      changes << "CSS updated" if saved_change_to_content_css?
+      changes.join(", ").presence || "Updated"
+    end
+  end
+end

data/app/models/active_canvas/page_type.rb

@@ -0,0 +1,22 @@
+module ActiveCanvas
+  class PageType < ApplicationRecord
+    has_many :pages, dependent: :restrict_with_error
+
+    validates :name, presence: true
+    validates :key, presence: true, uniqueness: true
+
+    before_validation :generate_key, on: :create
+
+    def self.default
+      find_or_create_by!(key: "page") do |pt|
+        pt.name = "Page"
+      end
+    end
+
+    private
+
+    def generate_key
+      self.key ||= name&.parameterize&.underscore
+    end
+  end
+end

data/app/models/active_canvas/page_version.rb

@@ -0,0 +1,80 @@
+module ActiveCanvas
+  class PageVersion < ApplicationRecord
+    belongs_to :page
+
+    validates :version_number, presence: true, uniqueness: { scope: :page_id }
+
+    before_validation :set_version_number, on: :create
+    before_create :compute_diff
+    before_create :set_content_sizes
+
+    scope :recent, -> { order(version_number: :desc) }
+    scope :oldest_first, -> { order(version_number: :asc) }
+
+    def content_changed?
+      content_before != content_after
+    end
+
+    def css_changed?
+      css_before != css_after
+    end
+
+    def size_difference
+      (content_size_after || 0) - (content_size_before || 0)
+    end
+
+    def size_difference_formatted
+      diff = size_difference
+      return "no change" if diff == 0
+      diff > 0 ? "+#{diff} bytes" : "#{diff} bytes"
+    end
+
+    def changes_description
+      changes = []
+      changes << "content" if content_changed?
+      changes << "CSS" if css_changed?
+      changes.empty? ? "No changes" : "Changed: #{changes.join(', ')}"
+    end
+
+    private
+
+    def set_version_number
+      return if version_number.present?
+      max_version = page.versions.maximum(:version_number) || 0
+      self.version_number = max_version + 1
+    end
+
+    def compute_diff
+      return unless content_before.present? && content_after.present?
+      self.content_diff = generate_unified_diff(content_before, content_after)
+    end
+
+    def set_content_sizes
+      self.content_size_before = content_before&.bytesize || 0
+      self.content_size_after = content_after&.bytesize || 0
+    end
+
+    def generate_unified_diff(before, after)
+      before_lines = before.to_s.lines
+      after_lines = after.to_s.lines
+
+      # Simple line-by-line diff
+      diff_lines = []
+      max_lines = [before_lines.size, after_lines.size].max
+
+      max_lines.times do |i|
+        before_line = before_lines[i]
+        after_line = after_lines[i]
+
+        if before_line == after_line
+          diff_lines << "  #{before_line}"
+        else
+          diff_lines << "- #{before_line}" if before_line
+          diff_lines << "+ #{after_line}" if after_line
+        end
+      end
+
+      diff_lines.join
+    end
+  end
+end

data/app/models/active_canvas/partial.rb

@@ -0,0 +1,73 @@
+module ActiveCanvas
+  class Partial < ApplicationRecord
+    TYPES = %w[header footer].freeze
+
+    validates :name, presence: true
+    validates :partial_type, presence: true, inclusion: { in: TYPES }, uniqueness: true
+
+    scope :active, -> { where(active: true) }
+
+    after_save :compile_tailwind_css, if: :should_compile_css?
+
+    class << self
+      def header
+        find_by(partial_type: "header")
+      end
+
+      def footer
+        find_by(partial_type: "footer")
+      end
+
+      def active_header
+        active.find_by(partial_type: "header")
+      end
+
+      def active_footer
+        active.find_by(partial_type: "footer")
+      end
+
+      # Ensure both partials exist
+      def ensure_defaults!
+        find_or_create_by!(partial_type: "header") do |p|
+          p.name = "Header"
+        end
+        find_or_create_by!(partial_type: "footer") do |p|
+          p.name = "Footer"
+        end
+      end
+    end
+
+    def header?
+      partial_type == "header"
+    end
+
+    def footer?
+      partial_type == "footer"
+    end
+
+    def rendered_content
+      content.to_s.html_safe
+    end
+
+    def full_css
+      [compiled_css, content_css].compact.join("\n")
+    end
+
+    private
+
+    def should_compile_css?
+      saved_change_to_content? && content.present? && TailwindCompiler.available?
+    end
+
+    def compile_tailwind_css
+      return unless TailwindCompiler.available?
+
+      begin
+        compiled = TailwindCompiler.compile(content.to_s, identifier: "partial ##{id} (#{name})")
+        update_column(:compiled_css, compiled)
+      rescue TailwindCompiler::CompilationError => e
+        Rails.logger.error "[ActiveCanvas] Failed to compile Tailwind CSS for partial #{id}: #{e.message}"
+      end
+    end
+  end
+end

data/app/models/active_canvas/setting.rb

@@ -0,0 +1,292 @@
+module ActiveCanvas
+  class Setting < ApplicationRecord
+    validates :key, presence: true, uniqueness: true
+
+    # Keys that should be encrypted in the database
+    ENCRYPTED_KEYS = %w[
+      ai_openai_api_key
+      ai_anthropic_api_key
+      ai_openrouter_api_key
+    ].freeze
+
+    CSS_FRAMEWORKS = {
+      "tailwind" => {
+        name: "Tailwind CSS",
+        url: "https://cdn.jsdelivr.net/npm/@tailwindcss/browser@4",
+        type: :script
+      },
+      "bootstrap5" => {
+        name: "Bootstrap 5",
+        url: "https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css",
+        type: :stylesheet
+      },
+      "custom" => {
+        name: "Custom CSS (no framework)",
+        url: nil,
+        type: nil
+      }
+    }.freeze
+
+    class << self
+      def get(key)
+        setting = find_by(key: key)
+        return nil unless setting
+
+        if ENCRYPTED_KEYS.include?(key.to_s) && setting.encrypted_value.present?
+          decrypt_value(setting.encrypted_value)
+        else
+          setting.value
+        end
+      end
+
+      def set(key, value)
+        setting = find_or_initialize_by(key: key)
+
+        if ENCRYPTED_KEYS.include?(key.to_s) && value.present?
+          setting.encrypted_value = encrypt_value(value)
+          setting.value = nil # Clear plain text value
+        else
+          setting.value = value
+          setting.encrypted_value = nil if ENCRYPTED_KEYS.include?(key.to_s)
+        end
+
+        setting.save!
+        value
+      end
+
+      # Check if an API key is configured (without revealing the value)
+      def api_key_configured?(key)
+        setting = find_by(key: key)
+        return false unless setting
+
+        setting.encrypted_value.present? || setting.value.present?
+      end
+
+      # Get a masked version of the API key for display (last 4 chars only)
+      def masked_api_key(key)
+        value = get(key)
+        return nil if value.blank?
+
+        mask_value(value)
+      end
+
+      private
+
+      def encrypt_value(value)
+        return nil if value.blank?
+
+        encryptor.encrypt_and_sign(value)
+      end
+
+      def decrypt_value(encrypted_value)
+        return nil if encrypted_value.blank?
+
+        encryptor.decrypt_and_verify(encrypted_value)
+      rescue ActiveSupport::MessageEncryptor::InvalidMessage => e
+        Rails.logger.error "[ActiveCanvas] Failed to decrypt setting: #{e.message}"
+        nil
+      end
+
+      def encryptor
+        @encryptor ||= begin
+          secret = secret_key_base
+          key = ActiveSupport::KeyGenerator.new(secret).generate_key("active_canvas_settings", 32)
+          ActiveSupport::MessageEncryptor.new(key)
+        end
+      end
+
+      def secret_key_base
+        if Rails.application.respond_to?(:secret_key_base)
+          Rails.application.secret_key_base
+        elsif Rails.application.respond_to?(:credentials) && Rails.application.credentials.secret_key_base
+          Rails.application.credentials.secret_key_base
+        else
+          raise "Rails secret_key_base not available for encryption"
+        end
+      end
+
+      def mask_value(value)
+        return nil if value.blank?
+        return "****" if value.length <= 8
+
+        "****#{value[-4..]}"
+      end
+
+      public
+
+      def homepage_page_id
+        get("homepage_page_id")&.to_i
+      end
+
+      def homepage_page_id=(page_id)
+        set("homepage_page_id", page_id.presence)
+      end
+
+      def homepage
+        page_id = homepage_page_id
+        return nil unless page_id&.positive?
+
+        Page.published.find_by(id: page_id)
+      end
+
+      def css_framework
+        get("css_framework") || ActiveCanvas.config.css_framework.to_s
+      end
+
+      def css_framework=(framework)
+        set("css_framework", framework.presence)
+      end
+
+      def css_framework_config
+        CSS_FRAMEWORKS[css_framework] || CSS_FRAMEWORKS["custom"]
+      end
+
+      def css_framework_url
+        css_framework_config[:url]
+      end
+
+      def css_framework_type
+        css_framework_config[:type]
+      end
+
+      def global_css
+        get("global_css") || ""
+      end
+
+      def global_css=(css)
+        set("global_css", css)
+      end
+
+      def global_js
+        get("global_js") || ""
+      end
+
+      def global_js=(js)
+        set("global_js", js)
+      end
+
+      # AI API Keys
+      def ai_openai_api_key
+        get("ai_openai_api_key")
+      end
+
+      def ai_openai_api_key=(key)
+        set("ai_openai_api_key", key.presence)
+      end
+
+      def ai_anthropic_api_key
+        get("ai_anthropic_api_key")
+      end
+
+      def ai_anthropic_api_key=(key)
+        set("ai_anthropic_api_key", key.presence)
+      end
+
+      def ai_openrouter_api_key
+        get("ai_openrouter_api_key")
+      end
+
+      def ai_openrouter_api_key=(key)
+        set("ai_openrouter_api_key", key.presence)
+      end
+
+      # AI Default Models
+      def ai_default_text_model
+        get("ai_default_text_model") || "gpt-4o-mini"
+      end
+
+      def ai_default_text_model=(model)
+        set("ai_default_text_model", model.presence)
+      end
+
+      def ai_default_image_model
+        get("ai_default_image_model") || "dall-e-3"
+      end
+
+      def ai_default_image_model=(model)
+        set("ai_default_image_model", model.presence)
+      end
+
+      def ai_default_vision_model
+        get("ai_default_vision_model") || "gpt-4o"
+      end
+
+      def ai_default_vision_model=(model)
+        set("ai_default_vision_model", model.presence)
+      end
+
+      # AI Connection Mode
+      def ai_connection_mode
+        get("ai_connection_mode") || "server"
+      end
+
+      def ai_connection_mode=(value)
+        set("ai_connection_mode", value.presence || "server")
+      end
+
+      # AI Feature Toggles
+      def ai_text_enabled?
+        get("ai_text_enabled") != "false"
+      end
+
+      def ai_text_enabled=(enabled)
+        set("ai_text_enabled", enabled.to_s)
+      end
+
+      def ai_image_enabled?
+        get("ai_image_enabled") != "false"
+      end
+
+      def ai_image_enabled=(enabled)
+        set("ai_image_enabled", enabled.to_s)
+      end
+
+      def ai_screenshot_enabled?
+        get("ai_screenshot_enabled") != "false"
+      end
+
+      def ai_screenshot_enabled=(enabled)
+        set("ai_screenshot_enabled", enabled.to_s)
+      end
+
+      # Tailwind Configuration
+      DEFAULT_TAILWIND_CONFIG = {
+        theme: {
+          extend: {
+            colors: {},
+            fontFamily: {}
+          }
+        }
+      }.freeze
+
+      def tailwind_compiled_mode?
+        css_framework == "tailwind" && ActiveCanvas::TailwindCompiler.available?
+      end
+
+      def tailwind_config
+        raw = get("tailwind_config")
+        return DEFAULT_TAILWIND_CONFIG.deep_dup if raw.blank?
+
+        JSON.parse(raw).deep_symbolize_keys
+      rescue JSON::ParserError
+        DEFAULT_TAILWIND_CONFIG.deep_dup
+      end
+
+      def tailwind_config=(config)
+        value = case config
+        when String
+                  config
+        when Hash
+                  config.to_json
+        else
+                  config.to_s
+        end
+        set("tailwind_config", value)
+      end
+
+      def tailwind_config_js
+        tailwind_config.to_json
+      end
+    end
+  end
+end