activerecord_cursor_pagination 0.1.0

data/lib/activerecord_cursor_pagination/order_base.rb

@@ -0,0 +1,275 @@
+module ActiverecordCursorPagination
+  class OrderBase
+    attr_reader :table, :name, :index, :direction
+
+    attr_accessor :base_id
+
+    ##
+    # Initialize the OrderBase.
+    #
+    # @param [String] table The table name.
+    # @param [String] name The name of the column.
+    # @param [Integer] index The index of the order column.
+    def initialize(table, name, index)
+      @table = ActiverecordCursorPagination.strip_quotes table
+      @name = ActiverecordCursorPagination.strip_quotes name
+      @base_id = false
+      @index = index
+    end
+
+    ##
+    # Get the direction of the order.
+    #
+    # @abstract
+    #
+    # @return [Symbol] Returns the order symbol.
+    def direction
+      raise NotImplementedError
+    end
+
+    ##
+    # Get if the order column is the base id of the table.
+    #
+    # @return [Boolean] Is the base id.
+    def base_id?
+      !!@base_id
+    end
+
+    ##
+    # Get if the table name is defined.
+    #
+    # @return [Boolean] True if the table is defined.
+    def table?
+      !table.nil? && !table.empty?
+    end
+
+    ##
+    # Get if the table exists.
+    #
+    # @return [Boolean] True if the table exists.
+    def table_exists?
+      ActiverecordCursorPagination.table_exists? table
+    end
+
+    ##
+    # Get if the table name is a valid SQL database name.
+    #
+    # @return [Boolean] True if a valid name.
+    def valid_table_name?
+      ActiverecordCursorPagination.valid_name? table
+    end
+
+    ##
+    # Get if the column name is a valid SQL column name.
+    #
+    # @return [Boolean] True if a valid name.
+    def valid_name?
+      ActiverecordCursorPagination.valid_name? name
+    end
+
+    ##
+    # Get the statement key for the named SQL query.
+    #
+    # @return [Symbol] The statement key.
+    def statement_key
+      :"order_field#{index}"
+    end
+
+    ##
+    # Get the full SQL name.
+    #
+    # @return [String].
+    def full_name
+      table? ? "#{table}.#{name}" : name
+    end
+
+    ##
+    # Get the full quoted name.
+    #
+    # @return [String].
+    def quote_full_name
+      ActiverecordCursorPagination.quote_table_column table, name
+    end
+
+    ##
+    # Get the quoted table name.
+    #
+    # @return [String, nil].
+    def quote_table
+      ActiverecordCursorPagination.quote_table table
+    end
+
+    ##
+    # Get the quoted column name
+    #
+    # @return [String]
+    def quote_name
+      ActiverecordCursorPagination.quote_column name
+    end
+
+    ##
+    # Get the reverse column order
+    #
+    # @abstract
+    #
+    # @return [OrderBase]
+    def reverse
+      raise NotImplementedError
+    end
+
+    ##
+    # Get the SQL for the equals comparison
+    #
+    # @return [String]
+    def equals_sql
+      "#{quote_full_name} = :#{statement_key}"
+    end
+
+    ##
+    # Get the SQL for the greater/less than comparison depending on direction
+    #
+    # @return [String]
+    def than_sql
+      "#{quote_full_name} #{than_op} :#{statement_key}"
+    end
+
+    ##
+    # Get the SQL operation for the greater/less than comparison
+    #
+    # @abstract
+    #
+    # @return [String]
+    def than_op
+      raise NotImplementedError
+    end
+
+    ##
+    # Get the SQL for the greater/less than or equal to comparison depending on direction
+    #
+    # @return [String]
+    def than_or_equal_sql
+      "#{quote_full_name} #{than_or_equal_op} :#{statement_key}"
+    end
+
+    ##
+    # Get the SQL operation for the greater/less than or equal comparison
+    #
+    # @abstract
+    #
+    # @return [String]
+    def than_or_equal_op
+      raise NotImplementedError
+    end
+
+    ##
+    # Get the SQL literal of the column order
+    #
+    # @return [Arel::Nodes::SqlLiteral] Sql literal
+    def order_sql
+      Arel.sql "#{quote_full_name} #{direction.to_s.upcase}"
+    end
+
+    class << self
+      ##
+      # Parse the order string or node
+      #
+      # @param [String, Arel::Nodes::Node, Arel::Nodes::SqlLiteral] string_or_sql_order_node
+      #
+      #   The table, column, and/or order representation.
+      #
+      # @param [Integer] index
+      #
+      #   The index of the node.
+      #
+      # @return [OrderBase]
+      def parse(string_or_sql_order_node, index)
+        if string_or_sql_order_node.is_a?(Arel::Nodes::SqlLiteral) || string_or_sql_order_node.is_a?(String)
+          parse_string string_or_sql_order_node, index
+        else
+          parse_order_node string_or_sql_order_node, index
+        end
+      end
+
+      ##
+      # Parse the order string
+      #
+      # Limitations:
+      #   1. Complex queries must use +'+ quotes for strings
+      #
+      # @param [String, Arel::Nodes::SqlLiteral] string_or_sql_literal
+      #
+      #   The string representation of the table, column, and/or order direction.
+      #
+      # @param [Integer] index
+      #
+      #   The index of the node.
+      #
+      # @return [OrderBase]
+      def parse_string(string_or_sql_literal, index)
+        string_or_sql_literal.strip!
+
+        table_column, dir = if (match = string_or_sql_literal.match(/\A(?<rest>.*)\s+(?<order>ASC|DESC)\z/i))
+                              [match[:rest]&.strip, match[:order]&.downcase]
+                            else
+                              [string_or_sql_literal, nil]
+                            end
+
+        order_klass = order_factory dir
+
+
+        table, column = parse_table_column table_column.to_s.strip
+
+        if column.nil? || column.empty?
+          column = table
+          table = nil
+        end
+
+        order_klass.new table, column, index
+      end
+
+      ##
+      # Parse the order Arel node
+      #
+      # @param [Arel::Nodes::Node] node The order node.
+      # @param [Integer] index The index of the order node.
+      #
+      # @return [OrderBase]
+      def parse_order_node(node, index)
+        order_klass = order_factory node.direction
+
+        table, column = if node.expr.is_a? Arel::Nodes::SqlLiteral
+                          parse_table_column node.expr.to_s.strip
+                        else
+                          [node.expr.relation.name, node.expr.name]
+                        end
+
+        if column.nil? || column.empty?
+          column = table
+          table = @table
+        end
+
+        order_klass.new table, column, index
+      end
+
+      ##
+      # Order class factory
+      #
+      # @param [String, Symbol] direction The direction of the order column.
+      def order_factory(direction)
+        direction&.to_s&.downcase === 'desc' ? DescendingOrder : AscendingOrder
+      end
+
+      private
+
+      def parse_table_column(str)
+        # FIXME Double quoted strings vs column and table names
+        #   Strings must be single quoted or the REGEXP will remove the double quotes creating invalid sql statement.
+        if str =~ /\A["']?[\w_]+['"]?\.?['"]?[\w_]+['"]?\z/
+          str.scan /[^".]+|"[^"]*"/
+        else
+          [nil, str]
+        end
+      end
+    end
+  end
+end

data/lib/activerecord_cursor_pagination/secret_key_finder.rb

@@ -0,0 +1,15 @@
+module ActiverecordCursorPagination
+  class SecretKeyFinder
+    def find_in(application)
+      if application.respond_to? :credentials
+        application.credentials.secret_key_base
+      elsif application.respond_to? :secrets
+        application.secrets.secret_key_base
+      elsif application.config.respond_to? :secret_key_base
+        application.config.secret_key_base
+      elsif application.respond_to? :secret_key_base
+        application.secret_key_base
+      end
+    end
+  end
+end

data/lib/activerecord_cursor_pagination/secure_cursor_serializer.rb

@@ -0,0 +1,44 @@
+module ActiverecordCursorPagination
+  ##
+  # Secure cursor serializer implementation using AES 256 encryption.
+  class SecureCursorSerializer < Serializer
+    ##
+    # Deserializes the secure cursor.
+    #
+    # @param [String] str The AES encrypted serialized JSON string.
+    #
+    # @return [Hash]
+    def deserialize(str)
+      c = cipher.decrypt
+      c.key = cipher_key
+      decoded = Base64.strict_decode64 str
+      decrypted = c.update(decoded) + c.final
+      json = JSON.parse decrypted
+      json.symbolize_keys
+    end
+
+    ##
+    # Serializes and secures the hash representation of a cursor.
+    #
+    # @param [Hash] hash The hash representation of a cursor.
+    #
+    # @return [String] The encrypted cursor string.
+    def serialize(hash)
+      c = cipher.encrypt
+      c.key = cipher_key
+      json = JSON.generate hash
+      encrypted = c.update(json) + c.final
+      Base64.strict_encode64 encrypted
+    end
+
+    private
+
+    def cipher
+      OpenSSL::Cipher.new 'aes-256-cbc'
+    end
+
+    def cipher_key
+      Digest::SHA256.digest secret_key
+    end
+  end
+end

data/lib/activerecord_cursor_pagination/serializer.rb

@@ -0,0 +1,39 @@
+module ActiverecordCursorPagination
+  class Serializer
+    ##
+    # Deserialize the cursor.
+    #
+    # @abstract
+    #
+    # @param [String] str The serialized cursor string.
+    #
+    # @return [Hash] a hash representation of the cursor.
+    def deserialize(str)
+      raise NotImplementedError
+    end
+
+    ##
+    # Serialize the hash representation of the cursor.
+    #
+    # @abstract
+    #
+    # @param [Hash] hash The hash representation of the cursor.
+    #
+    # @return [String] the serialized cursor string.
+    def serialize(hash)
+      raise NotImplementedError
+    end
+
+    protected
+
+    ##
+    # Gets the secret key for the application.
+    #
+    # @raise [NoSecretKeyDefined] if the key is not defined.
+    #
+    # @return [String] if the key is defined.
+    def secret_key
+      ActiverecordCursorPagination.configuration.secret_key
+    end
+  end
+end

data/lib/activerecord_cursor_pagination/sql_signer.rb

@@ -0,0 +1,31 @@
+module ActiverecordCursorPagination
+  class SqlSigner
+
+    ##
+    # Sign SQL
+    #
+    # @param [ActiveRecord::Relation, nil] sql The SQL to sign.
+    #
+    # @return [String] The signature hash.
+    def sign(sql)
+      return nil if sql.nil?
+
+      sql = format sql
+      digest = OpenSSL::Digest.new 'sha1'
+      hmac = OpenSSL::HMAC.digest digest, secret_key, sql
+      hash = Base64.encode64 hmac
+      hash.gsub /\n+/, ""
+    end
+
+    private
+
+    def secret_key
+      ActiverecordCursorPagination.configuration.secret_key
+    end
+
+    def format(sql)
+      sql_str = sql.only(:joins, :where, :order).to_sql
+      sql_str.gsub(/[\s\t]*/, ' ').gsub(/\n+/, ' ')
+    end
+  end
+end

data/lib/activerecord_cursor_pagination/version.rb

@@ -0,0 +1,3 @@
+module ActiverecordCursorPagination
+  VERSION = "0.1.0"
+end

data/lib/activerecord_cursor_pagination.rb

@@ -0,0 +1,81 @@
+require 'active_record'
+require 'openssl'
+require 'digest'
+require 'json'
+
+require_relative "activerecord_cursor_pagination/version"
+require_relative "activerecord_cursor_pagination/secret_key_finder"
+require_relative "activerecord_cursor_pagination/configuration"
+require_relative "activerecord_cursor_pagination/serializer"
+require_relative "activerecord_cursor_pagination/secure_cursor_serializer"
+require_relative "activerecord_cursor_pagination/class_formatter"
+require_relative "activerecord_cursor_pagination/sql_signer"
+require_relative "activerecord_cursor_pagination/empty_cursor"
+require_relative "activerecord_cursor_pagination/cursor"
+require_relative "activerecord_cursor_pagination/order_base"
+require_relative "activerecord_cursor_pagination/ascending_order"
+require_relative "activerecord_cursor_pagination/descending_order"
+require_relative "activerecord_cursor_pagination/cursor_scope"
+require_relative "activerecord_cursor_pagination/model_extension"
+require_relative "activerecord_cursor_pagination/extension"
+
+module ActiverecordCursorPagination
+  class Error < StandardError; end
+  class NoSecretKeyError < Error; end
+  class NotSingleRecordError < Error; end
+
+  class CursorError < Error
+    attr_reader :cursor
+
+    def initialize(msg='Cursor error',cursor=nil)
+      super(msg)
+      @cursor = cursor
+    end
+  end
+
+  class InvalidCursorError < CursorError; end
+
+  class << self
+    attr_reader :configuration
+
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def setup(&block)
+      block.call configuration if block
+    end
+
+    def quote_table_column(table, name)
+      table.nil? || table.empty? ? quote_column(name) : "#{quote_table table}.#{quote_column name}"
+    end
+
+    def quote_table(table)
+      table_exists?(table) ? connection.quote_table_name(table) : table
+    end
+
+    def quote_column(name)
+      valid_name?(name) ? connection.quote_column_name(name) : name
+    end
+
+    def strip_quotes(name)
+      name&.gsub '"', ''
+    end
+
+    def valid_name?(name)
+      /\A[\w_]+\z/.match? name
+    end
+
+    def table_exists?(table)
+      valid_name?(table) && connection.table_exists?(table)
+    end
+
+    def connection
+      ActiveRecord::Base.connection
+    end
+  end
+end
+
+ActiveSupport.on_load(:active_record) do
+  ActiveRecord::Base.send :include, ActiverecordCursorPagination::Extension
+end