aha_builder_core 1.0.4 → 1.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 67c88ef564275000006548bd40149fb9d8c9c6a28d7b9faf430a8dd6b338147c
-  data.tar.gz: 10401cac65cfa9f711640911038c12491acaf73b160f340851becdce92edfbb2
+  metadata.gz: 9b8f4ea89a8c48e32987674fde51690fb12724503ca2284af49bb462c3daf70e
+  data.tar.gz: 0ce63753cead6d93aff650414fad65863903326409508c243df9c24bfc7f912e
 SHA512:
-  metadata.gz: f8c526217a495e3e9ec239c4d169eb0848f9bcc6f876ba92f02f114a420f0220313e7960ef1a56b1271c0d270f2906480a5524510e988ecda939eca8491e3f10
-  data.tar.gz: 1eb5ccd35517e18df03ea87a2c93b4eadea3152d79023f440ee19c9930f600543085c6c6ab2e45fccbfb3ee0df1a1bd14b0223ca11315e8826e2d655f5df5880
+  metadata.gz: 795df34548c6321d7bd28f514071fbbb3b797ad5aaabb5f52b86ca8fc1b186741e4bdd87a9d91efbc7151c38e81b8d81340bcff1bb6de42e10832fe47f1bda3b
+  data.tar.gz: 417d5fe39792591decf0e02be88c2095da37cf972ae94dbf5c683e7081cd2252bfc51398d9d3e1737681b280caa85b89ba9acf3dd5905afb9133462bb66bc5f6

data/lib/aha/auth/version.rb

@@ -2,6 +2,6 @@
 
 module Aha
   module Auth
-    VERSION = "1.0.4"
+    VERSION = "1.0.6"
   end
 end

data/lib/aha/auth.rb

@@ -42,15 +42,15 @@ module Aha
 
       # Generate login URL for redirecting users to the auth server
       #
-      # @param session [Hash] Session hash to store the nonce for CSRF verification
+      # @param cookies [Hash] Cookies hash to store the nonce for CSRF verification
       # @param state [String] Optional state parameter to pass through the auth flow
       # @return [String] The login URL
-      def login_url(session:, state: nil)
+      def login_url(cookies:, state: nil)
         # Generate a nonce for CSRF protection
         nonce = SecureRandom.hex(10)
 
         # Store nonce in the client's session if provided
-        session[:auth_nonce] = nonce if session
+        cookies[:auth_nonce] = nonce
 
         # Encode the state with nonce
         state_data = {
@@ -72,23 +72,27 @@ module Aha
       # Exchange an authorization code for tokens
       #
       # @param code [String] The authorization code from the callback (may include nonce)
-      # @param session [Hash] Session hash containing the nonce for CSRF verification
+      # @param cookies [Hash] Cookies hash containing the nonce for CSRF verification
       # @return [Hash] Token response with :session_token, :refresh_token, :expires_at, :user
-      def authenticate_with_code(code:, session:)
+      def authenticate_with_code(code:, cookies:)
         # Split the code and nonce if present
         actual_code, nonce = code.split(".", 2)
 
         # Verify CSRF protection if nonce is present
         if nonce
-          session_nonce = session[:auth_nonce]
+          cookie_nonce = cookies[:auth_nonce]
 
           # Verify nonce matches
-          if session_nonce.blank? || session_nonce != nonce
+          if cookie_nonce.blank? 
+            raise "CSRF verification failed: nonce missing in session"
+          end
+
+          if cookie_nonce != nonce
             raise "CSRF verification failed: nonce mismatch"
           end
 
           # Clear the nonce from session after verification
-          session.delete(:auth_nonce)
+          cookies.delete(:auth_nonce)
         else
           # If we fon't have a none, we can't verify CSRF.
           raise "CSRF verification failed: unable to verify nonce"

data/lib/generators/aha_builder_core/auth/USAGE

@@ -0,0 +1,27 @@
+Description:
+    Generates authentication scaffolding for Aha Builder Core integration.
+    Creates User model, migration, SessionsController, Authentication concern,
+    Current model, and routes.
+
+Example:
+    bin/rails generate aha_builder_core:auth
+
+    This will create:
+        app/models/user.rb
+        app/models/current.rb
+        app/controllers/sessions_controller.rb
+        app/controllers/concerns/authentication.rb
+        db/migrate/XXXXXXXXXXXXXX_create_users.rb
+
+    And add routes:
+        get "login" => "sessions#new"
+        get "callback" => "sessions#callback"
+        delete "logout" => "sessions#logout"
+
+    You can add custom attributes to the User model:
+        bin/rails generate aha_builder_core:auth company:string role:string
+
+    This adds company and role columns to the users table migration.
+
+Options:
+    --skip-migration    Skip generating the database migration

data/lib/generators/aha_builder_core/auth/auth_generator.rb

@@ -0,0 +1,138 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+require "rails/generators/active_record"
+
+module AhaBuilderCore
+  class AuthGenerator < Rails::Generators::Base
+    include ActiveRecord::Generators::Migration
+
+    source_root File.expand_path("templates", __dir__)
+
+    argument :attributes, type: :array, default: [], banner: "field[:type] field[:type]"
+
+    class_option :skip_migration, type: :boolean, default: false, desc: "Skip migration generation"
+
+    def generate_migration_file
+      return if options[:skip_migration]
+
+      migration_template "migration.rb.tt", File.join(db_migrate_path, "create_users.rb")
+    end
+
+    def create_user_model
+      template "user.rb.tt", "app/models/user.rb"
+    end
+
+    def create_current_model
+      template "current.rb.tt", "app/models/current.rb"
+    end
+
+    def create_sessions_controller
+      template "sessions_controller.rb.tt", "app/controllers/sessions_controller.rb"
+    end
+
+    def create_authentication_concern
+      template "authentication.rb.tt", "app/controllers/concerns/authentication.rb"
+    end
+
+    def add_routes
+      route <<~RUBY
+        get "login", to: "sessions#new", as: :new_session
+        get "callback", to: "sessions#callback", as: :session_callback
+        delete "logout", to: "sessions#logout", as: :logout
+      RUBY
+    end
+
+    def add_inertia_auth_share
+      return unless File.exist?("app/controllers/inertia_controller.rb")
+
+      inject_into_file "app/controllers/inertia_controller.rb",
+        after: "inertia_share flash: -> { flash.to_hash }\n" do
+          <<-RUBY
+  inertia_share auth: -> {
+    {
+      user: current_user&.as_json(only: %i[id email first_name last_name])
+    }
+  }
+          RUBY
+        end
+    end
+
+    def add_authentication_to_application_controller
+      inject_into_file "app/controllers/application_controller.rb",
+        after: "class ApplicationController < ActionController::Base\n" do
+          "  include Authentication\n"
+        end
+    end
+
+    def add_typescript_types
+      types_file = "app/frontend/types/index.ts"
+      return unless File.exist?(types_file)
+
+      gsub_file types_file,
+        /export interface Flash \{\n  alert\?: string\n  notice\?: string\n\}\n\nexport interface SharedData \{\n  flash: Flash\n  \[key: string\]: unknown\n\}/,
+        <<~TYPESCRIPT.chomp
+          export interface Flash {
+            alert?: string
+            notice?: string
+          }
+
+          export interface AuthUser {
+            id: number
+            email: string
+            first_name: string | null
+            last_name: string | null
+          }
+
+          export interface SharedData {
+            flash: Flash
+            auth: {
+              user: AuthUser | null
+            }
+            [key: string]: unknown
+          }
+        TYPESCRIPT
+    end
+
+    def generate_js_routes
+      say "\nRegenerating js-routes file...", :green
+      rails_command "js:routes"
+    end
+
+    def display_instructions
+      say "\nAha Auth setup complete!", :green
+    end
+
+    private
+
+    def auth_attributes
+      %w[
+        auth_identifier:string
+        email:string
+        first_name:string
+        last_name:string
+        email_verified:boolean
+      ]
+    end
+
+    def all_attributes
+      @all_attributes ||= (auth_attributes + attributes.map(&:to_s)).map do |attr|
+        Rails::Generators::GeneratedAttribute.parse(attr)
+      end
+    end
+
+    def custom_attributes
+      @custom_attributes ||= attributes.map do |attr|
+        Rails::Generators::GeneratedAttribute.parse(attr.to_s)
+      end
+    end
+
+    def migration_class_name
+      "CreateUsers"
+    end
+
+    def table_name
+      "users"
+    end
+  end
+end

data/lib/generators/aha_builder_core/auth/templates/authentication.rb.tt

@@ -0,0 +1,57 @@
+module Authentication
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :authenticate
+    helper_method :current_user, :logged_in?
+  end
+
+  private
+
+  def authenticate
+    return unless session[:session_token].present?
+
+    session_result = Aha::Auth.validate_session(
+      session[:session_token],
+      refresh_token: session[:refresh_token]
+    )
+
+    if session_result.valid?
+      if session_result.refreshed?
+        session[:session_token] = session_result.new_session_token
+        session[:refresh_token] = session_result.new_refresh_token
+      end
+
+      @current_user = User.find_by(id: session[:user_id])
+      Current.user = @current_user
+    else
+      clear_session
+      redirect_to login_path, alert: "Your session has expired. Please log in again."
+    end
+  rescue Aha::Auth::ApiError => e
+    Rails.logger.error "Session validation failed: #{e.message}"
+    clear_session
+    redirect_to login_path, alert: "Authentication error. Please log in again."
+  end
+
+  def current_user
+    @current_user ||= Current.user
+  end
+
+  def logged_in?
+    current_user.present?
+  end
+
+  def require_authentication
+    return if logged_in?
+
+    redirect_to login_path(return_to: request.fullpath), alert: "You must be logged in to access this page."
+  end
+
+  def clear_session
+    session.delete(:session_token)
+    session.delete(:refresh_token)
+    session.delete(:user_id)
+    @current_user = nil
+  end
+end

data/lib/generators/aha_builder_core/auth/templates/current.rb.tt

@@ -0,0 +1,3 @@
+class Current < ActiveSupport::CurrentAttributes
+  attribute :user
+end

data/lib/generators/aha_builder_core/auth/templates/migration.rb.tt

@@ -0,0 +1,21 @@
+class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :users do |t|
+      t.string :auth_identifier, null: false
+      t.string :email, null: false
+      t.string :first_name
+      t.string :last_name
+      t.boolean :email_verified, default: false, null: false
+<% custom_attributes.each do |attribute| -%>
+<% unless attribute.virtual? -%>
+      t.<%= attribute.type %> :<%= attribute.name %><%= attribute.inject_options %>
+<% end -%>
+<% end -%>
+
+      t.timestamps
+    end
+
+    add_index :users, :auth_identifier, unique: true
+    add_index :users, :email, unique: true
+  end
+end

data/lib/generators/aha_builder_core/auth/templates/sessions_controller.rb.tt

@@ -0,0 +1,50 @@
+class SessionsController < ApplicationController
+  skip_before_action :authenticate, only: [ :new, :callback ]
+
+  def new
+    redirect_to Aha::Auth.login_url(
+      state: { return_to: params[:return_to] || root_path }.to_json,
+      cookies:
+    ), allow_other_host: true
+  end
+
+  def callback
+    if params[:code].present?
+      result = Aha::Auth.authenticate_with_code(code: params[:code], cookies:)
+
+      user = User.find_or_initialize_by(auth_identifier: result[:user]["id"])
+
+      user.update!(
+        email: result[:user]["email"],
+        first_name: result[:user]["first_name"],
+        last_name: result[:user]["last_name"],
+        email_verified: result[:user]["email_verified"]
+      )
+
+      session[:session_token] = result[:session_token]
+      session[:refresh_token] = result[:refresh_token]
+      session[:user_id] = user.id
+
+      state = JSON.parse(params[:state]) rescue {}
+      redirect_to state["return_to"] || root_path
+    else
+      redirect_to new_session_path, alert: "Authentication failed. Please try again."
+    end
+  rescue Aha::Auth::ApiError => e
+    Rails.logger.error "Authentication failed: #{e.message}"
+    redirect_to new_session_path, alert: "Authentication failed. Please try again."
+  end
+
+  def logout
+    if session[:session_token]
+      begin
+        Aha::Auth.logout(session_token: session[:session_token])
+      rescue => e
+        Rails.logger.error "Logout error: #{e.message}"
+      end
+    end
+
+    clear_session
+    redirect_to root_path, notice: "Successfully signed out."
+  end
+end

data/lib/generators/aha_builder_core/auth/templates/user.rb.tt

@@ -0,0 +1,8 @@
+class User < ApplicationRecord
+  validates :auth_identifier, presence: true, uniqueness: true
+  validates :email, presence: true, uniqueness: true, format: { with: URI::MailTo::EMAIL_REGEXP }
+
+  def name
+    "#{first_name} #{last_name}".strip.presence || email
+  end
+end

data/lib/generators/aha_builder_core/blob_storage/USAGE

@@ -0,0 +1,19 @@
+Description:
+    Configures Active Storage to use Aha blob storage service.
+
+    This generator sets up S3-compatible blob storage for file uploads
+    using environment variables provided by the container orchestrator.
+
+Example:
+    bin/rails generate aha_builder_core:blob_storage
+
+    This will:
+    - Run active_storage:install to create required migrations
+    - Add aws-sdk-s3 gem to Gemfile
+    - Update config/storage.yml with blob storage configuration
+    - Set config.active_storage.service = :blob in development.rb
+    - Set config.active_storage.service = :blob in production.rb
+
+Prerequisites:
+    The container must have blob storage attached via the SetupBlobStorageTool
+    which sets the required BLOB_UPLOADS_S3_* environment variables.

data/lib/generators/aha_builder_core/blob_storage/blob_storage_generator.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module AhaBuilderCore
+  class BlobStorageGenerator < Rails::Generators::Base
+    source_root File.expand_path("templates", __dir__)
+
+    def install_active_storage
+      run "bin/rails active_storage:install"
+    end
+
+    def add_aws_sdk_gem
+      gem "aws-sdk-s3", require: false unless gem_exists?("aws-sdk-s3")
+    end
+
+    def update_storage_yml
+      template "storage.yml.tt", "config/storage.yml", force: true
+    end
+
+    def update_development_environment
+      gsub_file "config/environments/development.rb",
+        /config\.active_storage\.service\s*=\s*:\w+/,
+        "config.active_storage.service = :blob"
+    end
+
+    def update_production_environment
+      gsub_file "config/environments/production.rb",
+        /config\.active_storage\.service\s*=\s*:\w+/,
+        "config.active_storage.service = :blob"
+    end
+
+    def display_instructions
+      say "\nBlob storage configured!", :green
+    end
+
+    private
+
+    def gem_exists?(gem_name)
+      File.read("Gemfile").include?(gem_name)
+    end
+  end
+end

data/lib/generators/aha_builder_core/blob_storage/templates/storage.yml.tt

@@ -0,0 +1,16 @@
+test:
+  service: Disk
+  root: <%%= Rails.root.join("tmp/storage") %>
+
+local:
+  service: Disk
+  root: <%%= Rails.root.join("storage") %>
+
+blob:
+  service: S3
+  endpoint: <%%= ENV.fetch('BLOB_UPLOADS_S3_ENDPOINT') %>
+  access_key_id: <%%= ENV.fetch('BLOB_UPLOADS_S3_ACCESS_KEY_ID') %>
+  secret_access_key: <%%= ENV.fetch('BLOB_UPLOADS_S3_SECRET_ACCESS_KEY') %>
+  region: <%%= ENV.fetch('BLOB_UPLOADS_S3_REGION', 'us-east-1') %>
+  bucket: <%%= ENV.fetch('BLOB_UPLOADS_S3_BUCKET') %>
+  force_path_style: true

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aha_builder_core
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 1.0.6
 platform: ruby
 authors:
 - Aha! Labs Inc.
@@ -125,6 +125,16 @@ files:
 - lib/aha/auth/users_resource.rb
 - lib/aha/auth/version.rb
 - lib/aha_builder_core.rb
+- lib/generators/aha_builder_core/auth/USAGE
+- lib/generators/aha_builder_core/auth/auth_generator.rb
+- lib/generators/aha_builder_core/auth/templates/authentication.rb.tt
+- lib/generators/aha_builder_core/auth/templates/current.rb.tt
+- lib/generators/aha_builder_core/auth/templates/migration.rb.tt
+- lib/generators/aha_builder_core/auth/templates/sessions_controller.rb.tt
+- lib/generators/aha_builder_core/auth/templates/user.rb.tt
+- lib/generators/aha_builder_core/blob_storage/USAGE
+- lib/generators/aha_builder_core/blob_storage/blob_storage_generator.rb
+- lib/generators/aha_builder_core/blob_storage/templates/storage.yml.tt
 homepage: https://www.aha.io
 licenses:
 - MIT