api_models 0.1.0

data/lib/models/app_policy.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+#
+# Base class for an app policy
+#
+class AppPolicy
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  #
+  # Fields
+  #
+  field :active, type: Boolean, default: false
+  field :message, type: String
+  #
+  # Relationships
+  #
+  belongs_to :app, inverse_of: :policies
+  #
+  # return the policy hash for this agent
+  #
+  def enforce_policy(_agent)
+    {}
+  end
+end

data/lib/models/app_shield_policy.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+#
+# Is the user allowed use this device
+#
+class AppShieldPolicy < AppPolicy
+  #
+  # iOS fields
+  #
+  field :ios_debug, type: Boolean, default: false
+  field :ios_jail_break, type: Boolean, default: false
+  field :ios_hooking_frameworks, type: Boolean, default: false
+  field :ios_repackaging, type: Boolean, default: false
+  field :ios_user_screenshot, type: Boolean, default: false
+  field :ios_system_screenshot, type: Boolean, default: false
+  field :ios_run_time_library, type: Boolean, default: false
+  field :ios_library_injection, type: Boolean, default: false
+  field :ios_keyboard_cache_monitor, type: Boolean, default: false
+  field :ios_block_external_screens, type: Boolean, default: false
+  # Android fields
+  field :android_debug, type: Boolean, default: false
+  field :android_jail_break, type: Boolean, default: false
+  field :android_hooking_frameworks, type: Boolean, default: false
+  field :android_repackaging, type: Boolean, default: false
+  field :android_user_screenshot, type: Boolean, default: false
+  field :android_system_screenshot, type: Boolean, default: false
+  field :android_run_time_library, type: Boolean, default: false
+  field :android_library_injection, type: Boolean, default: false
+  field :android_keyboard_cache_monitor, type: Boolean, default: false
+  field :android_block_external_screens, type: Boolean, default: false
+
+  def enforce_policy(_agent)
+    {}
+  end
+end

data/lib/models/authorized_user_policy.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+#
+# If this app requires an authorized user
+#
+class AuthorizedUserPolicy < AppPolicy
+  #
+  # fields
+  #
+  field :wipe_app_data, type: Boolean, default: false
+
+  #
+  # return the policy hash for this agent
+  #
+  def enforce_policy(agent)
+    policy = super.merge(device_enabled: 1)
+    if active? && !user_can_run_app?(agent)
+      policy[:device_enabled] = 0
+      policy[:device_disabled_message] = message
+      policy[:wipe_app_data] = wipe_app_data
+    end
+    policy
+  rescue StandardError
+    # Return the default policy
+    { device_enabled: 1 }
+  end
+
+  private
+
+  #
+  # can this user run this app?
+  # We first find the user by the agent's device unique identifier
+  # then we make sure hte user has access to that application.
+  #
+  def user_can_run_app?(agent)
+    user = agent.find_user
+    device_identifier = agent.device.unique_identifier
+    device = user.find_device_by device_identifier
+    device.present? && device.approved? && user.allowed_app_set.include?(app)
+  rescue StandardError
+    # On failure, say no
+    false
+  end
+end

data/lib/models/b2b_app.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+#
+# An B2bApp app supports the iTunes B2B program, basically a place holder for VPP codes.
+#
+class B2bApp < App
+  include App47AppAnalyzable
+end

data/lib/models/cat/customer.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+#
+# Caterpillar customer
+#
+module Cat
+  class Customer < User
+  end
+end

data/lib/models/cat/customer_device.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module Cat
+  #
+  # Caterpillar customer device
+  #
+  class CustomerDevice < ::UserDevice
+    field :toolbox_app_id, type: String
+  end
+end

data/lib/models/cl/customer.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+#
+# CloudLink Customer
+#
+module Cl
+  class Customer < User
+  end
+end

data/lib/models/cl/customer_device.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module Cl
+  #
+  # Cloudlink customer device
+  #
+  class CustomerDevice < UserDevice
+    field :toolbox_app_id, type: String
+  end
+end

data/lib/models/commerce_app_store.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+#
+# Type of app that is a commerce app store container
+#
+class CommerceAppStore < ProductApp
+  include App47AppPolicies
+end

data/lib/models/concerns/app47_app_analyzable.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+#
+# Apps that are analyazble, i.e., they have an agent associated
+# with them. For now, web apps and internal apps have these
+# properties.
+#
+module App47AppAnalyzable
+  extend ActiveSupport::Concern
+  #
+  # Add fields, relationships and callbacks
+  #
+  def self.included(base)
+    base.class_eval do
+      #
+      # Fields
+      #
+      field :usage_ranking, type: Integer, default: 0
+      field :analyzable, type: Boolean, default: true
+      field :agent_count, type: Integer, default: 0
+      field :agent_log_level, type: String, default: 'Info'
+      field :agent_capture_timed_events, type: Boolean, default: true
+      field :agent_capture_generic_events, type: Boolean, default: true
+      field :agent_capture_sessions, type: Boolean, default: true
+      field :agent_enabled, type: Boolean, default: true
+      field :agent_upload_on_exit, type: Boolean, default: true
+      field :agent_capture_crash_format, type: String, default: 'none'
+      field :agent_delay_data_upload_interval, type: Integer, default: 1
+      field :agent_configuration_update_frequency, type: Float, default: 1
+      field :agent_session_threshold_seconds, type: Integer, default: 5
+      #
+      # Relationships
+      #
+      has_many :agents, dependent: :destroy, inverse_of: :app
+
+      #
+      # Is the api enabled for this app?
+      #
+      def api_enabled?
+        agent_enabled? && account.api_enabled?
+      rescue StandardError
+        false
+      end
+    end
+  end
+end

data/lib/models/concerns/app47_app_buildable.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+#
+# Applications that have builds
+#
+module App47AppBuildable
+  extend ActiveSupport::Concern
+  TRACKED_VERSION = 'version' unless defined? TRACKED_VERSION
+  TRACKED_VERSION_CODE = 'version_code' unless defined? TRACKED_VERSION_CODE
+  ALL_TRACKED_VERSIONS = [TRACKED_VERSION, TRACKED_VERSION_CODE].freeze unless defined? ALL_TRACKED_VERSIONS
+  #
+  # Add methods to class
+  #
+  def self.included(base)
+    base.class_eval do
+      #
+      # Fields
+      #
+      field :notify_users_on_build_activation, type: Boolean, default: true
+      field :max_builds, type: Integer, default: 10
+      field :buildable, type: Boolean, default: true
+      field :ios_tracked_version, type: String, default: TRACKED_VERSION
+      field :android_tracked_version, type: String, default: TRACKED_VERSION
+      #
+      # Relationships
+      #
+      has_many :app_active_builds, dependent: :destroy, inverse_of: :app
+
+      #
+      # Return what the tracked version is for this Buildable abject, either version or version code
+      #
+      def tracked_version(platform)
+        send("#{platform.downcase}_tracked_version")
+      rescue StandardError
+        TRACKED_VERSION
+      end
+
+      #
+      # Should use the version code for this app on the given platform
+      #
+      def use_version_code?(platform)
+        TRACKED_VERSION_CODE.eql?(tracked_version(platform))
+      end
+    end
+  end
+end

data/lib/models/concerns/app47_app_configurable.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+#
+# An app that can have a configuration
+#
+module App47AppConfigurable
+  extend ActiveSupport::Concern
+  #
+  # Add methods to class
+  #
+  def self.included(base)
+    base.class_eval do
+      #
+      # Relationships
+      #
+      has_many :configuration_groups, dependent: :destroy, inverse_of: :app do
+        #
+        # Return configuration groups that match the agent
+        #
+        def match_agent(agent)
+          where(active: true).collect do |group|
+            next unless group.match_agent?(agent)
+
+            { version: group.version, id: group.id.to_s }
+          end.compact
+        end
+      end
+      #
+      # Fields
+      #
+      field :configurable, type: Boolean, default: true
+    end
+  end
+end

data/lib/models/concerns/app47_app_policies.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+#
+# An app that can have a collection of security policies
+#
+module App47AppPolicies
+  extend ActiveSupport::Concern
+
+  def self.included(base)
+    base.class_eval do
+      has_many :policies, dependent: :destroy, class_name: 'AppPolicy', inverse_of: :app
+    end
+  end
+
+  #
+  # Return authorized users policy
+  #
+  def authorized_user_policy
+    policies.find_by!(_type: 'AuthorizedUserPolicy')
+  rescue StandardError
+    nil
+  end
+
+  #
+  # Return version management
+  #
+  def version_management_policy
+    policies.find_by!(_type: 'VersionManagementPolicy')
+  rescue StandardError
+    nil
+  end
+
+  #
+  # PIN Code policy
+  #
+  def pin_code_policy
+    policies.find_by!(_type: 'PinCodePolicy')
+  rescue StandardError
+    nil
+  end
+
+  #
+  # Time Bomb Policy
+  #
+  def time_bomb_policy
+    policies.find_by!(_type: 'TimeBombPolicy')
+  rescue StandardError
+    nil
+  end
+
+  #
+  # Return app shield policy
+  #
+  def app_shield_policy
+    policies.find_by!(_type: 'AppShieldPolicy')
+  rescue StandardError
+    nil
+  end
+end

data/lib/models/concerns/app47_cdn_url.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+#
+# Take an existing either paperclip object or database field and return
+# a fully qualified cdn url for that file.
+#
+# If the system configuration parameter for the url is not set, then simply return the value.
+#
+# If it is set, then replace the prefix of the URL defined by the boundry of class name, so internal_build will be
+# https://original.amazon.com/internal_builds/id/original.ipa
+#
+# will be transposed to:
+# https://cnd.apazon.com/intenral_builds/id/original.ipa
+#
+# To use this, first include App47::CdnUrl in your class and then when you want the URL of an object call
+# app.cdn_file_url or ubild.cdn_file_url instead of app.file_url or build.file_url.
+#
+#
+module App47CdnUrl
+  #
+  # Handle the call to cdn_whatever
+  #
+  def method_missing(method, *args)
+    if method.to_s.start_with? 'cdn_'
+      url = send method.to_s.sub(/^cdn_/, '')
+      cdn_url = SystemConfiguration.cdn_url
+      unless cdn_url.blank? || url.blank?
+        model_name = "#{self.class.to_s.underscore}s"
+        url = "#{cdn_url}/#{model_name}/#{url.split("/#{model_name}/").last}" if url.include? "/#{model_name}/"
+      end
+      url
+    else
+      super
+    end
+  end
+
+  #
+  # Look for matches on cdn_
+  #
+  def respond_to_missing?(method_name, include_private = false)
+    method_name.to_s.start_with?('cdn_') ? true : super
+  end
+
+  #
+  # Look for matches on cdn_
+  #
+  def respond_to?(method, include_private = false)
+    super unless method.to_s.start_with? 'cdn_'
+  end
+end

data/lib/models/concerns/app47_email_sendable.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+#
+# Objects that emails can be sent too...
+#
+module App47EmailSendable
+  extend ActiveSupport::Concern
+
+  def self.included(base)
+    base.class_eval do
+      field :email, type: String
+      field :email_bounce_date, type: Time
+      field :email_bounce_reason, type: String
+      field :unconfirmed_email, type: String
+      field :email_enabled, type: Boolean, default: true
+
+      before_validation :downcase_email
+    end
+  end
+
+  private
+
+  #
+  # Make sure emails are always downcased
+  #
+  def downcase_email
+    self.email = email.strip.downcase unless email.blank?
+  end
+end

data/lib/models/concerns/app47_logger.rb

@@ -0,0 +1,109 @@
+# frozen_string_literal: true
+
+#
+# Mixin for App47 objects to handle logging in both the rails environment as well
+# as the delayed jobs environment that doesn't know about Rails.logger
+#
+# Provides ways to log at the class level as well as instance level.
+#
+#
+# Usage:
+#  App47Logger.log_debug('meesage')
+#
+# or
+#
+# class ClassName
+#  include App47Logger
+#
+#  def method_name
+#    log_debug('message')
+#  end
+#
+module App47Logger
+  #
+  # Log a debug messages
+  #
+  def self.log_debug(message)
+    log_message :debug, message
+  end
+
+  #
+  # Log a warning messages
+  #
+  # 1. Prints the messages
+  # 2. If an exception is passed n
+  #   2a prints the exception message
+  #   2b prints the stack trace
+  #
+  def self.log_warn(message, exception = nil)
+    log_message :warn, message
+    log_exception :warn, exception
+  end
+
+  #
+  # Log an error messages
+  #
+  # 1. Prints the messages
+  # 2. If an exception is passed n
+  #   2a prints the exception message
+  #   2b prints the stack trace
+  #
+  def self.log_error(message, exception = nil)
+    log_message :error, message
+    log_exception :error, exception
+  end
+
+  #
+  # Log a given exception, but only the first 10 lines in anything but test.
+  #
+  # In testing, we want the full stack to know the test case that failed.
+  #
+  def self.log_exception(level, exception = nil, max_frame = 9)
+    return if exception.blank?
+
+    max_frame = -1 if ENV['RACK_ENV'].eql?('test')
+    log_message(level, exception.message)
+    exception.backtrace[0..max_frame].each { |frame| log_message(level, frame) } unless exception.backtrace.blank?
+  end
+
+  #
+  # Log a given message at the given level
+  #
+  def self.log_message(level, message)
+    if ENV['AWS_LAMBDA_FUNCTION_VERSION'].nil?
+      puts "#{level}: #{message}"
+    else
+      Logger.new($stdout).send(level, message)
+    end
+  rescue StandardError
+    puts "#{level}: #{message}"
+  end
+
+  #
+  # Log a debug message as part of the mixin
+  #
+  def log_message(level, message)
+    App47Logger.log_message level, message
+  end
+
+  #
+  # Log a debug message as part of the mixin
+  #
+  def log_debug(message)
+    App47Logger.log_debug message
+  end
+
+  #
+  # Log a warning message as part of the mixin
+  #
+  def log_warn(message, exception = nil)
+    App47Logger.log_warn message, exception
+  end
+
+  #
+  # Log an error message as part of the mixin
+  #
+  def log_error(message, exception = nil)
+    App47Logger.log_error message, exception
+  end
+end

data/lib/models/concerns/checkin_able.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+#
+# Public: Add checkin timestamp to object
+#
+# Examples
+#
+#   include CheckinAble
+#
+module CheckinAble
+  extend ActiveSupport::Concern
+
+  def self.included(base)
+    base.class_eval do
+      field :last_checkin_at, type: Time, default: Time.now.utc
+      set_callback :save, :before, :check_in_agent
+    end
+  end
+
+  private
+
+  #
+  # Update the last sign in time stamp
+  #
+  def check_in_agent
+    self.last_checkin_at = Time.now.utc
+  end
+end

data/lib/models/concerns/searchable.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+#
+# Public: Add search text to an object
+#
+module Searchable
+  extend ActiveSupport::Concern
+
+  def self.included(base)
+    base.class_eval do
+      field :search_text, type: String
+      before_validation :update_search_text
+    end
+  end
+
+  private
+
+  #
+  # Internal: Update the search text
+  #
+  # Examples
+  #
+  #   update_search_text
+  #
+  # Call before validation to update, changes are persisted with the object.
+  #
+  def update_search_text
+    return if destroyed?
+
+    items = search_fields.reject { |field| send(field.to_sym).blank? }.collect do |field|
+      value = send(field.to_sym)
+      if value.is_a? String
+        value.downcase
+      elsif value.is_a? Array
+        value.empty? ? nil : value.join(' ').downcase
+      end
+    end
+    self.search_text = items.compact.join ' '
+  end
+
+  #
+  # Internal: Which fields to add to search text
+  #
+  # Examples
+  #
+  #   search_fields
+  #   # => ['name', 'email', 'code']
+  #
+  # Return which fields should be added to search
+  #
+  def search_fields
+    %w[name email]
+  end
+end

data/lib/models/configuration_constraint.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+#
+# List of available configuration constraints that are allowed for a given configuration group.
+#
+class ConfigurationConstraint
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  #
+  # Fields
+  #
+  field :name, type: String
+  #
+  # Relationships
+  #
+  has_many :configuration_rules
+  #
+  # Validations
+  #
+  validates_presence_of :name
+  validates_uniqueness_of :name
+end