aven 0.0.1 → 0.0.2

data/app/controllers/aven/oauth/github_controller.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+require "net/http"
+require "json"
+
+module Aven
+  module Oauth
+    class GithubController < BaseController
+      AUTHORIZATION_URL = "https://github.com/login/oauth/authorize"
+      TOKEN_URL = "https://github.com/login/oauth/access_token"
+      USER_INFO_URL = "https://api.github.com/user"
+      USER_EMAIL_URL = "https://api.github.com/user/emails"
+      DEFAULT_SCOPE = "user:email"
+
+      protected
+
+        def authorization_url(state)
+          params = {
+            client_id: oauth_config[:client_id],
+            redirect_uri: callback_url,
+            scope: oauth_config[:scope] || DEFAULT_SCOPE,
+            state:
+          }
+
+          "#{AUTHORIZATION_URL}?#{params.to_query}"
+        end
+
+        def exchange_code_for_token(code)
+          params = {
+            client_id: oauth_config[:client_id],
+            client_secret: oauth_config[:client_secret],
+            code:,
+            redirect_uri: callback_url
+          }
+
+          headers = { "Accept" => "application/json" }
+          oauth_request(URI(TOKEN_URL), params, headers)
+        end
+
+        def fetch_user_info(access_token)
+          # Fetch user profile
+          user_data = github_api_request(USER_INFO_URL, access_token)
+
+          # Fetch primary email if not public
+          email = user_data[:email]
+          if email.blank?
+            emails_data = github_api_request(USER_EMAIL_URL, access_token)
+            primary_email = emails_data.find { |e| e[:primary] && e[:verified] }
+            email = primary_email[:email] if primary_email
+          end
+
+          {
+            id: user_data[:id],
+            email:,
+            name: user_data[:name] || user_data[:login],
+            avatar_url: user_data[:avatar_url],
+            login: user_data[:login]
+          }
+        end
+
+      private
+
+        def callback_url
+          aven.oauth_github_callback_url(host: request.host, protocol: request.protocol)
+        end
+
+        def oauth_config
+          @oauth_config ||= Aven.configuration.oauth_providers[:github] || raise("GitHub OAuth not configured")
+        end
+
+        def github_api_request(url, access_token)
+          uri = URI(url)
+          http = Net::HTTP.new(uri.host, uri.port)
+          http.use_ssl = true
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE if Rails.env.development?
+
+          request = Net::HTTP::Get.new(uri)
+          request["Authorization"] = "Bearer #{access_token}"
+          request["Accept"] = "application/vnd.github.v3+json"
+
+          response = http.request(request)
+
+          unless response.is_a?(Net::HTTPSuccess)
+            raise StandardError, "GitHub API request failed: #{response.body}"
+          end
+
+          JSON.parse(response.body, symbolize_names: true)
+        end
+    end
+  end
+end

data/app/controllers/aven/oauth/google_controller.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require "net/http"
+require "json"
+
+module Aven
+  module Oauth
+    class GoogleController < BaseController
+      AUTHORIZATION_URL = "https://accounts.google.com/o/oauth2/v2/auth"
+      TOKEN_URL = "https://www.googleapis.com/oauth2/v4/token"
+      USER_INFO_URL = "https://www.googleapis.com/oauth2/v3/userinfo"
+      DEFAULT_SCOPE = "openid email profile"
+
+      protected
+
+        def authorization_url(state)
+          params = {
+            client_id: oauth_config[:client_id],
+            redirect_uri: callback_url,
+            response_type: "code",
+            scope: oauth_config[:scope] || DEFAULT_SCOPE,
+            state:,
+            access_type: oauth_config[:access_type] || "offline",
+            prompt: oauth_config[:prompt] || "select_account"
+          }
+
+          "#{AUTHORIZATION_URL}?#{params.to_query}"
+        end
+
+        def exchange_code_for_token(code)
+          params = {
+            code:,
+            client_id: oauth_config[:client_id],
+            client_secret: oauth_config[:client_secret],
+            redirect_uri: callback_url,
+            grant_type: "authorization_code"
+          }
+
+          oauth_request(URI(TOKEN_URL), params)
+        end
+
+        def fetch_user_info(access_token)
+          response = oauth_get_request(URI(USER_INFO_URL), access_token)
+
+          {
+            id: response[:sub],
+            email: response[:email],
+            name: response[:name],
+            picture: response[:picture]
+          }
+        end
+
+      private
+
+        def callback_url
+          aven.oauth_google_callback_url(host: request.host, protocol: request.protocol)
+        end
+
+        def oauth_config
+          @oauth_config ||= Aven.configuration.oauth_providers[:google] || raise("Google OAuth not configured")
+        end
+    end
+  end
+end

data/app/controllers/aven/workspaces_controller.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Aven
+  class WorkspacesController < ApplicationController
+    before_action :authenticate_user!
+
+    # POST /workspaces/:id/switch
+    def switch
+      workspace = current_user.workspaces.friendly.find(params[:id])
+      self.current_workspace = workspace
+      redirect_to after_switch_workspace_path, notice: "Switched to #{workspace.label}"
+    end
+
+    private
+
+      def after_switch_workspace_path
+        Aven.configuration.resolve_authenticated_root_path || root_path
+      end
+  end
+end

data/app/controllers/concerns/aven/authentication.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Aven
+  module Authentication
+    extend ActiveSupport::Concern
+
+    included do
+      helper_method :current_user if respond_to?(:helper_method)
+    end
+
+    private
+      # Returns the currently signed-in user, if any
+      def current_user
+        @current_user ||= Aven::User.find_by(id: session[:user_id]) if session[:user_id]
+      end
+
+      # Signs in the given user by setting the session
+      def sign_in(user)
+        reset_session
+        session[:user_id] = user.id
+        @current_user = user
+      end
+
+      # Signs out the current user by clearing the session
+      def sign_out
+        reset_session
+        @current_user = nil
+      end
+
+      # Stores the current location to redirect back after authentication
+      def store_location
+        session[:return_to_after_authentication] = request.url if request.get?
+      end
+
+      # Returns and clears the stored location for redirect after authentication
+      # This method accepts a resource parameter for API compatibility with Devise
+      def stored_location_for(_resource = nil)
+        session.delete(:return_to_after_authentication)
+      end
+
+      # Requires user to be authenticated, redirects to root if not
+      def authenticate_user!
+        unless current_user
+          store_location
+          redirect_to main_app.root_path, alert: "You must be signed in to access this page."
+        end
+      end
+  end
+end

data/app/controllers/concerns/aven/controller_helpers.rb

@@ -0,0 +1,38 @@
+module Aven
+  module ControllerHelpers
+    extend ActiveSupport::Concern
+
+    included do
+      helper_method :current_workspace if respond_to?(:helper_method)
+    end
+
+    # Get the current workspace from session
+    def current_workspace
+      return @current_workspace if defined?(@current_workspace)
+
+      @current_workspace = if session[:workspace_id].present? && current_user
+        current_user.workspaces.find_by(id: session[:workspace_id])
+      elsif current_user
+        # Auto-select first workspace if none selected
+        workspace = current_user.workspaces.first
+        session[:workspace_id] = workspace&.id
+        workspace
+      end
+    end
+
+    # Set the current workspace
+    def current_workspace=(workspace)
+      @current_workspace = workspace
+      session[:workspace_id] = workspace&.id
+    end
+
+    # Verify user has access to current workspace (similar to Devise's authenticate_user!)
+    def verify_workspace!
+      return unless current_user.present? && current_workspace.present?
+
+      unless current_user.workspaces.exists?(id: current_workspace.id)
+        render file: Rails.public_path.join("404.html"), status: :not_found, layout: false
+      end
+    end
+  end
+end

data/app/helpers/aven/application_helper.rb

@@ -8,13 +8,9 @@ module Aven
       ].compact, "\n"
     end
 
-    def view_component(name, *args, status: nil, **kwargs, &block)
+    def view_component(name, *args, **kwargs, &block)
       component = "Aven::Views::#{name.split("/").map(&:camelize).join("::")}::Component".constantize
-      if status
-        render(component.new(*args, **kwargs), status:, &block)
-      else
-        render(component.new(*args, **kwargs), &block)
-      end
+      render(component.new(*args, **kwargs), &block)
     end
   end
 end

data/app/models/aven/app_record.rb

@@ -53,7 +53,7 @@ module Aven
           registry = JSONSkooma.create_registry("2020-12", assert_formats: true)
           schema_with_meta = app_record_schema.schema.dup
           schema_with_meta["$schema"] ||= "https://json-schema.org/draft/2020-12/schema"
-          json_schema = JSONSkooma::JSONSchema.new(schema_with_meta, registry: registry)
+          json_schema = JSONSkooma::JSONSchema.new(schema_with_meta, registry:)
           result = json_schema.evaluate(data)
           unless result.valid?
             error_output = result.output(:basic)

data/app/models/aven/app_record_schema.rb

@@ -44,4 +44,3 @@ module Aven
       end
   end
 end
-

data/app/models/aven/log.rb

@@ -64,4 +64,3 @@ module Aven
       end
   end
 end
-

data/app/models/aven/loggable.rb

@@ -2,8 +2,8 @@ module Aven
   module Loggable
     def log!(message:, level: "info", metadata: nil, **extra)
       attrs = {
-        message: message,
-        level: level,
+        message:,
+        level:,
         metadata: metadata || {}
       }
 
@@ -18,4 +18,3 @@ module Aven
     end
   end
 end
-

data/app/models/aven/user.rb

@@ -22,11 +22,6 @@
 #
 module Aven
   class User < ApplicationRecord
-    devise(
-      :omniauthable,
-      omniauth_providers: Aven.configuration.auth.providers.map { |p| p[:provider] }
-    )
-
     has_many :workspace_users, dependent: :destroy
     has_many :workspaces, through: :workspace_users
     has_many :workspace_user_roles, through: :workspace_users
@@ -41,23 +36,5 @@ module Aven
     validates :remote_id, uniqueness: { scope: :auth_tenant, case_sensitive: false }, allow_blank: true
 
     encrypts(:access_token)
-
-    def self.create_from_omniauth!(request_env, auth_tenant)
-      user = request_env.dig("omniauth.auth")
-      remote_id = user["uid"]
-      email = user.dig("info", "email") || "#{SecureRandom.uuid}@aven.dev"
-
-      u = where(auth_tenant:, remote_id:).or(
-        where(auth_tenant:, email:)
-      ).first_or_initialize
-
-      u.auth_tenant = auth_tenant
-      u.remote_id = remote_id
-      u.email = email
-      u.access_token = user.dig("credentials", "token")
-      u.save!
-
-      u
-    end
   end
 end

data/app/models/aven/workspace.rb

@@ -16,6 +16,9 @@
 #
 module Aven
   class Workspace < ApplicationRecord
+    extend FriendlyId
+    friendly_id :label, use: :slugged
+
     self.table_name = "aven_workspaces"
 
     has_many :workspace_users, class_name: "Aven::WorkspaceUser", dependent: :destroy
@@ -27,13 +30,54 @@ module Aven
     validates :label, length: { maximum: 255 }, allow_blank: true
     validates :description, length: { maximum: 1000 }, allow_blank: true
 
-    before_validation :generate_slug, if: -> { slug.blank? && label.present? }
+    # Tenant model registry (inspired by Flipper's group registry pattern)
+    class << self
+      # Returns array of all registered tenant model classes
+      def tenant_models
+        @tenant_models ||= []
+      end
+
+      # Register a model class as workspace-scoped
+      # Called automatically when a model includes Aven::TenantModel
+      def register_tenant_model(model_class)
+        return if tenant_models.include?(model_class)
+
+        tenant_models << model_class
+        define_tenant_association(model_class)
+      end
+
+      # Get all registered tenant model class names
+      def tenant_model_names
+        tenant_models.map(&:name)
+      end
+
+      private
+
+        # Define association method for a tenant model
+        # Creates query method that returns ActiveRecord::Relation
+        def define_tenant_association(model_class)
+          association_name = model_class.workspace_association_name
 
-    private
+          # Define instance method for querying tenant records
+          define_method(association_name) do
+            model_class.where(workspace_id: id)
+          end
+        end
+    end
 
-      def generate_slug
-        self.slug = label.parameterize if label.present?
+    # Find a tenant record by type and ID
+    def find_tenant_record(model_name, record_id)
+      model_class = self.class.tenant_models.find { |m| m.name == model_name }
+      return nil unless model_class
+
+      model_class.where(workspace_id: id).find(record_id)
+    end
+
+    # Destroy all tenant data for this workspace
+    def destroy_tenant_data
+      self.class.tenant_models.each do |model_class|
+        model_class.where(workspace_id: id).destroy_all
       end
+    end
   end
 end
-

data/app/models/aven/workspace_role.rb

@@ -44,4 +44,3 @@ module Aven
     end
   end
 end
-

data/app/models/aven/workspace_user.rb

@@ -52,4 +52,3 @@ module Aven
     end
   end
 end
-

data/app/models/aven/workspace_user_role.rb

@@ -36,4 +36,3 @@ module Aven
     scope :with_role, ->(role_label) { joins(:workspace_role).where(aven_workspace_roles: { label: role_label }) }
   end
 end
-

data/config/routes.rb

@@ -1,12 +1,27 @@
 Aven::Engine.routes.draw do
-  devise_for(
-    :users, class_name: "Aven::User", module: :devise, format: false,
-    controllers: { omniauth_callbacks: "aven/auth" }
-  )
+  # Logout route
+  get(:logout, to: "auth#logout", as: :logout)
 
-  # Additional auth routes
-  get("/auth/:provider/authenticate", to: "auth#authenticate", as: :authenticate)
-  get("/auth/logout", to: "auth#logout", as: :logout)
+  # OAuth routes
+  namespace :oauth do
+    # Error page
+    get "error", to: "base#error", as: :error
+
+    # Google OAuth
+    get "google", to: "google#create", as: :google
+    get "google/callback", to: "google#callback", as: :google_callback
+
+    # GitHub OAuth
+    get "github", to: "github#create", as: :github
+    get "github/callback", to: "github#callback", as: :github_callback
+
+    # Auth0 OAuth
+    get "auth0", to: "auth0#create", as: :auth0
+    get "auth0/callback", to: "auth0#callback", as: :auth0_callback
+  end
+
+  # Workspace switching
+  post("/workspaces/:id/switch", to: "workspaces#switch", as: :switch_workspace)
 
   namespace(:admin) do
     root(to: "dashboard#index")

data/db/migrate/{20251003090752_create_aven_users.rb → 20200101000001_create_aven_users.rb}

@@ -13,7 +13,7 @@ class CreateAvenUsers < ActiveRecord::Migration[8.0]
       t.timestamps
     end
 
-    add_index(:aven_users, [:email, :auth_tenant], unique: true)
+    add_index(:aven_users, [ :email, :auth_tenant ], unique: true)
     add_index(:aven_users, :reset_password_token, unique: true)
   end
 end

data/db/migrate/{20251004182010_create_aven_workspace_users.rb → 20200101000003_create_aven_workspace_users.rb}

@@ -7,6 +7,6 @@ class CreateAvenWorkspaceUsers < ActiveRecord::Migration[8.0]
       t.timestamps
     end
 
-    add_index :aven_workspace_users, [:user_id, :workspace_id], unique: true, name: "idx_aven_workspace_users_on_user_workspace"
+    add_index :aven_workspace_users, [ :user_id, :workspace_id ], unique: true, name: "idx_aven_workspace_users_on_user_workspace"
   end
 end

data/db/migrate/{20251004182020_create_aven_workspace_roles.rb → 20200101000004_create_aven_workspace_roles.rb}

@@ -8,6 +8,6 @@ class CreateAvenWorkspaceRoles < ActiveRecord::Migration[8.0]
       t.timestamps
     end
 
-    add_index :aven_workspace_roles, [:workspace_id, :label], unique: true, name: "idx_aven_workspace_roles_on_ws_label"
+    add_index :aven_workspace_roles, [ :workspace_id, :label ], unique: true, name: "idx_aven_workspace_roles_on_ws_label"
   end
 end

data/db/migrate/{20251004182030_create_aven_workspace_user_roles.rb → 20200101000005_create_aven_workspace_user_roles.rb}

@@ -7,6 +7,6 @@ class CreateAvenWorkspaceUserRoles < ActiveRecord::Migration[8.0]
       t.timestamps
     end
 
-    add_index :aven_workspace_user_roles, [:workspace_role_id, :workspace_user_id], unique: true, name: "idx_aven_ws_user_roles_on_role_user"
+    add_index :aven_workspace_user_roles, [ :workspace_role_id, :workspace_user_id ], unique: true, name: "idx_aven_ws_user_roles_on_role_user"
   end
 end

data/db/migrate/{20251004190000_create_aven_logs.rb → 20200101000006_create_aven_logs.rb}

@@ -15,8 +15,7 @@ class CreateAvenLogs < ActiveRecord::Migration[8.0]
 
     add_index :aven_logs, :created_at
     add_index :aven_logs, :level
-    add_index :aven_logs, [:loggable_type, :loggable_id], name: "index_aven_logs_on_loggable"
-    add_index :aven_logs, [:loggable_type, :loggable_id, :run_id, :state, :created_at], name: "idx_aven_logs_on_loggable_run_state_created_at"
+    add_index :aven_logs, [ :loggable_type, :loggable_id ], name: "index_aven_logs_on_loggable"
+    add_index :aven_logs, [ :loggable_type, :loggable_id, :run_id, :state, :created_at ], name: "idx_aven_logs_on_loggable_run_state_created_at"
   end
 end
-

data/db/migrate/{20251004190100_create_aven_app_record_schemas.rb → 20200101000007_create_aven_app_record_schemas.rb}

@@ -9,4 +9,3 @@ class CreateAvenAppRecordSchemas < ActiveRecord::Migration[8.0]
     add_index :aven_app_record_schemas, :schema, using: :gin
   end
 end
-

data/db/migrate/{20251004190110_create_aven_app_records.rb → 20200101000008_create_aven_app_records.rb}

@@ -9,4 +9,3 @@ class CreateAvenAppRecords < ActiveRecord::Migration[8.0]
     add_index :aven_app_records, :data, using: :gin
   end
 end
-

data/lib/aven/configuration.rb

@@ -1,23 +1,39 @@
 module Aven
   class Configuration
-    attr_reader :auth
     attr_accessor :authenticated_root_path
+    attr_accessor :oauth_providers
 
     def initialize
-      @auth = Auth.new
       @authenticated_root_path = nil
+      @oauth_providers = {}
     end
 
-    class Auth
-      attr_reader :providers
+    # Configure OAuth providers
+    #
+    # @param provider [Symbol] The OAuth provider name (:github, :google, etc.)
+    # @param credentials [Hash] Configuration hash with:
+    #   - :client_id [String] OAuth client ID
+    #   - :client_secret [String] OAuth client secret
+    #   - :scope [String] Optional. OAuth scopes to request
+    #   - Any other provider-specific options
+    #
+    # @example
+    #   config.configure_oauth(:github, {
+    #     client_id: "abc123",
+    #     client_secret: "secret",
+    #     scope: "user:email,repo,workflow"
+    #   })
+    def configure_oauth(provider, credentials = {})
+      @oauth_providers[provider.to_sym] = credentials
+    end
 
-      def initialize
-        @providers = []
-      end
+    # Resolves authenticated_root_path, calling it if it's a lambda/proc
+    #
+    # @return [String] The resolved path
+    def resolve_authenticated_root_path
+      return nil if @authenticated_root_path.nil?
 
-      def add(provider, *args, **options)
-        @providers << { provider: provider, args: args, options: options }
-      end
+      @authenticated_root_path.respond_to?(:call) ? @authenticated_root_path.call : @authenticated_root_path
     end
   end
 

data/lib/aven/engine.rb

@@ -1,13 +1,11 @@
-require "devise"
-require "omniauth"
-require "omniauth/rails_csrf_protection"
-require "repost"
 require "importmap-rails"
 require "view_component-contrib"
 require "dry-effects"
 require "tailwind_merge"
 require "json_skooma"
 require "aeros"
+require "friendly_id"
+require "aven/model"
 
 module Aven
   class << self
@@ -20,24 +18,25 @@ module Aven
     Aeros::EngineHelpers.setup_assets(self, namespace: Aven)
     Aeros::EngineHelpers.setup_importmap(self, namespace: Aven)
 
-    # Ensure migrations are available to the host app
-    initializer "aven.migrations" do
-      unless Rails.env.test? || Rails.application.class.module_parent_name == "Dummy"
+    # Append engine migrations to the main app
+    initializer :append_migrations do |app|
+      unless app.root.to_s.include?("test/dummy")
         config.paths["db/migrate"].expanded.each do |expanded_path|
-          Rails.application.config.paths["db/migrate"] << expanded_path
+          app.config.paths["db/migrate"] << expanded_path
         end
       end
     end
 
-    initializer "aven.devise", after: :load_config_initializers do
-      # Configure OmniAuth providers from Aven configuration
-      providers = Aven.configuration.auth.providers
+    # Include engine route helpers, authentication, and controller helpers in controllers and views
+    initializer "aven.helpers" do
+      ActiveSupport.on_load(:action_controller) do
+        include Aven::Engine.routes.url_helpers
+        include Aven::Authentication
+        include Aven::ControllerHelpers
+      end
 
-      # Add OmniAuth middleware
-      Rails.application.config.middleware.use OmniAuth::Builder do
-        providers.each do |provider_config|
-          provider provider_config[:provider], *provider_config[:args], **provider_config[:options]
-        end
+      ActiveSupport.on_load(:action_view) do
+        include Aven::Engine.routes.url_helpers
       end
     end
   end