beskar 0.0.1 → 0.1.0

data/app/controllers/beskar/application_controller.rb

@@ -1,4 +1,174 @@
 module Beskar
   class ApplicationController < ActionController::Base
+    # Use the main app's CSRF protection settings
+    protect_from_forgery with: :exception, prepend: true
+
+    layout 'beskar/application'
+
+    # Ensure CSRF token is available for forms
+    before_action :ensure_csrf_token
+
+    before_action :authenticate_admin!
+
+    private
+
+    # Override this method in your application to implement authentication
+    # For example, you might want to use Devise's authenticate_admin! or
+    # a custom authentication method
+    def authenticate_admin!
+      unless Beskar.configuration.authenticate_admin.present?
+        handle_missing_authentication_configuration
+        return false
+      end
+
+      handle_custom_authentication
+    end
+
+    def handle_custom_authentication
+      # Execute the authentication block in the controller's context
+      # This gives the block access to controller methods like cookies, session,
+      # authenticate_or_request_with_http_basic, etc.
+      result = instance_exec(request, &Beskar.configuration.authenticate_admin)
+      return true if result
+
+      handle_authentication_failure
+      false
+    rescue => e
+      Rails.logger.error "Beskar authentication error: #{e.message}"
+      handle_authentication_failure
+      false
+    end
+
+    def handle_missing_authentication_configuration
+      # Log the configuration error for debugging, but return 404 to avoid revealing Beskar is installed
+      error_message = <<~MSG
+        Beskar authentication not configured!
+
+        Configure Beskar.configuration.authenticate_admin in your initializer:
+
+        # config/initializers/beskar.rb
+        Beskar.configuration.authenticate_admin = ->(request) do
+          # The block is executed in the controller context, giving you access
+          # to controller methods like cookies, session, authenticate_or_request_with_http_basic, etc.
+
+          # Example 1: Check for admin user with Devise
+          # user = request.env['warden']&.authenticate(scope: :user)
+          # user&.admin?
+
+          # Example 2: HTTP Basic Auth (uses controller method)
+          # authenticate_or_request_with_http_basic do |username, password|
+          #   username == ENV['BESKAR_USERNAME'] && password == ENV['BESKAR_PASSWORD']
+          # end
+
+          # Example 3: Cookie-based auth (uses controller cookies)
+          # cookies.signed[:admin_token] == ENV['BESKAR_ADMIN_TOKEN']
+
+          # Example 4: Simple token-based auth
+          # request.headers['Authorization'] == "Bearer #{ENV['BESKAR_ADMIN_TOKEN']}"
+
+          # Example 5: For development/testing (NOT for production!)
+          # Rails.env.development? || Rails.env.test?
+        end
+      MSG
+
+      Rails.logger.error error_message
+      render_404
+    end
+
+    def handle_authentication_failure
+      # Return 404 to avoid revealing that Beskar is installed
+      render_404
+    end
+
+    def render_404
+      respond_to do |format|
+        format.html { render file: "#{Rails.public_path}/404.html", status: :not_found, layout: false }
+        format.json { render json: { error: "Not found" }, status: :not_found }
+        format.any  { head :not_found }
+      end
+    end
+
+    # Helper method to format timestamps
+    def format_timestamp(time)
+      return "-" unless time
+      time.in_time_zone.strftime("%Y-%m-%d %H:%M:%S %Z")
+    end
+    helper_method :format_timestamp
+
+    # Helper method to format IP addresses with location if available
+    def format_ip_with_location(ip, metadata = {})
+      return ip unless metadata.present?
+
+      location_parts = []
+      if metadata["geolocation"].present?
+        geo = metadata["geolocation"]
+        location_parts << geo["city"] if geo["city"].present?
+        location_parts << geo["country"] if geo["country"].present?
+      end
+
+      return ip if location_parts.empty?
+      "#{ip} (#{location_parts.join(', ')})"
+    end
+    helper_method :format_ip_with_location
+
+    # Helper to determine risk level badge color
+    def risk_level_class(risk_score)
+      return "neutral" unless risk_score
+
+      case risk_score
+      when 0..30
+        "success"
+      when 31..60
+        "warning"
+      when 61..85
+        "danger"
+      else
+        "critical"
+      end
+    end
+    helper_method :risk_level_class
+
+    # Helper to format event type for display
+    def format_event_type(event_type)
+      event_type.to_s.humanize.titleize
+    end
+    helper_method :format_event_type
+
+    # Pagination helper
+    def paginate(collection, per_page: 25)
+      # Handle per_page from params if provided
+      if params[:per_page].present?
+        per_page = params[:per_page].to_i
+        per_page = 25 if per_page <= 0  # Default if invalid
+        per_page = 100 if per_page > 100  # Max limit
+      end
+
+      page = (params[:page] || 1).to_i
+      page = 1 if page < 1
+
+      total_count = collection.count
+      total_pages = total_count > 0 ? (total_count.to_f / per_page).ceil : 0
+
+      offset = (page - 1) * per_page
+      records = collection.limit(per_page).offset(offset)
+
+      {
+        records: records,
+        current_page: page,
+        total_pages: total_pages,
+        total_count: total_count,
+        per_page: per_page,
+        has_previous: page > 1,
+        has_next: page < total_pages,
+        previous_page: page > 1 ? page - 1 : nil,
+        next_page: page < total_pages ? page + 1 : nil
+      }
+    end
+
+    # Ensure CSRF token is properly set for forms in the engine
+    def ensure_csrf_token
+      # Force generation of CSRF token if not present
+      form_authenticity_token
+    end
   end
 end

data/app/controllers/beskar/banned_ips_controller.rb

@@ -0,0 +1,280 @@
+require 'csv'
+
+module Beskar
+  class BannedIpsController < ApplicationController
+    before_action :set_banned_ip, only: [:show, :edit, :update, :destroy, :extend]
+
+    def index
+      @banned_ips = Beskar::BannedIp.order(banned_at: :desc)
+
+      # Apply filters
+      apply_filters!
+
+      # Paginate results
+      @pagination = paginate(@banned_ips, per_page: params[:per_page]&.to_i || 25)
+      @banned_ips = @pagination[:records]
+
+      # Get filter options
+      @ban_reasons = Beskar::BannedIp.distinct.pluck(:reason).compact.sort
+      @ban_statuses = ['active', 'expired', 'permanent', 'temporary']
+    end
+
+    def show
+      # Get related security events for this IP
+      @related_events = Beskar::SecurityEvent
+        .where(ip_address: @banned_ip.ip_address)
+        .order(created_at: :desc)
+        .limit(20)
+
+      # Calculate statistics
+      @stats = {
+        total_events: @related_events.count,
+        avg_risk_score: @related_events.average(:risk_score)&.round(1) || 0,
+        max_risk_score: @related_events.maximum(:risk_score) || 0,
+        first_seen: @related_events.minimum(:created_at),
+        last_seen: @related_events.maximum(:created_at)
+      }
+    end
+
+    def new
+      @banned_ip = Beskar::BannedIp.new
+      @suggested_ip = params[:ip_address]
+      @suggested_reason = params[:reason]
+    end
+
+    def create
+      manager = BannedIpManager.new(create_params)
+      manager.create
+
+      if manager.success?
+        redirect_to banned_ip_path(manager.banned_ip),
+                    notice: "IP address #{manager.banned_ip.ip_address} has been banned successfully."
+      else
+        @banned_ip = manager.banned_ip
+        render :new
+      end
+    end
+
+    def edit
+    end
+
+    def update
+      if @banned_ip.update(banned_ip_params)
+        redirect_to banned_ip_path(@banned_ip),
+                    notice: "Ban for IP #{@banned_ip.ip_address} has been updated."
+      else
+        render :edit
+      end
+    end
+
+    def destroy
+      ip_address = @banned_ip.ip_address
+      @banned_ip.destroy
+
+      redirect_to banned_ips_path,
+                  notice: "IP address #{ip_address} has been unbanned."
+    end
+
+    def extend
+      # Default to 24 hours if no duration specified (e.g., from index page)
+      duration_param = params[:duration] || '24h'
+
+      duration = case duration_param
+      when '1h'
+        1.hour
+      when '6h'
+        6.hours
+      when '24h'
+        24.hours
+      when '7d'
+        7.days
+      when '30d'
+        30.days
+      when 'permanent'
+        nil
+      else
+        24.hours
+      end
+
+      if duration_param == 'permanent'
+        @banned_ip.update!(permanent: true, expires_at: nil)
+        message = "Ban for IP #{@banned_ip.ip_address} is now permanent."
+      else
+        # Ensure the ban can be extended (not already permanent)
+        if @banned_ip.permanent?
+          redirect_to banned_ip_path(@banned_ip), alert: "Cannot extend a permanent ban."
+          return
+        end
+
+        @banned_ip.extend_ban!(duration)
+        duration_text = duration_param == '24h' ? '24 hours' : duration_param.gsub(/(\d+)([hd])/, '\1 \2').gsub('h', 'hour(s)').gsub('d', 'day(s)')
+        message = "Ban for IP #{@banned_ip.ip_address} has been extended by #{duration_text}."
+      end
+
+      redirect_to banned_ip_path(@banned_ip), notice: message
+    rescue => e
+      Rails.logger.error "Failed to extend ban: #{e.message}"
+      redirect_to banned_ip_path(@banned_ip), alert: "Failed to extend ban: #{e.message}"
+    end
+
+    def bulk_action
+      case params[:bulk_action]
+      when 'unban'
+        unban_selected
+      when 'make_permanent'
+        make_permanent_selected
+      when 'extend'
+        extend_selected
+      else
+        redirect_to banned_ips_path, alert: "Unknown action."
+      end
+    end
+
+    def export
+      @banned_ips = Beskar::BannedIp.all
+      apply_filters!
+
+      respond_to do |format|
+        format.csv do
+          send_data generate_csv(@banned_ips),
+            filename: "banned-ips-#{Date.current}.csv",
+            type: 'text/csv'
+        end
+        format.json do
+          render json: @banned_ips.as_json(except: [:updated_at])
+        end
+      end
+    end
+
+    private
+
+    def set_banned_ip
+      @banned_ip = Beskar::BannedIp.find(params[:id])
+    end
+
+    def banned_ip_params
+      params.require(:banned_ip).permit(
+        :ip_address, :reason, :details, :permanent,
+        :expires_at, :violation_count, metadata: {}
+      )
+    end
+
+    def create_params
+      banned_ip_params.to_h.merge(
+        ban_type: params[:ban_type],
+        duration: params[:duration]
+      ).symbolize_keys
+    end
+
+    def apply_filters!
+      # Filter by status
+      case params[:status]
+      when 'active'
+        @banned_ips = @banned_ips.active
+      when 'expired'
+        @banned_ips = @banned_ips.expired
+      when 'permanent'
+        @banned_ips = @banned_ips.permanent
+      when 'temporary'
+        @banned_ips = @banned_ips.temporary
+      end
+
+      # Filter by reason
+      if params[:reason].present?
+        @banned_ips = @banned_ips.by_reason(params[:reason])
+      end
+
+      # Filter by IP address (partial match)
+      if params[:ip_search].present?
+        @banned_ips = @banned_ips.where("ip_address LIKE ?", "%#{params[:ip_search]}%")
+      end
+
+      # Filter by date range
+      if params[:banned_after].present?
+        begin
+          date = Date.parse(params[:banned_after])
+          @banned_ips = @banned_ips.where("banned_at >= ?", date.beginning_of_day)
+        rescue ArgumentError
+          # Invalid date, ignore
+        end
+      end
+
+      if params[:banned_before].present?
+        begin
+          date = Date.parse(params[:banned_before])
+          @banned_ips = @banned_ips.where("banned_at <= ?", date.end_of_day)
+        rescue ArgumentError
+          # Invalid date, ignore
+        end
+      end
+    end
+
+    def unban_selected
+      if params[:ip_ids].present?
+        banned_ips = Beskar::BannedIp.where(id: params[:ip_ids])
+        count = banned_ips.count
+
+        banned_ips.destroy_all
+
+        redirect_to banned_ips_path,
+                    notice: "#{count} IP(s) have been unbanned."
+      else
+        redirect_to banned_ips_path, alert: "No IPs selected."
+      end
+    end
+
+    def make_permanent_selected
+      if params[:ip_ids].present?
+        count = Beskar::BannedIp.where(id: params[:ip_ids])
+                       .update_all(permanent: true, expires_at: nil)
+
+        redirect_to banned_ips_path,
+                    notice: "#{count} ban(s) have been made permanent."
+      else
+        redirect_to banned_ips_path, alert: "No IPs selected."
+      end
+    end
+
+    def extend_selected
+      if params[:ip_ids].present? && params[:duration].present?
+        banned_ips = Beskar::BannedIp.where(id: params[:ip_ids])
+
+        duration = case params[:duration]
+        when '24h' then 24.hours
+        when '7d' then 7.days
+        when '30d' then 30.days
+        else 24.hours
+        end
+
+        banned_ips.each do |banned_ip|
+          banned_ip.extend_ban!(duration)
+        end
+
+        redirect_to banned_ips_path,
+                    notice: "#{banned_ips.count} ban(s) have been extended."
+      else
+        redirect_to banned_ips_path, alert: "No IPs selected or duration not specified."
+      end
+    end
+
+    def generate_csv(banned_ips)
+      require 'csv'
+
+      CSV.generate(headers: true) do |csv|
+        csv << ['IP Address', 'Reason', 'Banned At', 'Expires At', 'Status', 'Violation Count', 'Details']
+
+        banned_ips.find_each do |ban|
+          csv << [
+            ban.ip_address,
+            ban.reason,
+            ban.banned_at.strftime('%Y-%m-%d %H:%M:%S'),
+            ban.expires_at&.strftime('%Y-%m-%d %H:%M:%S') || (ban.permanent? ? 'Never (Permanent)' : '-'),
+            ban.active? ? 'Active' : 'Expired',
+            ban.violation_count,
+            ban.details || '-'
+          ]
+        end
+      end
+    end
+  end
+end

data/app/controllers/beskar/dashboard_controller.rb

@@ -0,0 +1,70 @@
+module Beskar
+  class DashboardController < ApplicationController
+    def index
+      # Time ranges for statistics
+      @time_range = params[:time_range] || '24h'
+      @start_time = calculate_start_time(@time_range)
+
+      # Overview statistics
+      @stats = {
+        total_events: Beskar::SecurityEvent.where("created_at >= ?", @start_time).count,
+        failed_logins: Beskar::SecurityEvent.where("created_at >= ?", @start_time).login_failures.count,
+        blocked_ips: Beskar::BannedIp.active.count,
+        high_risk_events: Beskar::SecurityEvent.where("created_at >= ?", @start_time).high_risk.count,
+        critical_threats: Beskar::SecurityEvent.where("created_at >= ?", @start_time).critical_risk.count
+      }
+
+      # Recent activity
+      @recent_events = Beskar::SecurityEvent
+        .includes(:user)
+        .order(created_at: :desc)
+        .limit(10)
+
+      # Top threat IPs
+      @top_threat_ips = Beskar::SecurityEvent
+        .where("created_at >= ?", @start_time)
+        .group(:ip_address)
+        .select("ip_address, COUNT(*) as event_count, AVG(risk_score) as avg_risk_score, MAX(risk_score) as max_risk_score")
+        .having("COUNT(*) > 1")
+        .order("event_count DESC, avg_risk_score DESC")
+        .limit(5)
+
+      # Event types distribution
+      @event_distribution = Beskar::SecurityEvent
+        .where("created_at >= ?", @start_time)
+        .group(:event_type)
+        .count
+        .sort_by { |_, count| -count }
+
+      # Risk score distribution
+      @risk_distribution = {
+        low: Beskar::SecurityEvent.where("created_at >= ? AND risk_score < 30", @start_time).count,
+        medium: Beskar::SecurityEvent.where("created_at >= ? AND risk_score BETWEEN 30 AND 60", @start_time).count,
+        high: Beskar::SecurityEvent.where("created_at >= ? AND risk_score BETWEEN 61 AND 85", @start_time).count,
+        critical: Beskar::SecurityEvent.where("created_at >= ? AND risk_score > 85", @start_time).count
+      }
+
+      # Currently active bans
+      @active_bans = Beskar::BannedIp.active.order(banned_at: :desc).limit(5)
+    end
+
+    private
+
+    def calculate_start_time(range)
+      case range
+      when '1h'
+        1.hour.ago
+      when '6h'
+        6.hours.ago
+      when '24h'
+        24.hours.ago
+      when '7d'
+        7.days.ago
+      when '30d'
+        30.days.ago
+      else
+        24.hours.ago
+      end
+    end
+  end
+end

data/app/controllers/beskar/security_events_controller.rb

@@ -0,0 +1,182 @@
+require 'csv'
+
+module Beskar
+  class SecurityEventsController < ApplicationController
+    def index
+      @events = Beskar::SecurityEvent.preload(:user).order(created_at: :desc)
+
+      # Apply filters
+      apply_filters!
+
+      # Paginate results
+      @pagination = paginate(@events, per_page: params[:per_page]&.to_i || 25)
+      @events = @pagination[:records]
+
+      # Get filter options for dropdowns
+      @event_types = Beskar::SecurityEvent.distinct.pluck(:event_type).sort
+      @risk_levels = ['low', 'medium', 'high', 'critical']
+    end
+
+    def show
+      @event = Beskar::SecurityEvent.find(params[:id])
+
+      # Find related events
+      @related_events = Beskar::SecurityEvent
+        .where.not(id: @event.id)
+        .where(ip_address: @event.ip_address)
+        .order(created_at: :desc)
+        .limit(10)
+
+      # Get user's recent events if user exists
+      if @event.user.present?
+        @user_events = @event.user.security_events
+          .where.not(id: @event.id)
+          .order(created_at: :desc)
+          .limit(10)
+      end
+
+      # Check if IP is banned
+      @ip_ban = Beskar::BannedIp.find_by(ip_address: @event.ip_address)
+    end
+
+    def export
+      @events = Beskar::SecurityEvent.preload(:user)
+
+      # Apply same filters as index
+      apply_filters!
+
+      respond_to do |format|
+        format.csv do
+          send_data generate_csv(@events),
+            filename: "security-events-#{Date.current}.csv",
+            type: 'text/csv'
+        end
+        format.json do
+          render json: @events.as_json(
+            include: { user: { only: [:id, :email] } },
+            except: [:updated_at]
+          )
+        end
+      end
+    end
+
+    private
+
+    def apply_filters!
+      # Filter by event type
+      if params[:event_type].present?
+        @events = @events.where(event_type: params[:event_type])
+      end
+
+      # Filter by risk level
+      if params[:risk_level].present?
+        @events = case params[:risk_level]
+        when 'low'
+          @events.where("risk_score < 30")
+        when 'medium'
+          @events.where("risk_score BETWEEN 30 AND 60")
+        when 'high'
+          @events.where("risk_score BETWEEN 61 AND 85")
+        when 'critical'
+          @events.where("risk_score > 85")
+        else
+          @events
+        end
+      end
+
+      # Filter by IP address
+      if params[:ip_address].present?
+        @events = @events.where("ip_address LIKE ?", "%#{params[:ip_address]}%")
+      end
+
+      # Filter by user email (if attempted_email is stored)
+      if params[:email].present?
+        # Search in attempted_email column and metadata (avoid joining polymorphic)
+        @events = @events.where("attempted_email LIKE ? OR metadata LIKE ?",
+                               "%#{params[:email]}%", "%#{params[:email]}%")
+      end
+
+      # Filter by date range
+      if params[:start_date].present?
+        begin
+          start_date = Date.parse(params[:start_date])
+          @events = @events.where("created_at >= ?", start_date.beginning_of_day)
+        rescue ArgumentError
+          # Invalid date, ignore filter
+        end
+      end
+
+      if params[:end_date].present?
+        begin
+          end_date = Date.parse(params[:end_date])
+          @events = @events.where("created_at <= ?", end_date.end_of_day)
+        rescue ArgumentError
+          # Invalid date, ignore filter
+        end
+      end
+
+      # Quick time range filters
+      if params[:time_range].present?
+        start_time = case params[:time_range]
+        when 'last_hour'
+          1.hour.ago
+        when 'last_24h'
+          24.hours.ago
+        when 'last_7d'
+          7.days.ago
+        when 'last_30d'
+          30.days.ago
+        else
+          nil
+        end
+
+        @events = @events.where("created_at >= ?", start_time) if start_time
+      end
+
+      # Filter by threat level
+      if params[:threats_only] == 'true'
+        @events = @events.high_risk
+      end
+
+      # Search in metadata
+      if params[:search].present?
+        search_term = "%#{params[:search]}%"
+        # Use database-agnostic approach for metadata search
+        if ActiveRecord::Base.connection.adapter_name == 'PostgreSQL'
+          @events = @events.where(
+            "ip_address LIKE ? OR user_agent LIKE ? OR attempted_email LIKE ? OR metadata::text LIKE ?",
+            search_term, search_term, search_term, search_term
+          )
+        else
+          # For SQLite and other databases, search in regular columns
+          # SQLite's JSON support varies by version, so we'll search in standard columns
+          @events = @events.where(
+            "ip_address LIKE ? OR user_agent LIKE ? OR attempted_email LIKE ? OR event_type LIKE ?",
+            search_term, search_term, search_term, search_term
+          )
+        end
+      end
+    end
+
+    def generate_csv(events)
+      require 'csv'
+
+      CSV.generate(headers: true) do |csv|
+        csv << ['ID', 'Date/Time', 'Event Type', 'IP Address', 'User', 'Risk Score', 'User Agent', 'Details']
+
+        events.find_each do |event|
+          csv << [
+            event.id,
+            event.created_at.strftime('%Y-%m-%d %H:%M:%S'),
+            event.event_type,
+            event.ip_address,
+            event.user&.try(:email) || event.attempted_email || '-',
+            event.risk_score,
+            event.user_agent,
+            event.details || event.metadata&.dig("message") || '-'
+          ]
+        end
+      end
+    end
+  end
+end