blazer 2.2.0 → 2.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dac159313b83f05cfa2b39da88d889b08e0089a75047a6aff43c24d735b86eb2
-  data.tar.gz: e1d3594c4e957f04ffa575ce1aac36abf29586c275a2c402c2da5b9401356c57
+  metadata.gz: 7bc246636d4907ea33d0194ed415aaa5669013ee3e71728ef024f89ac9860feb
+  data.tar.gz: 3c4d7cf6b528716d80578aea44ef733e8e30c040785d585b4abf183251b87e3e
 SHA512:
-  metadata.gz: 05a6d614fd96a40526f0ef7bb34cf6207a48e7bcdb6495f7ea925bec919c116918ad721d388e856c388d6746033fd184eadf25ca93a4afb9c541a8ab8758f8e1
-  data.tar.gz: 79e9087b9e4015cd866fe2b382f0bb015c104af05f9c8b1c209ce2aa06713a46436e2aa307a9901bf0d31fec861463f1224b0cc610d76e2dd5c9c12aa40a8807
+  metadata.gz: 66e86f97070e03626320557b119666898db9ffbf812edd6b4c502384d6ad1b1e4b428d9d832be83ba0eaa004188403db2f66cc7b6a76c70dd351c1861fd8d6b5
+  data.tar.gz: df1eeee72f609e1c4b5a19da492803bc86737ff26d3fce9ef86490cb54b3444baecd2ceaa4dc2fa5c1773d68462e28927142f67878ee6284de97a4cb7743cf63

data/CHANGELOG.md

@@ -1,21 +1,45 @@
-## 2.2.0
+## 2.2.5 (2020-06-03)
+
+- Updated maps to fix deprecation error
+
+## 2.2.4 (2020-05-30)
+
+- Fixed error with new queries
+
+## 2.2.3 (2020-05-30)
+
+- Improved query parameter handling
+
+## 2.2.2 (2020-04-13)
+
+- Added experimental support for the Socrata Open Data API (SODA)
+- Added experimental Prophet forecasting
+- Fixed query search for non-ASCII characters
+
+## 2.2.1 (2019-10-08)
+
+- Added support for Sprockets 4
+- Improved Snowflake table preview
+- Fixed bug with refresh link not showing
+
+## 2.2.0 (2019-07-12)
 
 - Added schema to table preview for Postgres and Redshift
 - Fixed bug with Slack notifications not sending
 - Dropped support for Rails 4.2
 
-## 2.1.0
+## 2.1.0 (2019-06-04)
 
 - Require latest Chartkick to prevent possible XSS - see [#245](https://github.com/ankane/blazer/issues/245)
 
-## 2.0.2
+## 2.0.2 (2019-05-26)
 
 - Added support for variable transformation for blind indexing
 - Added experimental support for Neo4j
 - Added experimental support for Salesforce
 - Fixed JavaScript sorting for numbers with commas
 
-## 2.0.1
+## 2.0.1 (2019-01-07)
 
 - Added favicon
 - Added search for checks and schema
@@ -26,7 +50,7 @@
 - Improved docs for new installs
 - Fixed error with canceling queries
 
-## 2.0.0
+## 2.0.0 (2019-01-03)
 
 - Added support for Slack
 - Added `async` option
@@ -39,68 +63,67 @@ Breaking changes
 
 - Dropped support for Rails < 4.2
 
-## 1.9.0
+## 1.9.0 (2018-06-17)
 
 - Prompt developers to check custom `before_action`
 - Better ordering on home page
 - Added support for Snowflake
 
-## 1.8.2
+## 1.8.2 (2018-02-22)
 
 - Added support for Cassandra
 - Fixes for Druid
-
-## 1.8.1
-
 - Added support for Amazon Athena
 - Added support for Druid
 - Fixed query cancellation
 
-## 1.8.0
+There was no 1.8.1 release.
+
+## 1.8.0 (2017-05-01)
 
 - Added support for Rails 5.1
 
-## 1.7.10
+## 1.7.10 (2017-04-03)
 
 - Added support for Google BigQuery
 - Require `drill-sergeant` gem for Apache Drill
 - Better handling of checks with variables
 
-## 1.7.9
+## 1.7.9 (2017-03-20)
 
 - Added beta support for Apache Drill
 - Added email validation for checks
 - Updated Chart.js to 2.5.0
 
-## 1.7.8
+## 1.7.8 (2017-02-06)
 
 - Added support for custom adapters
 - Fixed bug with scatter charts on dashboards
 - Fixed table preview for SQL Server
 - Fixed issue when `default_url_options` set
 
-## 1.7.7
+## 1.7.7 (2016-12-17)
 
 - Fixed preview error for MySQL
 - Fixed error with timeouts for MySQL
 
-## 1.7.6
+## 1.7.6 (2016-12-13)
 
 - Added scatter chart
 - Fixed issue with false values showing up blank
 - Fixed preview for table names with certain characters
 
-## 1.7.5
+## 1.7.5 (2016-11-22)
 
 - Fixed issue with check emails sometimes failing for default Rails 5 ActiveJob adapter
 - Fixed sorting for new dashboards
 
-## 1.7.4
+## 1.7.4 (2016-11-06)
 
 - Removed extra dependencies added in 1.7.1
 - Fixed `send_failing_checks` for default Rails 5 ActiveJob adapter
 
-## 1.7.3
+## 1.7.3 (2016-11-01)
 
 - Fixed JavaScript errors
 - Fixed query cancel error
@@ -108,20 +131,20 @@ Breaking changes
 - Include sample data in email when bad data checks fail
 - Fixed deprecation warnings
 
-## 1.7.2
+## 1.7.2 (2016-10-30)
 
 - Cancel all queries on page nav
 - Prevent Ace from taking over find command
 - Added ability to use hashes for smart columns
 - Added ability to inherit smart variables and columns from other data sources
 
-## 1.7.1
+## 1.7.1 (2016-10-29)
 
 - Do not fork when enter key pressed
 - Use custom version of Chart.js to fix label overlap
 - Improved performance of home page
 
-## 1.7.0
+## 1.7.0 (2016-09-07)
 
 - Added ability to cancel queries on backend for Postgres and Redshift
 - Only run 3 queries at a time on dashboards
@@ -129,65 +152,65 @@ Breaking changes
 - Attempt to reconnect when connection issues
 - Fixed issues with caching
 
-## 1.6.2
+## 1.6.2 (2016-08-11)
 
 - Added basic query permissions
 - Added ability to use arrays and hashes for smart variables
 - Added cancel button for queries
 - Added `lat` and `lng` as map keys
 
-## 1.6.1
+## 1.6.1 (2016-07-30)
 
 - Added support for Presto [beta]
 - Added support for Elasticsearch timeouts
 - Fixed error in Rails 5
 
-## 1.6.0
+## 1.6.0 (2016-07-28)
 
 - Added support for MongoDB [beta]
 - Added support for Elasticsearch [beta]
 - Fixed deprecation warning in Rails 5
 
-## 1.5.1
+## 1.5.1 (2016-07-24)
 
 - Added anomaly detection for data less than 2 weeks
 - Added autolinking urls
 - Added support for images
 
-## 1.5.0
+## 1.5.0 (2016-06-29)
 
 - Added new bar chart format
 - Added anomaly detection checks
 - Added `async` option for polling
 
-## 1.4.0
+## 1.4.0 (2016-06-09)
 
 - Added `slow` cache mode
 - Fixed `BLAZER_DATABASE_URL required` error
 - Fixed issue with duplicate column names
 
-## 1.3.5
+## 1.3.5 (2016-05-11)
 
 - Fixed error with checks
 
-## 1.3.4
+## 1.3.4 (2016-05-11)
 
 - Fixed issue with missing queries
 
-## 1.3.3
+## 1.3.3 (2016-05-08)
 
 - Fixed error with Rails 4.1 and below
 
-## 1.3.2
+## 1.3.2 (2016-05-07)
 
 - Added support for Rails 5
 - Attempt to reconnect for checks
 
-## 1.3.1
+## 1.3.1 (2016-05-06)
 
 - Fixed migration error
 
-## 1.3.0
+## 1.3.0 (2016-05-06)
 
 - Added schedule for checks
 - Switched to Chart.js for charts
@@ -196,11 +219,11 @@ Breaking changes
 - Raise error when timeout not supported
 - Added creator to dashboards and checks
 
-## 1.2.1
+## 1.2.1 (2016-04-26)
 
 - Fixed checks
 
-## 1.2.0
+## 1.2.0 (2016-03-22)
 
 - Added non-editable queries
 - Added variable defaults
@@ -209,7 +232,7 @@ Breaking changes
 - Hide variables from commented out lines
 - Fixed regex as variable names
 
-## 1.1.1
+## 1.1.1 (2016-03-06)
 
 - Added `before_action` option
 - Added invert option for checks
@@ -218,7 +241,7 @@ Breaking changes
 - Fixed request URI too large
 - Prevent accidental backspace nav on query page
 
-## 1.1.0
+## 1.1.0 (2015-12-27)
 
 - Replaced pie charts with column charts
 - Fixed error with datepicker
@@ -226,55 +249,55 @@ Breaking changes
 - Added a notice when editing a query that is part of a dashboard
 - Added refresh for dashboards
 
-## 1.0.4
+## 1.0.4 (2015-11-04)
 
 - Added recently viewed queries and dashboards to home page
 - Fixed refresh when transform statement is used
 - Fixed error when no user model
 
-## 1.0.3
+## 1.0.3 (2015-10-18)
 
 - Added maps
 - Added support for Rails 4.0
 
-## 1.0.2
+## 1.0.2 (2015-10-11)
 
 - Fixed error when installing
 - Added `schemas` option
 
-## 1.0.1
+## 1.0.1 (2015-10-08)
 
 - Added comments to queries
 - Added `cache` option
 - Added `user_method` option
 - Added `use_transaction` option
 
-## 1.0.0
+## 1.0.0 (2015-10-04)
 
 - Added support for multiple data sources
 - Added dashboards
 - Added checks
 - Added support for Redshift
 
-## 0.0.8
+## 0.0.8 (2015-09-05)
 
 - Easier to edit queries with variables
 - Dynamically expand editor height as needed
 - No need for spaces in search
 
-## 0.0.7
+## 0.0.7 (2015-07-23)
 
 - Fixed error when no `User` class
 - Fixed forking a query with variables
 - Set time zone after Rails initializes
 
-## 0.0.6
+## 0.0.6 (2015-06-18)
 
 - Added fork button
 - Fixed trending
 - Fixed time zones for date select
 
-## 0.0.5
+## 0.0.5 (2015-01-31)
 
 - Added support for Rails 4.2
 - Fixed error with `mysql2` adapter

data/README.md

@@ -4,9 +4,9 @@ Explore your data with SQL. Easily create charts and dashboards, and share them
 
 [Try it out](https://blazer.dokkuapp.com)
 
-[![Screenshot](https://blazer.dokkuapp.com/assets/screenshot-6ca3115a518b488026e48be83ba0d4c9.png)](https://blazer.dokkuapp.com)
+[![Screenshot](https://blazer.dokkuapp.com/assets/blazer-90fb6ce8ad25614c6f9c3b4619cbfbd66fa3d6567dac34d83df540f6688665f1.png)](https://blazer.dokkuapp.com)
 
-Blazer 2.0 was recently released! See [instructions for upgrading](#20).
+Blazer is also available as a [Docker image](https://github.com/ankane/blazer-docker).
 
 :tangerine: Battle-tested at [Instacart](https://www.instacart.com/opensource)
 
@@ -426,10 +426,32 @@ If you’re on Heroku, follow [these additional instructions](#anomaly-detection
 
 ## Forecasting
 
-Blazer has experimental support for forecasting through [Trend](https://trendapi.org/).
+Blazer has experimental support for two different forecasting methods.
+
+A forecast link will appear for queries that return 2 columns with types timestamp and numeric.
 
 [Example](https://blazer.dokkuapp.com/queries/18-forecast?forecast=t)
 
+### Prophet
+
+**Note:** Prophet only supports daily forecasts right now.
+
+Add [prophet](https://github.com/ankane/prophet) to your Gemfile:
+
+```ruby
+gem 'prophet-rb'
+```
+
+And add to `config/blazer.yml`:
+
+```yml
+forecasting: prophet
+```
+
+### Trend
+
+[Trend](https://trendapi.org/) uses an external service.
+
 Add [trend](https://github.com/ankane/trend) to your Gemfile:
 
 ```ruby
@@ -442,8 +464,6 @@ And add to `config/blazer.yml`:
 forecasting: trend
 ```
 
-A forecast link will appear for queries that return 2 columns with types timestamp and numeric.
-
 ## Data Sources
 
 Blazer supports multiple data sources :tada:
@@ -475,11 +495,12 @@ data_sources:
 - [IBM DB2 and Informix](#ibm-db2-and-informix)
 - [MongoDB](#mongodb-1)
 - [MySQL](#mysql-1)
-- [Neo4j](#neo4j-experimental)
+- [Neo4j](#neo4j)
 - [Oracle](#oracle)
 - [PostgreSQL](#postgresql-1)
 - [Presto](#presto)
-- [Salesforce](#salesforce-experimental)
+- [Salesforce](#salesforce)
+- [Socrata Open Data API (SODA)](#socrata-open-data-api-soda)
 - [Snowflake](#snowflake)
 - [SQLite](#sqlite)
 - [SQL Server](#sql-server)
@@ -539,9 +560,7 @@ data_sources:
 
 ### Druid
 
-First, [enable SQL support](http://druid.io/docs/latest/querying/sql.html#configuration) on the broker.
-
-Set:
+Enable [SQL support](http://druid.io/docs/latest/querying/sql.html#configuration) on the broker and set:
 
 ```yml
 data_sources:
@@ -597,7 +616,9 @@ data_sources:
     url: mysql2://user:password@hostname:3306/database
 ```
 
-### Neo4j [experimental]
+### Neo4j
+
+*Experimental*
 
 Add [neo4j-core](https://github.com/neo4jrb/neo4j-core) to your Gemfile and set:
 
@@ -632,7 +653,9 @@ data_sources:
     url: presto://user@hostname:8080/catalog
 ```
 
-### Salesforce [experimental]
+### Salesforce
+
+*Experimental*
 
 Add [restforce](https://github.com/restforce/restforce) to your Gemfile and set:
 
@@ -655,15 +678,52 @@ SALESFORCE_API_VERSION="41.0"
 
 Supports [SOQL](https://developer.salesforce.com/docs/atlas.en-us.soql_sosl.meta/soql_sosl/sforce_api_calls_soql.htm)
 
+### Socrata Open Data API (SODA)
+
+*Experimental*
+
+Set:
+
+```yml
+data_sources:
+  my_source:
+    adapter: soda
+    url: https://soda.demo.socrata.com/resource/4tka-6guv.json
+    app_token: ...
+```
+
+Supports [SoQL](https://dev.socrata.com/docs/functions/)
+
 ### Snowflake
 
-First, install the [ODBC driver](https://docs.snowflake.net/manuals/user-guide/odbc.html). Add [odbc_adapter](https://github.com/localytics/odbc_adapter) to your Gemfile and set:
+First, install ODBC. For Homebrew, use:
+
+```sh
+brew install unixodbc
+```
+
+For Ubuntu, use:
+
+```sh
+sudo apt-get install unixodbc-dev
+```
+
+For Heroku, use the [Apt buildpack](https://github.com/heroku/heroku-buildpack-apt) and create an `Aptfile` with:
+
+```text
+unixodbc-dev
+https://sfc-repo.snowflakecomputing.com/odbc/linux/2.19.16/snowflake-odbc-2.19.16.x86_64.deb
+```
+
+> This installs the driver at `/app/.apt/usr/lib/snowflake/odbc/lib/libSnowflake.so`
+
+Then, download the [Snowflake ODBC driver](https://docs.snowflake.net/manuals/user-guide/odbc-download.html). Add [odbc_adapter](https://github.com/localytics/odbc_adapter) to your Gemfile and set:
 
 ```yml
 data_sources:
   my_source:
     adapter: snowflake
-    dsn: ProductionSnowflake
+    conn_str: Driver=/path/to/libSnowflake.so;uid=user;pwd=password;server=host.snowflakecomputing.com
 ```
 
 ### SQLite
@@ -719,8 +779,8 @@ Blazer supports a basic permissions model.
 
 Have team members who want to learn SQL? Here are a few great, free resources.
 
-- [Khan Academy](https://www.khanacademy.org/computing/computer-programming/sql)
-- [Codecademy](https://www.codecademy.com/learn/learn-sql)
+- [The Data School](https://dataschool.com/learn-sql/)
+- [SQLBolt](https://sqlbolt.com/)
 
 ## Useful Tools
 

data/app/assets/stylesheets/blazer/application.css

@@ -1,6 +1,6 @@
 /*
  *= require ./bootstrap
- *= require ./selectize.default
+ *= require ./selectize
  *= require ./github
  *= require ./daterangepicker
  *= require_self

data/app/controllers/blazer/base_controller.rb

@@ -86,8 +86,22 @@ module Blazer
         [smart_var, error]
       end
 
-      def variable_params
-        params.except(:controller, :action, :id, :host, :query, :dashboard, :query_id, :query_ids, :table_names, :authenticity_token, :utf8, :_method, :commit, :statement, :data_source, :name, :fork_query_id, :blazer, :run_id).permit!
+      # don't pass to url helpers
+      #
+      # some are dangerous when passed as symbols
+      # root_url({host: "evilsite.com"})
+      #
+      # certain ones (like host) only affect *_url and not *_path
+      #
+      # when permitted parameters are passed in Rails 6,
+      # they appear to be added as GET parameters
+      # root_url(params.permit(:host))
+      BLACKLISTED_KEYS = [:controller, :action, :id, :host, :query, :dashboard, :query_id, :query_ids, :table_names, :authenticity_token, :utf8, :_method, :commit, :statement, :data_source, :name, :fork_query_id, :blazer, :run_id, :script_name, :original_script_name]
+
+      # remove blacklisted keys from both params and permitted keys for better sleep
+      def variable_params(resource)
+        permitted_keys = resource.variables - BLACKLISTED_KEYS.map(&:to_s)
+        params.except(*BLACKLISTED_KEYS).permit(*permitted_keys)
       end
       helper_method :variable_params
 

data/app/controllers/blazer/dashboards_controller.rb

@@ -43,7 +43,7 @@ module Blazer
 
     def update
       if update_dashboard(@dashboard)
-        redirect_to dashboard_path(@dashboard, variable_params)
+        redirect_to dashboard_path(@dashboard, variable_params(@dashboard))
       else
         render_errors @dashboard
       end
@@ -62,7 +62,7 @@ module Blazer
         Blazer.transform_statement.call(data_source, statement) if Blazer.transform_statement
         data_source.clear_cache(statement)
       end
-      redirect_to dashboard_path(@dashboard, variable_params)
+      redirect_to dashboard_path(@dashboard, variable_params(@dashboard))
     end
 
     private

data/app/controllers/blazer/queries_controller.rb

@@ -45,7 +45,7 @@ module Blazer
       @query.creator = blazer_user if @query.respond_to?(:creator)
 
       if @query.save
-        redirect_to query_path(@query, variable_params)
+        redirect_to query_path(@query, variable_params(@query))
       else
         render_errors @query
       end
@@ -156,7 +156,7 @@ module Blazer
       process_vars(@statement, @query.data_source)
       Blazer.transform_statement.call(data_source, @statement) if Blazer.transform_statement
       data_source.clear_cache(@statement)
-      redirect_to query_path(@query, variable_params)
+      redirect_to query_path(@query, variable_params(@query))
     end
 
     def update
@@ -168,7 +168,7 @@ module Blazer
         @query.errors.add(:base, "Sorry, permission denied")
       end
       if @query.errors.empty? && @query.update(query_params)
-        redirect_to query_path(@query, variable_params)
+        redirect_to query_path(@query, variable_params(@query))
       else
         render_errors @query
       end
@@ -176,7 +176,7 @@ module Blazer
 
     def destroy
       @query.destroy if @query.editable?(blazer_user)
-      redirect_to root_url
+      redirect_to root_path
     end
 
     def tables
@@ -249,7 +249,9 @@ module Blazer
                 r[lat_index] && r[lon_index]
               end.map do |r|
                 {
-                  title: r.each_with_index.map{ |v, i| i == lat_index || i == lon_index ? nil : "<strong>#{@columns[i]}:</strong> #{v}" }.compact.join("<br />").truncate(140),
+                  # Mapbox.js does sanitization with https://github.com/mapbox/sanitize-caja
+                  # but we should do it here as well
+                  title: r.each_with_index.map { |v, i| i == lat_index || i == lon_index ? nil : "<strong>#{ERB::Util.html_escape(@columns[i])}:</strong> #{ERB::Util.html_escape(v)}" }.compact.join("<br />").truncate(140),
                   latitude: r[lat_index],
                   longitude: r[lon_index]
                 }

data/app/helpers/blazer/base_helper.rb

@@ -14,7 +14,7 @@ module Blazer
     def blazer_format_value(key, value)
       if value.is_a?(Numeric) && !key.to_s.end_with?("id") && !key.to_s.start_with?("id")
         number_with_delimiter(value)
-      elsif value =~ BLAZER_URL_REGEX
+      elsif value.is_a?(String) && value =~ BLAZER_URL_REGEX
         # see if image or link
         if Blazer.images && (key.include?("image") || BLAZER_IMAGE_EXT.include?(value.split(".").last.split("?").first.try(:downcase)))
           link_to value, target: "_blank" do

data/app/mailers/blazer/slack_notifier.rb

@@ -60,6 +60,9 @@ module Blazer
       ActionController::Base.helpers.pluralize(*args)
     end
 
+    # checks shouldn't have variables, but in any case,
+    # avoid passing variable params to url helpers
+    # (known unsafe parameters are removed, but blacklist isn't ideal)
     def self.query_url(id)
       Blazer::Engine.routes.url_helpers.query_url(id, ActionMailer::Base.default_url_options)
     end

data/app/models/blazer/dashboard.rb

@@ -6,6 +6,10 @@ module Blazer
 
     validates :name, presence: true
 
+    def variables
+      queries.flat_map { |q| q.variables }.uniq
+    end
+
     def to_param
       [id, name.gsub("'", "").parameterize].join("-")
     end

data/app/views/blazer/check_mailer/failing_checks.html.erb

@@ -1,5 +1,6 @@
 <ul>
   <% @checks.each do |check| %>
+    <%# check queries shouldn't have variables, but in any case, don't pass them to url helpers %>
     <li><%= link_to check.query.name, query_url(check.query_id) %> <%= check.state %></li>
   <% end %>
 </ul>

data/app/views/blazer/check_mailer/state_change.html.erb

@@ -2,6 +2,7 @@
   <head>
   </head>
   <body style="font-family: 'Helvetica Neue', Arial, Helvetica; font-size: 14px; color: #333;">
+    <%# check queries shouldn't have variables, but in any case, don't pass them to url helpers %>
     <p><%= link_to "View", query_url(@check.query_id) %></p>
     <% if @error %>
       <p><%= @error %></p>

data/app/views/blazer/dashboards/_form.html.erb

@@ -1,4 +1,4 @@
-<%= form_for @dashboard, url: (@dashboard.persisted? ? dashboard_path(@dashboard, variable_params) : dashboards_path(variable_params)), html: {id: "app", class: "small-form"} do |f| %>
+<%= form_for @dashboard, url: (@dashboard.persisted? ? dashboard_path(@dashboard, variable_params(@dashboard)) : dashboards_path(variable_params(@dashboard))), html: {id: "app", class: "small-form"} do |f| %>
   <% if @dashboard.errors.any? %>
     <div class="alert alert-danger"><%= @dashboard.errors.full_messages.first %></div>
   <% end %>

data/app/views/blazer/dashboards/show.html.erb

@@ -10,7 +10,7 @@
         </h3>
       </div>
       <div class="col-sm-3 text-right">
-        <%= link_to "Edit", edit_dashboard_path(@dashboard, variable_params), class: "btn btn-info" %>
+        <%= link_to "Edit", edit_dashboard_path(@dashboard, variable_params(@dashboard)), class: "btn btn-info" %>
       </div>
     </div>
   </div>
@@ -21,7 +21,7 @@
 <% if @data_sources.any? { |ds| ds.cache_mode != "off" } %>
   <p class="text-muted" style="float: right;">
     Some queries may be cached
-    <%= link_to "Refresh", refresh_dashboard_path(@dashboard, variable_params), method: :post %>
+    <%= link_to "Refresh", refresh_dashboard_path(@dashboard, variable_params(@dashboard)), method: :post %>
   </p>
 <% end %>
 
@@ -33,7 +33,7 @@
 
 <% @queries.each_with_index do |query, i| %>
   <div class="chart-container">
-    <h4><%= link_to query.friendly_name, query_path(query, variable_params), target: "_blank" %></h4>
+    <h4><%= link_to query.friendly_name, query_path(query, variable_params(query)), target: "_blank" %></h4>
     <div id="chart-<%= i %>" class="chart">
       <p class="text-muted">Loading...</p>
     </div>

data/app/views/blazer/queries/_form.html.erb

@@ -3,7 +3,7 @@
 <% end %>
 
 <div id="app" v-cloak>
-  <%= form_for @query, url: (@query.persisted? ? query_path(@query, variable_params) : queries_path(variable_params)), html: {autocomplete: "off"} do |f| %>
+  <%= form_for @query, url: (@query.persisted? ? query_path(@query, variable_params(@query)) : queries_path(variable_params(@query))), html: {autocomplete: "off"} do |f| %>
     <div class="row">
       <div id="statement-box" class="col-xs-8">
         <div class= "form-group">
@@ -51,7 +51,7 @@
           <% words << pluralize(dashboards_count, "dashboard") if dashboards_count > 0 %>
           <% words << pluralize(checks_count, "check") if checks_count > 0 %>
           <% if words.any? %>
-            <div class="alert alert-info" style="margin-bottom: 0;">
+            <div class="alert alert-info">
               Part of <%= words.to_sentence %>. Be careful when editing.
             </div>
           <% end %>
@@ -67,7 +67,7 @@
 </div>
 
 <script>
-  <%= blazer_js_var "params", variable_params %>
+  <%= blazer_js_var "params", variable_params(@query) %>
   <%= blazer_js_var "previewStatement", Hash[Blazer.data_sources.map { |k, v| [k, (v.preview_statement rescue "")] }] %>
 
   var app = new Vue({

data/app/views/blazer/queries/home.html.erb

@@ -71,7 +71,7 @@
   }
 
   var prepareQuery = function (str) {
-    return str.toLowerCase().replace(/\W+/g, "")
+    return str.toLowerCase()
   }
 
   var app = new Vue({

data/app/views/blazer/queries/run.html.erb

@@ -12,15 +12,15 @@
       <p class="text-muted" style="float: right;">
         <% if @cached_at %>
           Cached <%= time_ago_in_words(@cached_at, include_seconds: true) %> ago
-        <% elsif !params[:data_source] %>
+        <% elsif params[:query_id] %>
           Cached just now
           <% if @data_source.cache_mode == "slow" %>
             (over <%= "%g" % @data_source.cache_slow_threshold %>s)
           <% end %>
         <% end %>
 
-        <% if @query && !params[:data_source] %>
-          <%= link_to "Refresh", refresh_query_path(@query, variable_params), method: :post %>
+        <% if @query && params[:query_id] %>
+          <%= link_to "Refresh", refresh_query_path(@query, variable_params(@query)), method: :post %>
         <% end %>
       </p>
     <% end %>
@@ -36,7 +36,7 @@
 
       <% if @query && @result.forecastable? && !params[:forecast] %>
         &middot;
-        <%= link_to "Forecast", query_path(@query, {forecast: "t"}.merge(variable_params)) %>
+        <%= link_to "Forecast", query_path(@query, {forecast: "t"}.merge(variable_params(@query))) %>
       <% end %>
     </p>
   <% end %>
@@ -67,7 +67,8 @@
     <% series_library = {} %>
     <% target_index = @columns.index { |k| k.downcase == "target" } %>
     <% if target_index %>
-      <% series_library[target_index - 1] = {pointStyle: "line", hitRadius: 5, borderColor: "#109618", pointBackgroundColor: "#109618", backgroundColor: "#109618"} %>
+      <% color = "#109618" %>
+      <% series_library[target_index - 1] = {pointStyle: "line", hitRadius: 5, borderColor: color, pointBackgroundColor: color, backgroundColor: color, pointHoverBackgroundColor: color} %>
     <% end %>
     <% if @forecast %>
       <% color = "#54a3ee" %>
@@ -79,7 +80,8 @@
         <%= blazer_js_var "mapboxAccessToken", Blazer.mapbox_access_token %>
         <%= blazer_js_var "markers", @markers %>
         L.mapbox.accessToken = mapboxAccessToken;
-        var map = L.mapbox.map('map', 'ankane.ioo8nki0');
+        var map = L.mapbox.map('map')
+          .addLayer(L.mapbox.styleLayer('mapbox://styles/mapbox/streets-v11'));
         var featureLayer = L.mapbox.featureLayer().addTo(map);
         var geojson = [];
         for (var i = 0; i < markers.length; i++) {

data/app/views/blazer/queries/show.html.erb

@@ -10,8 +10,8 @@
         </h3>
       </div>
       <div class="col-sm-3 text-right">
-        <%= link_to "Edit", edit_query_path(@query, variable_params), class: "btn btn-default", disabled: !@query.editable?(blazer_user) %>
-        <%= link_to "Fork", new_query_path(variable_params.merge(fork_query_id: @query.id, data_source: @query.data_source, name: @query.name)), class: "btn btn-info" %>
+        <%= link_to "Edit", edit_query_path(@query, variable_params(@query)), class: "btn btn-default", disabled: !@query.editable?(blazer_user) %>
+        <%= link_to "Fork", new_query_path(variable_params(@query).merge(fork_query_id: @query.id, data_source: @query.data_source, name: @query.name)), class: "btn btn-info" %>
 
         <% if !@error && @success %>
           <%= button_to "Download", run_queries_path(query_id: @query.id, format: "csv", forecast: params[:forecast]), params: {statement: @statement}, class: "btn btn-primary" %>
@@ -56,7 +56,7 @@
       $("#results").addClass("query-error").html(message)
     }
 
-    <%= blazer_js_var "data", variable_params.merge(statement: @statement, query_id: @query.id, data_source: @query.data_source) %>
+    <%= blazer_js_var "data", variable_params(@query).merge(statement: @statement, query_id: @query.id, data_source: @query.data_source) %>
 
     runQuery(data, showRun, showError)
   </script>

data/app/views/layouts/blazer/application.html.erb

@@ -11,8 +11,8 @@
       <%= blazer_js_var "rootPath", root_path %>
     </script>
     <% if blazer_maps? %>
-      <%= stylesheet_link_tag "https://api.mapbox.com/mapbox.js/v3.1.1/mapbox.css", integrity: "sha384-o8tecBIfqi9yU5yYK2Ne/9A9hlOGFV9MBvCpmemvJH1XxqOe6h8Bl4mLxMi6PgjG", crossorigin: "anonymous" %>
-      <%= javascript_include_tag "https://api.mapbox.com/mapbox.js/v3.1.1/mapbox.js", integrity: "sha384-j81LqvtvYigFzGSUgAoFijpvoq4yGoCJSOXI9DFaUEpenR029MBE3E/X5Gr+WdO0", crossorigin: "anonymous" %>
+      <%= stylesheet_link_tag "https://api.mapbox.com/mapbox.js/v3.3.1/mapbox.css", integrity: "sha384-vxzdEt+wZRPNQbhChjmiaFMLWg86IGuq1NGDehJHsD2mphYkxXll/eSs16WWi6Dq", crossorigin: "anonymous" %>
+      <%= javascript_include_tag "https://api.mapbox.com/mapbox.js/v3.3.1/mapbox.js", integrity: "sha384-CTBEiDLiZJ8gkAQ3fYGoeiRp81/ecNiBkGz11jXFALOZ6++rbnqmdo6OImkmr1MO", crossorigin: "anonymous" %>
     <% end %>
     <%= csrf_meta_tags %>
   </head>

data/lib/blazer.rb

@@ -22,6 +22,7 @@ require "blazer/adapters/mongodb_adapter"
 require "blazer/adapters/neo4j_adapter"
 require "blazer/adapters/presto_adapter"
 require "blazer/adapters/salesforce_adapter"
+require "blazer/adapters/soda_adapter"
 require "blazer/adapters/sql_adapter"
 require "blazer/adapters/snowflake_adapter"
 
@@ -118,7 +119,7 @@ module Blazer
   def self.extract_vars(statement)
     # strip commented out lines
     # and regex {1} or {1,2}
-    statement.gsub(/\-\-.+/, "").gsub(/\/\*.+\*\//m, "").scan(/\{\w*?\}/i).map { |v| v[1...-1] }.reject { |v| /\A\d+(\,\d+)?\z/.match(v) || v.empty? }.uniq
+    statement.to_s.gsub(/\-\-.+/, "").gsub(/\/\*.+\*\//m, "").scan(/\{\w*?\}/i).map { |v| v[1...-1] }.reject { |v| /\A\d+(\,\d+)?\z/.match(v) || v.empty? }.uniq
   end
 
   def self.run_checks(schedule: nil)
@@ -223,5 +224,6 @@ Blazer.register_adapter "neo4j", Blazer::Adapters::Neo4jAdapter
 Blazer.register_adapter "presto", Blazer::Adapters::PrestoAdapter
 Blazer.register_adapter "mongodb", Blazer::Adapters::MongodbAdapter
 Blazer.register_adapter "salesforce", Blazer::Adapters::SalesforceAdapter
+Blazer.register_adapter "soda", Blazer::Adapters::SodaAdapter
 Blazer.register_adapter "sql", Blazer::Adapters::SqlAdapter
 Blazer.register_adapter "snowflake", Blazer::Adapters::SnowflakeAdapter

data/lib/blazer/adapters/athena_adapter.rb

@@ -32,7 +32,7 @@ module Blazer
               query_execution_id: query_execution_id
             )
           rescue Aws::Athena::Errors::InvalidRequestException => e
-            if e.message != "Query has not yet finished. Current state: RUNNING"
+            unless e.message.start_with?("Query has not yet finished.")
               raise e
             end
             if Time.now < stop_at
@@ -56,6 +56,7 @@ module Blazer
             utc = ActiveSupport::TimeZone['Etc/UTC']
 
             rows = untyped_rows[1..-1] || []
+            rows = untyped_rows[0..-1] unless column_info.present?
             column_types.each_with_index do |ct, i|
               # TODO more column_types
               case ct

data/lib/blazer/adapters/soda_adapter.rb

@@ -0,0 +1,96 @@
+module Blazer
+  module Adapters
+    class SodaAdapter < BaseAdapter
+      def run_statement(statement, comment)
+        columns = []
+        rows = []
+        error = nil
+
+        # remove comments manually
+        statement = statement.gsub(/--.+/, "")
+        # only supports single line /* */ comments
+        # regex not perfect, but should be good enough
+        statement = statement.gsub(/\/\*.+\*\//, "")
+
+        # remove trailing semicolon
+        statement = statement.sub(/;\s*\z/, "")
+
+        # remove whitespace
+        statement = statement.squish
+
+        uri = URI(settings["url"])
+        uri.query = URI.encode_www_form("$query" => statement)
+
+        req = Net::HTTP::Get.new(uri)
+        req["X-App-Token"] = settings["app_token"] if settings["app_token"]
+
+        options = {
+          use_ssl: uri.scheme == "https",
+          open_timeout: 3,
+          read_timeout: 30
+        }
+
+        begin
+          # use Net::HTTP instead of soda-ruby for types and better error messages
+          res = Net::HTTP.start(uri.hostname, uri.port, options) do |http|
+            http.request(req)
+          end
+
+          if res.is_a?(Net::HTTPSuccess)
+            body = JSON.parse(res.body)
+
+            columns = JSON.parse(res["x-soda2-fields"])
+            column_types = columns.zip(JSON.parse(res["x-soda2-types"])).to_h
+
+            columns.reject! { |f| f.start_with?(":@") }
+            # rows can be missing some keys in JSON, so need to map by column
+            rows = body.map { |r| columns.map { |c| r[c] } }
+
+            columns.each_with_index do |column, i|
+              # nothing to do for boolean
+              case column_types[column]
+              when "number"
+                # check if likely an integer column
+                if rows.all? { |r| r[i].to_i == r[i].to_f }
+                  rows.each do |row|
+                    row[i] = row[i].to_i
+                  end
+                else
+                  rows.each do |row|
+                    row[i] = row[i].to_f
+                  end
+                end
+              when "floating_timestamp"
+                # check if likely a date column
+                if rows.all? { |r| r[i].end_with?("T00:00:00.000") }
+                  rows.each do |row|
+                    row[i] = Date.parse(row[i])
+                  end
+                else
+                  utc = ActiveSupport::TimeZone["Etc/UTC"]
+                  rows.each do |row|
+                    row[i] = utc.parse(row[i])
+                  end
+                end
+              end
+            end
+          else
+            error = JSON.parse(res.body)["message"] rescue "Bad response: #{res.code}"
+          end
+        rescue => e
+          error = e.message
+        end
+
+        [columns, rows, error]
+      end
+
+      def preview_statement
+        "SELECT * LIMIT 10"
+      end
+
+      def tables
+        ["all"]
+      end
+    end
+  end
+end

data/lib/blazer/adapters/sql_adapter.rb

@@ -42,7 +42,7 @@ module Blazer
       def tables
         sql = add_schemas("SELECT table_schema, table_name FROM information_schema.tables")
         result = data_source.run_statement(sql, refresh_cache: true)
-        if postgresql? || redshift?
+        if postgresql? || redshift? || snowflake?
           result.rows.sort_by { |r| [r[0] == default_schema ? "" : r[0], r[1]] }.map do |row|
             table =
               if row[0] == default_schema
@@ -51,6 +51,8 @@ module Blazer
                 "#{row[0]}.#{row[1]}"
               end
 
+            table = table.downcase if snowflake?
+
             {
               table: table,
               value: connection_model.connection.quote_table_name(table)
@@ -148,6 +150,10 @@ module Blazer
         ["SQLServer", "tinytds", "mssql"].include?(adapter_name)
       end
 
+      def snowflake?
+        data_source.adapter == "snowflake"
+      end
+
       def adapter_name
         # prevent bad data source from taking down queries/new
         connection_model.connection.adapter_name rescue nil
@@ -172,6 +178,7 @@ module Blazer
         else
           where = "table_schema NOT IN (?)"
           schemas = ["information_schema"]
+          schemas.map!(&:upcase) if snowflake?
           schemas << "pg_catalog" if postgresql? || redshift?
         end
         connection_model.send(:sanitize_sql_array, ["#{query} WHERE #{where}", schemas])

data/lib/blazer/engine.rb

@@ -3,10 +3,21 @@ module Blazer
     isolate_namespace Blazer
 
     initializer "blazer" do |app|
-      # use a proc instead of a string
-      app.config.assets.precompile << proc { |path| path =~ /\Ablazer\/application\.(js|css)\z/ }
-      app.config.assets.precompile << proc { |path| path =~ /\Ablazer\/.+\.(eot|svg|ttf|woff)\z/ }
-      app.config.assets.precompile << proc { |path| path == "blazer/favicon.png" }
+      if defined?(Sprockets) && Sprockets::VERSION >= "4"
+        app.config.assets.precompile << "blazer/application.js"
+        app.config.assets.precompile << "blazer/application.css"
+        app.config.assets.precompile << "blazer/glyphicons-halflings-regular.eot"
+        app.config.assets.precompile << "blazer/glyphicons-halflings-regular.svg"
+        app.config.assets.precompile << "blazer/glyphicons-halflings-regular.ttf"
+        app.config.assets.precompile << "blazer/glyphicons-halflings-regular.woff"
+        app.config.assets.precompile << "blazer/glyphicons-halflings-regular.woff2"
+        app.config.assets.precompile << "blazer/favicon.png"
+      else
+        # use a proc instead of a string
+        app.config.assets.precompile << proc { |path| path =~ /\Ablazer\/application\.(js|css)\z/ }
+        app.config.assets.precompile << proc { |path| path =~ /\Ablazer\/.+\.(eot|svg|ttf|woff|woff2)\z/ }
+        app.config.assets.precompile << proc { |path| path == "blazer/favicon.png" }
+      end
 
       Blazer.time_zone ||= Blazer.settings["time_zone"] || Time.zone
       Blazer.audit = Blazer.settings.key?("audit") ? Blazer.settings["audit"] : true

data/lib/blazer/result.rb

@@ -85,11 +85,45 @@ module Blazer
       @forecastable ||= Blazer.forecasting && column_types == ["time", "numeric"] && @rows.size >= 10
     end
 
+    # TODO cache it?
+    # don't want to put result data (even hashed version)
+    # into cache without developer opt-in
     def forecast
-      # TODO cache it?
-      # don't want to put result data (even hashed version)
-      # into cache without developer opt-in
-      forecast = Trend.forecast(Hash[@rows], count: 30)
+      count = (@rows.size * 0.25).round.clamp(30, 365)
+
+      case Blazer.forecasting
+      when "prophet"
+        require "prophet"
+
+        df =
+          Daru::DataFrame.new(
+            "ds" => @rows.map { |r| r[0] },
+            "y" => @rows.map { |r| r[1] }
+          )
+
+        # TODO determine frequency
+        freq = "D"
+
+        m = Prophet.new
+        m.fit(df)
+        future = m.make_future_dataframe(periods: count, freq: freq, include_history: false)
+        fcst = m.predict(future)
+        ds = fcst["ds"]
+        if @rows[0][0].is_a?(Date)
+          ds = ds.map { |v| v.to_date }
+        end
+        forecast = ds.zip(fcst["yhat"]).to_h
+      else
+        require "trend"
+
+        forecast = Trend.forecast(Hash[@rows], count: count)
+      end
+
+      # round integers
+      if @rows[0][1].is_a?(Integer)
+        forecast = forecast.map { |k, v| [k, v.round] }.to_h
+      end
+
       @rows.each do |row|
         row[2] = nil
       end

data/lib/blazer/version.rb

@@ -1,3 +1,3 @@
 module Blazer
-  VERSION = "2.2.0"
+  VERSION = "2.2.5"
 end

data/lib/generators/blazer/templates/config.yml.tt

@@ -67,7 +67,7 @@ check_schedules:
 
 # enable forecasting
 # note: with trend, time series are sent to https://trendapi.org
-# forecasting: trend
+# forecasting: trend / prophet
 
 # enable map
 # mapbox_access_token: <%%= ENV["MAPBOX_ACCESS_TOKEN"] %>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: blazer
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 2.2.5
 platform: ruby
 authors:
 - Andrew Kane
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-07-12 00:00:00.000000000 Z
+date: 2020-06-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -140,7 +140,7 @@ files:
 - app/assets/stylesheets/blazer/bootstrap.css.erb
 - app/assets/stylesheets/blazer/daterangepicker.css
 - app/assets/stylesheets/blazer/github.css
-- app/assets/stylesheets/blazer/selectize.default.css
+- app/assets/stylesheets/blazer/selectize.css
 - app/controllers/blazer/base_controller.rb
 - app/controllers/blazer/checks_controller.rb
 - app/controllers/blazer/dashboards_controller.rb
@@ -190,6 +190,7 @@ files:
 - lib/blazer/adapters/presto_adapter.rb
 - lib/blazer/adapters/salesforce_adapter.rb
 - lib/blazer/adapters/snowflake_adapter.rb
+- lib/blazer/adapters/soda_adapter.rb
 - lib/blazer/adapters/sql_adapter.rb
 - lib/blazer/data_source.rb
 - lib/blazer/detect_anomalies.R
@@ -221,7 +222,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.4
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Explore your data with SQL. Easily create charts and dashboards, and share