command_tower 0.3.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: cf20c74b952fc6ca7dc2c7a67212ce9e5e8eb96a93bcb6173bd40564d28ceecc
+  data.tar.gz: 1e6d03692209feecdad59b05f8296792ab5ccc0b62f301dc80bc5d88afe4a091
+SHA512:
+  metadata.gz: a6aeb3aa6c47f3b253b26bc0778c8862e80b78601bd495acea69709a4b0f39f830d3b236c1ed3385b0ad8457598dde34203a200ff809aa86e839c02706c10abd
+  data.tar.gz: a3d9687e594904270b83b2c033cb1c83abe38c9ebceeef3b4c8c3b482e95b86b5423cb05f5d6598aa3659f1cca7d3996514a39d9fdbe4b67f975e2910f996b60

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,59 @@
+# CommandTower
+This is an API only base engine to build on top of. This Engine takes care of all Authentication, Token Refresh, and RBAC Roles so that you do not have to! For all applications, you can get right to work on implementing the code directly related to your project rather than dealing with the administrative overhead.
+
+While this gem is heavily opinionated, everything can be configured to your liking.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem "command_tower"
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install command_tower
+```
+
+## Initializing CommandTower
+Please follow all steps in [Initializing CommandTower](docs/initializing.md)
+
+
+## Available Routes
+
+For more info, check out [Controllers ReadMe](docs/controllers.md)
+
+Additionally, You can check out [RSpec Integration Testing](/spec/integration_test)
+
+## Available Models
+
+CommandTower provides several Models at the in the root namespace. Core Models like `User` and `UserSecret` are readily available. Don't forget! You can add additional methods to these classes by opening them back up.
+
+For more info, check out [Models ReadMe](doc/models.md)
+
+## Authentication (JWT BearerToken)
+Authentication ensures that we know which user is requesting the action. When the Engine is unable to authenticate, a `401` status code is returned.
+
+For more info, check out [Authentication ReadMe](docs/authentication.md)
+
+## Authorization (RBAC)
+Authorization is only done after authentication. This is the act of ensuring that the user can perform the action it is requesting. Put differently, I know who you are, but I need to validate you have permissions to complete the action. When the engine is unable to authorize the user, a `403` status code is returned.
+
+For more info, check out [Authentication ReadMe](docs/authorization.md)
+
+## Sensitive Changes
+
+For more info, check out [Sensitive Routes](docs/sensitive_routes.md)
+
+## ServiceBase
+ServiceBase is built on top of Interactor. The ServiceBase is the heart of all logic for CommandTower. It includes Logging and enhanced ArgumentValidation that can directly return back to the API request.
+
+For more info, check out [ServiceBase ReadMe](app/services/command_tower/README.md)
+
+## License
+The engine is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,32 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'CommandTower'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("rails_app/Rakefile", __dir__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/app/controllers/command_tower/admin_controller.rb

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+module CommandTower
+  class AdminController < ::CommandTower::ApplicationController
+    include CommandTower::SchemaHelper
+
+    before_action :authenticate_user!
+    before_action :authorize_user!
+    before_action :user!, only: [:modify, :modify_role]
+
+    # Pagination is needed here
+    def show
+      schemafied_users = User.all.map { CommandTower::Schema::User.convert_user_object(user: _1) }
+      schema = CommandTower::Schema::Admin::Users.new(users: schemafied_users)
+      schema_succesful!(status: 200, schema:)
+    end
+
+    def modify
+      result = CommandTower::UserAttributes::Modify.(user:, admin_user:, **modify_params)
+      if result.success?
+        schema = CommandTower::Schema::User.convert_user_object(user: user.reload)
+        status = 201
+        schema_succesful!(status:, schema:)
+      else
+        if result.invalid_arguments
+          invalid_arguments!(
+            status: 400,
+            message: result.msg,
+            argument_object: result.invalid_argument_hash,
+            schema: CommandTower::Schema::PlainText::LoginRequest
+          )
+        else
+          server_error!(result:)
+        end
+      end
+    end
+
+    def modify_role
+      result = CommandTower::UserAttributes::Roles.(user:, admin_user:, roles: params[:roles] || [])
+      if result.success?
+        schema = CommandTower::Schema::User.convert_user_object(user: user.reload)
+        status = 201
+        schema_succesful!(status:, schema:)
+      else
+        if result.invalid_arguments
+          invalid_arguments!(
+            status: 400,
+            message: result.msg,
+            argument_object: result.invalid_argument_hash,
+            schema: CommandTower::Schema::PlainText::LoginRequest
+          )
+        else
+          server_error!(result:)
+        end
+      end
+    end
+
+    def impersonate
+      # TODO: @matt-taylor
+    end
+
+    private
+
+    def server_error!(result:)
+      status = 500
+      schema = CommandTower::Schema::Error::Base.new(status:, message: result.msg)
+      render(json: schema.to_h, status:)
+    end
+
+    def modify_params
+      {
+        email: params[:email],
+        email_validated: safe_boolean(value: params[:email_validated]),
+        first_name: params[:first_name],
+        last_name: params[:last_name],
+        username: params[:username],
+        verifier_token: safe_boolean(value: params[:verifier_token]),
+      }.compact
+    end
+
+    def admin_user
+      # current_user is defined via authenticate_user! before action
+      current_user
+    end
+
+    def user!
+      _user = User.where(id: params[:user_id]).first
+      if _user
+        @user = _user
+        return true
+      end
+
+      status = 400
+      schema = CommandTower::Schema::Error::Base.new(status:, message: "Invalid user")
+      render(json: schema.to_h, status:)
+      # Must return false so callbacks know to halt propagation
+      false
+    end
+
+    def user
+      @user ||= nil
+    end
+  end
+end

data/app/controllers/command_tower/application_controller.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+module CommandTower
+  class ApplicationController < ActionController::API
+    AUTHENTICATION_HEADER = "Authentication"
+    AUTHENTICATION_EXPIRE_HEADER = "X-Authentication-Expire"
+    AUTHENTICATION_WITH_RESET = "X-Authentication-Reset"
+
+    def safe_boolean(value:)
+      return nil unless [true, false, "true", "false", "0", "1", 0, 1].include?(value)
+
+      ActiveModel::Type::Boolean.new.cast(value)
+    end
+
+    ###
+    # Authenticate user via the passed in header
+    # AUTHENTICATION_HEADER="Bearer: {token value}"
+    def authenticate_user!(bypass_email_validation: false)
+      raw_token = request.headers[AUTHENTICATION_HEADER]
+      if raw_token.nil?
+        status = 401
+        schema = CommandTower::Schema::Error::Base.new(status:, message: "Bearer token missing")
+        render(json: schema.to_h, status:)
+        return false
+      end
+
+      token = raw_token.split("Bearer:")[1].strip
+      with_reset = safe_boolean(value: request.headers[AUTHENTICATION_WITH_RESET])
+      result = CommandTower::Jwt::AuthenticateUser.(token:, bypass_email_validation:, with_reset:)
+      if result.success?
+        @current_user = result.user
+        response.set_header(AUTHENTICATION_EXPIRE_HEADER, result.expires_at)
+        if with_reset
+          response.set_header(AUTHENTICATION_WITH_RESET, result.generated_token)
+        end
+        true
+      else
+        status = 401
+        schema = CommandTower::Schema::Error::Base.new(status:, message: result.msg)
+        render(json: schema.to_h, status:)
+        # Must return false so callbacks know to halt propagation
+        false
+      end
+    end
+
+    ###
+    # Authenticate user via the passed in header without validating email
+    def authenticate_user_without_email_verification!
+      authenticate_user!(bypass_email_validation: true)
+    end
+
+    ###
+    # After Authenticating user, see if the user needs authorization on the route
+    def authorize_user!
+      if current_user.nil?
+        Rails.logger.error { "Current User is not defined. This means that authenticate_user! was not called" }
+        status = 401
+        schema = CommandTower::Schema::Error::Base.new(status:, message: "Bearer token missing")
+        render(json: schema.to_h, status:)
+        return false
+      end
+      result = CommandTower::Authorize::Validate.(user: current_user, controller: self.class, method: params[:action])
+
+      if result.success?
+        @current_user = result.user
+        true
+      else
+        # Current user is not authorized for the current Controller#action
+        status = 403
+        schema = CommandTower::Schema::Error::Base.new(status:, message: result.msg)
+        render(json: schema.to_h, status:)
+        # Must return false so callbacks know to halt propagation
+        false
+      end
+    end
+
+    def current_user
+      @current_user ||= nil
+    end
+  end
+end

data/app/controllers/command_tower/auth/plain_text_controller.rb

@@ -0,0 +1,132 @@
+module CommandTower
+  module Auth
+    class PlainTextController < ::CommandTower::ApplicationController
+      include CommandTower::SchemaHelper
+
+      before_action :authenticate_user_without_email_verification!, only: [:email_verify_post, :email_verify_resend_post]
+
+      # POST /auth/login
+      # Login to the application and create/set the JWT token
+      def login_post
+        result = CommandTower::LoginStrategy::PlainText::Login.(**login_params)
+        if result.success?
+          schema = CommandTower::Schema::PlainText::LoginResponse.new(
+            token: result.token,
+            header_name: AUTHENTICATION_HEADER,
+            message: "Successfully logged user in"
+          )
+          status = 201
+          schema_succesful!(status:, schema:)
+        else
+          if result.invalid_arguments
+            invalid_arguments!(
+              status: 401,
+              message: result.msg,
+              argument_object: result.invalid_argument_hash,
+              schema: CommandTower::Schema::PlainText::LoginRequest
+            )
+          else
+            json_result = { msg: result.msg }
+            status = 400
+            render(json: schema.to_h, status:)
+          end
+        end
+      end
+
+      # POST /auth/create
+      # New PlainText user creation
+      def create_post
+        result = CommandTower::LoginStrategy::PlainText::Create.(**create_params)
+        if result.success?
+          schema = CommandTower::Schema::PlainText::CreateUserResponse.new(
+            full_name: result.user.full_name,
+            first_name: result.first_name,
+            last_name: result.last_name,
+            username: result.username,
+            email: result.email,
+            msg: "Successfully created new User",
+          )
+          status = 201
+          schema_succesful!(status:, schema:)
+        else
+          if result.invalid_arguments
+            invalid_arguments!(
+              status: 400,
+              message: result.msg,
+              argument_object: result.invalid_argument_hash,
+              schema: CommandTower::Schema::PlainText::CreateUserRequest
+            )
+          end
+        end
+      end
+
+      # POST /auth/email/verify
+      # Verifies a logged in users email verification code when enabled
+      def email_verify_post
+        if current_user.email_validated
+          schema = CommandTower::Schema::PlainText::EmailVerifyResponse.new(message: "Email is already verified.")
+          status = 200
+          schema_succesful!(status:, schema:)
+        else
+          result = CommandTower::LoginStrategy::PlainText::EmailVerification::Verify.(user: current_user, code: params[:code])
+          if result.success?
+            schema = CommandTower::Schema::PlainText::EmailVerifyResponse.new(message: "Successfully verified email")
+            status = 201
+            schema_succesful!(status:, schema:)
+          else
+            if result.invalid_arguments
+              invalid_arguments!(
+                status: result.status || 403,
+                message: result.msg,
+                argument_object: result.invalid_argument_hash,
+                schema: CommandTower::Schema::PlainText::EmailVerifyRequest
+              )
+            end
+          end
+        end
+      end
+
+      # POST /auth/email/send
+      # Sends a logged in users email verification code
+      def email_verify_resend_post
+        if current_user.email_validated
+          schema = CommandTower::Schema::PlainText::EmailVerifyResponse.new(message: "Email is already verified. No code required")
+          status = 200
+          schema_succesful!(status:, schema:)
+        else
+          result = CommandTower::LoginStrategy::PlainText::EmailVerification::Send.(user: current_user)
+          if result.success?
+            schema = CommandTower::Schema::PlainText::EmailVerifyResponse.new(message: "Successfully sent Email verification code")
+            status = 201
+            schema_succesful!(status:, schema:)
+          else
+            schema = CommandTower::Schema::Error::Base.new(status:, message: result.msg)
+            status = result.status || 401
+            render(json: schema.to_h, status:)
+          end
+        end
+      end
+
+      private
+
+      def login_params
+        {
+          username: params[:username],
+          email: params[:email],
+          password: params[:password],
+        }
+      end
+
+      def create_params
+        {
+          first_name: params[:first_name],
+          last_name: params[:last_name],
+          username: params[:username],
+          email: params[:email],
+          password: params[:password],
+          password_confirmation: params[:password_confirmation],
+        }
+      end
+    end
+  end
+end

data/app/controllers/command_tower/inbox/message_blast_controller.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+module CommandTower
+  module Inbox
+    class MessageBlastController < ::CommandTower::ApplicationController
+      include CommandTower::SchemaHelper
+
+      before_action :authenticate_user!
+      before_action :authorize_user!
+
+      # GET /inbox/blast
+      def metadata
+        result = CommandTower::InboxService::Blast::Metadata.(id: params[:id].to_i)
+        schema_succesful!(status: 200, schema: result.metadata)
+      end
+
+      # GET /inbox/blast/:id
+      def blast
+        result = CommandTower::InboxService::Blast::Retrieve.(id: params[:id].to_i)
+        if result.success?
+          schema = result.message_blast
+          status = 200
+          schema_succesful!(status:, schema:)
+        else
+          invalid_arguments!(
+            status: 400,
+            message: result.msg,
+            argument_object: result.invalid_argument_hash,
+            schema: CommandTower::Schema::PlainText::LoginRequest,
+          )
+        end
+      end
+
+      # POST /inbox/blast
+      def create
+        upsert
+      end
+
+      # PATCH /inbox/blast/:id
+      def modify
+        upsert(id: params[:id].to_i)
+      end
+
+      # DELETE /inbox/blast/:id
+      def delete
+        result = CommandTower::InboxService::Blast::Delete.(id: params[:id].to_i)
+        if result.success?
+          schema = result.message
+          status = 200
+          render :json, { id: params[:id], msg: "Message Blast message deleted" }
+        else
+          invalid_arguments!(
+            status: 400,
+            message: result.msg,
+            argument_object: result.invalid_argument_hash,
+            schema: CommandTower::Schema::PlainText::LoginRequest,
+          )
+        end
+      end
+
+      private
+
+      def upsert(id: nil)
+        upsert_params = {
+          user: current_user,
+          existing_users: safe_boolean(value: params[:existing_users]),
+          new_users: safe_boolean(value: params[:new_users]),
+          text: params[:text],
+          title: params[:title],
+          id:,
+        }.compact
+        result = CommandTower::InboxService::Blast::Upsert.(**upsert_params)
+
+        if result.success?
+          schema = result.blast
+          status = 200
+          schema_succesful!(status:, schema:)
+        else
+          invalid_arguments!(
+            status: 400,
+            message: result.msg,
+            argument_object: result.invalid_argument_hash,
+            schema: CommandTower::Schema::Inbox::BlastRequest
+          )
+        end
+      end
+    end
+  end
+end

data/app/controllers/command_tower/inbox/message_controller.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+module CommandTower
+  module Inbox
+    class MessageController < ::CommandTower::ApplicationController
+      include CommandTower::SchemaHelper
+
+      before_action :authenticate_user!
+
+      # GET: /inbox/messages
+      def metadata
+        result = CommandTower::InboxService::Message::Metadata.(user: current_user)
+        if result.success?
+          schema = result.metadata
+          status = 200
+          schema_succesful!(status:, schema:)
+        else
+          invalid_arguments!(
+            status: 400,
+            message: result.msg,
+            argument_object: result.invalid_argument_hash,
+            schema: CommandTower::Schema::PlainText::LoginRequest
+          )
+        end
+      end
+
+      # GET: /inbox/messages/:id
+      def message
+        result = CommandTower::InboxService::Message::Retrieve.(user: current_user, id: params[:id].to_i)
+        if result.success?
+          schema = result.message
+          status = 200
+          schema_succesful!(status:, schema:)
+        else
+          invalid_arguments!(
+            status: 400,
+            message: result.msg,
+            argument_object: result.invalid_argument_hash,
+            schema: CommandTower::Schema::PlainText::LoginRequest
+          )
+        end
+      end
+
+      # POST: /inbox/messages/ack
+      # Body { ids: [<list of ids to ack>] }
+      def ack
+        modify(type: CommandTower::InboxService::Message::Modify::VIEWED)
+      end
+
+      # POST: /inbox/messages/delete
+      # Body { ids: [<list of ids to delete>] }
+      def delete
+        modify(type: CommandTower::InboxService::Message::Modify::DELETE)
+      end
+
+      private
+
+      def modify(type:)
+        result = CommandTower::InboxService::Message::Modify.(
+          user: current_user,
+          ids: params[:ids],
+          type:,
+        )
+        if result.success?
+          schema = result.modified
+          status = 200
+          schema_succesful!(status:, schema:)
+        else
+          invalid_arguments!(
+            status: 400,
+            message: result.msg,
+            argument_object: result.invalid_argument_hash,
+            schema: CommandTower::Schema::PlainText::LoginRequest
+          )
+        end
+      end
+    end
+  end
+end

data/app/controllers/command_tower/user_controller.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module CommandTower
+  class UserController < ::CommandTower::ApplicationController
+    include CommandTower::SchemaHelper
+
+    before_action :authenticate_user!
+
+    def show
+      schema = CommandTower::Schema::User.convert_user_object(user: current_user)
+      schema_succesful!(status: 200, schema:)
+    end
+
+    def modify
+      result = CommandTower::UserAttributes::Modify.(user: current_user, **modify_params)
+      if result.success?
+        schema = CommandTower::Schema::User.convert_user_object(user: current_user.reload)
+        status = 201
+        schema_succesful!(status:, schema:)
+      else
+        if result.invalid_arguments
+          invalid_arguments!(
+            status: 400,
+            message: result.msg,
+            argument_object: result.invalid_argument_hash,
+            schema: CommandTower::Schema::PlainText::LoginRequest
+          )
+        else
+          status = 500
+          schema = CommandTower::Schema::Error::Base.new(status:, message: result.msg)
+          render(json: schema.to_h, status:)
+        end
+      end
+    end
+
+    private
+
+    def modify_params
+      {
+        email: params[:email],
+        email_validated: safe_boolean(value: params[:email_validated]),
+        first_name: params[:first_name],
+        last_name: params[:last_name],
+        username: params[:username],
+        verifier_token: safe_boolean(value: params[:verifier_token]),
+      }.compact
+    end
+  end
+end

data/app/controllers/command_tower/username_controller.rb

@@ -0,0 +1,26 @@
+module CommandTower
+  class UsernameController < ::CommandTower::ApplicationController
+
+    # GET /username/available/:username
+    def username_availability
+      result = CommandTower::Username::Available.(username: params[:username])
+
+      if result.success?
+        json_result = {
+          username: {
+            available: result.available,
+            valid: result.valid,
+            description: CommandTower.config.username.username_failure_message
+          }
+        }
+        status = 200
+      else
+        json_result = { msg: result.msg }
+        json_result[:invalid_arguments] = true if result.invalid_arguments
+        status = 401
+      end
+
+      render json: json_result, status: status
+    end
+  end
+end

data/app/helpers/command_tower/application_helper.rb

@@ -0,0 +1,4 @@
+module CommandTower
+  module ApplicationHelper
+  end
+end