controller_commands 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9ea58b30f1609f0e4d4c3987c6ba770d58372aa2
+  data.tar.gz: c10c17c3f353192893da6924e791b434aba0e193
+SHA512:
+  metadata.gz: f533e1e86aa704390097e8515720b317d0c1ce014d4fcbce98e4d50223dfb3ad3a1a2a95d1cc3488e0e1ba69ecdfece864447b0735c14786df28cf4ed6817064
+  data.tar.gz: 21d38a657f02518fb84696c6557180bf305a07f553a62095edb94b44329f99dc44fb2541f42cc1fc1abac68c201a5c06616cd0040cf01949e21551994390cca0

data/.ruby-version

@@ -0,0 +1 @@
+2.4.2

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in controller_commands.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,150 @@
+PATH
+  remote: .
+  specs:
+    controller_commands (0.1.0)
+      dry-validation (~> 0.11)
+      hash_key_transformer (~> 0.1)
+      rails (>= 4.2)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (5.1.6)
+      actionpack (= 5.1.6)
+      nio4r (~> 2.0)
+      websocket-driver (~> 0.6.1)
+    actionmailer (5.1.6)
+      actionpack (= 5.1.6)
+      actionview (= 5.1.6)
+      activejob (= 5.1.6)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.1.6)
+      actionview (= 5.1.6)
+      activesupport (= 5.1.6)
+      rack (~> 2.0)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (5.1.6)
+      activesupport (= 5.1.6)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activejob (5.1.6)
+      activesupport (= 5.1.6)
+      globalid (>= 0.3.6)
+    activemodel (5.1.6)
+      activesupport (= 5.1.6)
+    activerecord (5.1.6)
+      activemodel (= 5.1.6)
+      activesupport (= 5.1.6)
+      arel (~> 8.0)
+    activesupport (5.1.6)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    arel (8.0.0)
+    builder (3.2.3)
+    concurrent-ruby (1.0.5)
+    crass (1.0.3)
+    dry-configurable (0.7.0)
+      concurrent-ruby (~> 1.0)
+    dry-container (0.6.0)
+      concurrent-ruby (~> 1.0)
+      dry-configurable (~> 0.1, >= 0.1.3)
+    dry-core (0.4.5)
+      concurrent-ruby (~> 1.0)
+    dry-equalizer (0.2.0)
+    dry-logic (0.4.2)
+      dry-container (~> 0.2, >= 0.2.6)
+      dry-core (~> 0.2)
+      dry-equalizer (~> 0.2)
+    dry-types (0.12.2)
+      concurrent-ruby (~> 1.0)
+      dry-configurable (~> 0.1)
+      dry-container (~> 0.3)
+      dry-core (~> 0.2, >= 0.2.1)
+      dry-equalizer (~> 0.2)
+      dry-logic (~> 0.4, >= 0.4.2)
+      inflecto (~> 0.0.0, >= 0.0.2)
+    dry-validation (0.11.1)
+      concurrent-ruby (~> 1.0)
+      dry-configurable (~> 0.1, >= 0.1.3)
+      dry-core (~> 0.2, >= 0.2.1)
+      dry-equalizer (~> 0.2)
+      dry-logic (~> 0.4, >= 0.4.0)
+      dry-types (~> 0.12.0)
+    erubi (1.7.1)
+    globalid (0.4.1)
+      activesupport (>= 4.2.0)
+    hash_key_transformer (0.1.2)
+    i18n (1.0.0)
+      concurrent-ruby (~> 1.0)
+    inflecto (0.0.2)
+    loofah (2.2.2)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.0)
+      mini_mime (>= 0.1.1)
+    method_source (0.9.0)
+    mini_mime (1.0.0)
+    mini_portile2 (2.3.0)
+    minitest (5.11.3)
+    nio4r (2.3.0)
+    nokogiri (1.8.2)
+      mini_portile2 (~> 2.3.0)
+    rack (2.0.4)
+    rack-test (1.0.0)
+      rack (>= 1.0, < 3)
+    rails (5.1.6)
+      actioncable (= 5.1.6)
+      actionmailer (= 5.1.6)
+      actionpack (= 5.1.6)
+      actionview (= 5.1.6)
+      activejob (= 5.1.6)
+      activemodel (= 5.1.6)
+      activerecord (= 5.1.6)
+      activesupport (= 5.1.6)
+      bundler (>= 1.3.0)
+      railties (= 5.1.6)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
+    railties (5.1.6)
+      actionpack (= 5.1.6)
+      activesupport (= 5.1.6)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (12.3.1)
+    sprockets (3.7.1)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    thor (0.20.0)
+    thread_safe (0.3.6)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    websocket-driver (0.6.5)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.16)
+  controller_commands!
+  rake (~> 12.3)
+
+BUNDLED WITH
+   1.16.1

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "controller_commands"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/controller_commands.gemspec

@@ -0,0 +1,39 @@
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "controller_commands/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "controller_commands"
+  spec.version       = ControllerCommands::VERSION
+  spec.authors       = ["Kevin Rood"]
+  spec.email         = ["kevin.rood@accelecode.com"]
+
+  spec.summary       = %q{A Rails controller concern which makes it easy to encapsulate validation and processing of complex incoming data into command classes.}
+  spec.description   = %q{A Rails controller concern which makes it easy to encapsulate validation and processing of complex incoming data into command classes.}
+  spec.homepage      = "https://github.com/accelecode/controller_commands"
+  spec.license       = "Apache-2.0"
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata["allowed_push_host"] = "https://rubygems.org"
+  else
+    raise "RubyGems 2.0 or newer is required to protect against " \
+      "public gem pushes."
+  end
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency 'bundler', '~> 1.16'
+  spec.add_development_dependency 'rake', '~> 12.3'
+
+  spec.add_runtime_dependency 'dry-validation', '~> 0.11'
+  spec.add_runtime_dependency 'hash_key_transformer', '~> 0.1'
+  spec.add_runtime_dependency 'rails', '>= 4.2'
+end

data/lib/controller_commands.rb

@@ -0,0 +1,5 @@
+require_relative 'controller_commands/version'
+require_relative 'controller_commands/concern'
+require_relative 'controller_commands/command'
+
+module ControllerCommands; end

data/lib/controller_commands/command.rb

@@ -0,0 +1,69 @@
+module ControllerCommands
+  module Command
+
+    module ClassMethods
+      def validation_schema(&block)
+        @validation_schema_provider = block
+      end
+
+      def validate(context, incoming_params)
+        validation_schema =
+          @validation_schema_provider ?
+            @validation_schema_provider.call(context) :
+            Dry::Validation.Schema # provide a default, empty validation schema if none was defined for the command
+        validation_schema.call(incoming_params)
+      end
+
+      def success_message(&block)
+        @success_message_block = block
+      end
+
+      def get_success_message
+        @success_message_block&.call
+      end
+
+      def handle_command(&block)
+        @perform_block = block
+      end
+
+      def perform(context, validated_params)
+        @perform_block.call(context, validated_params)
+      end
+    end
+
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    def initialize(incoming_params, context)
+      @incoming_params = incoming_params
+      @context = context
+    end
+
+    def validated?
+      !!@result
+    end
+
+    def errors
+      @result.messages
+    end
+
+    def validated_params
+      @result.output
+    end
+
+    def validate_params
+      @result = self.class.validate(@context, @incoming_params)
+      @result.messages.count == 0
+    end
+
+    def success_message
+      self.class.get_success_message
+    end
+
+    def perform
+      self.class.perform(@context, validated_params)
+    end
+
+  end
+end

data/lib/controller_commands/concern.rb

@@ -0,0 +1,56 @@
+require 'active_support/concern'
+require 'action_controller/metal/exceptions'
+require 'dry/validation'
+require 'hash_key_transformer'
+require 'json'
+
+module ControllerCommands
+  module Concern
+    extend ActiveSupport::Concern
+
+    def handle_command(options = {})
+      command_params = parse_params(options.fetch(:incoming_key_transformer, :transform_camel_to_underscore))
+      context = options.fetch(:context, {})
+      command = construct_command(command_params, context, options[:command_klass])
+
+      # Validate & potentially execute the command
+      is_command_valid = command.validate_params
+      result =
+        if is_command_valid
+          flash[:notice] = command.success_message
+          {data: command.perform}
+        else
+          {errors: command.errors}
+        end
+
+      # Render the results
+      validation_failed_status_code = options.fetch(:validation_failed_status_code, :ok)
+      status_code = (is_command_valid ? :ok : validation_failed_status_code)
+      render status: status_code, json: HashKeyTransformer.transform_underscore_to_camel(result)
+    end
+
+    def parse_params(key_transformer_strategy)
+      # We need to be cautious accepting array fields as input. Refer to CVE-2013-0155 for more details about the danger
+      # of malicious users crafting JSON using an array for a where clause field:
+      #
+      #   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155
+      #
+      # The default JSON parsing in Rails replaces empty arrays with nil as a part of their solution to the CVE above.
+      # This is the reason we are manually parsing the JSON request body. Consistent use of dry-validation schema types
+      # should protect us from this CVE and also provide the same protection as Rails strong parameters.
+      parsed_params = JSON.parse(request.body.read)
+      HashKeyTransformer.send(key_transformer_strategy, parsed_params)
+    end
+
+    def construct_command(incoming_params, context, command_klass = nil)
+      unless command_klass
+        # this should be fine given that the permissible action names are controlled by routing definitions
+        command_klass_name = params.fetch(:action).camelize
+        command_klass =
+          "#{self.class.name}::#{command_klass_name}".safe_constantize or
+          raise ActionController::RoutingError.new('Invalid Command')
+      end
+      command_klass.new(incoming_params, context)
+    end
+  end
+end

data/lib/controller_commands/version.rb

@@ -0,0 +1,3 @@
+module ControllerCommands
+  VERSION = "0.1.0"
+end

metadata

@@ -0,0 +1,128 @@
+--- !ruby/object:Gem::Specification
+name: controller_commands
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Kevin Rood
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-04-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+- !ruby/object:Gem::Dependency
+  name: dry-validation
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.11'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.11'
+- !ruby/object:Gem::Dependency
+  name: hash_key_transformer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.2'
+description: A Rails controller concern which makes it easy to encapsulate validation
+  and processing of complex incoming data into command classes.
+email:
+- kevin.rood@accelecode.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".ruby-version"
+- Gemfile
+- Gemfile.lock
+- Rakefile
+- bin/console
+- bin/setup
+- controller_commands.gemspec
+- lib/controller_commands.rb
+- lib/controller_commands/command.rb
+- lib/controller_commands/concern.rb
+- lib/controller_commands/version.rb
+homepage: https://github.com/accelecode/controller_commands
+licenses:
+- Apache-2.0
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.13
+signing_key: 
+specification_version: 4
+summary: A Rails controller concern which makes it easy to encapsulate validation
+  and processing of complex incoming data into command classes.
+test_files: []