crazy_train 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 9196c897891374e79b470c92f2e1d720eeebccc1e7997d05abe0a17ab0dbed59
+  data.tar.gz: 46a49259c0d4b009bfcc86dce18829e92b1f9d8604b346db614e29a50e897a9b
+SHA512:
+  metadata.gz: 91831f51fc7e5b99e7ab4c498111d5c1a9718c34fe8b0a43a46ead63e2d24bcbaa476ed306643d1c2d4173479e7175b3ce1b9918779abded83c5101d42af8afc
+  data.tar.gz: 9b304548763006edf74d56ff0351926c6d24a492b69cc9340632d512fd887193365a3e61242c393b856224e9cff84103405dac27a973aa039fe6bffcda20a06a

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright komagata
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,205 @@
+![CrazyTrain Logo](./crazy_train.png)
+
+*I'm going off the rails on a crazy train.*
+
+# CrazyTrain
+
+ *This gem is still unstable.*
+
+Provides a RESTful API for database tables into your rails apps.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem "crazy_train"
+```
+
+And then execute:
+
+```console
+$ bundle install
+```
+
+Execute the below to generate a configuration file. 
+
+```console
+$ rails generate crazy_train:install
+```
+
+```ruby
+# config/initializers/crazy_train.rb:
+CrazyTrain.setup do |config|
+  config.secret = 'xxxxxxxxxxxxxxxx'
+  config.unauthorized_role = 'anonymous'
+  config.authorized_role = 'authenticated'
+end
+```
+
+Then add a line to routes.rb to mount the API.
+
+```ruby
+# routes.rb:
+Rails.application.routes.draw do
+  mount CrazyTrain::Engine, at: '/api'
+end
+```
+
+## Usage
+
+crazy_train uses RLS for access control.
+
+If accessed without authentication, it is accessed with `anonymous` ROLE.
+If accessed with authentication, it is accessed with `authenticated` ROLE.
+
+Set the authorization and RLS POLICY so that posts can `SELECT` even when unauthorized.
+
+(Assume that you have a `posts` table in an existing rails project.)
+
+```sql
+GRANT SELECT ON posts TO anonymous;
+ALTER TABLE posts ENABLE ROW LEVEL SECURITY;
+CREATE POLICY posts_policy ON posts TO anonymous USING (TRUE);
+```
+
+Then you can use the REST API as follows.
+
+```console
+$ curl http://localhost:3000/api/posts
+[
+  {
+    "id": 1,
+    "content": "crazy"
+  },
+  {
+    "id": 2,
+    "content": "train"
+  }
+]
+```
+
+You can use the API in the same way if you also set up permissions and POLICY settings for other tables and other ROLEs.
+
+Access to the DB in rails is done by `default` ROLE, so it is not affected.
+
+For complex items, create a Web API manually as usual, and use this for items that require a simple CRUD.
+
+## Authentication
+
+crazy_train provides a mechanism for authentication in JWT.
+
+You can generate a token using the `crazy_train:generate_token` task.
+(secret uses the value of `CrazyTrain.config.secret`)
+
+```console
+$ rails crazy_train:generate_token
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+```
+
+The token allows you to access the API in an authenticated state.
+
+```console
+$ curl curl http://localhost:3000/api/posts/1234 \
+  -H "Authorization: Bearer aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+{
+  "id": 1234,
+  "content": "crazy"
+}
+```
+
+### JWT-Based User Impersonation
+
+What if I want to create another ROLE (e.g. `admin` ROLE) for authentication?
+
+In crazy_train, if there is a `role` item in the JWT payload, it will be used as the ROLE name.
+
+To create a token to authenticate with admin ROLE, do the following
+
+```console
+$ rails crazy_train:generate_token PAYLOAD='{"role": "admin"}'
+bbbbbbbbbbbbbbbbbbbbbbbbbbb
+```
+
+When the API is accessed using this token, the DB is accessed as an `admin` ROLE.
+
+```console
+$ curl curl http://localhost:3000/api/posts/1234 \
+  -H "Authorization: Bearer bbbbbbbbbbbbbbbbbbbbbbbbbbb
+{
+  "id": 1234,
+  "content": "crazy"
+}
+```
+
+### Individual user identification
+
+What if I need to identify individual users to create a POLICY, such as "I can only view the `posts` I have posted"?
+
+In crazy_train, the JWT payload can be retrieved via a user-defined configuration parameter in postgresql.
+
+If you want to use the following as a PAYLOAD,
+
+```json
+{ "user_id": 1234 }
+```
+
+In the DB, you can use `current_setting` to get it from `request.jwt.claims`.
+
+```sql
+SELECT current_setting('request.jwt.claims', true)::json->>'user_id';
+# => 1234
+```
+
+The POLICY "Only your `posts`` can be viewed" can be written as follows.
+
+```sql
+CREATE POLICY posts_policy ON posts
+  USING (user_id = current_setting('request.jwt.claims', true)::json->>'user_id');
+```
+
+## API
+
+Allows CRUD to be performed on tables that exist in the DB.
+
+| HTTP Verb | URL | Description |
+| --------- | --- | ----------- |
+| GET | `/api/posts` | List |
+| GET | `/api/posts/1234` | Read |
+| POST | `/api/posts` | Create |
+| PUT | `/api/posts/1234` | Update |
+| Delete | `/api/posts/1234` | Delete |
+
+```sh
+$ curl localhost:3000/api/posts
+[{"id":1,"body":"text 1"},{"id":2,"body":"text 2"},{"id":3,"body":"text 3"}]
+```
+
+```sh
+$ curl localhost:3000/api/posts/1
+{"id":1,"body":"text 1"}
+```
+
+### Ordering
+
+Sorting can be performed using the `order` parameter. Column names and sort order are separated by `. `, and multiple rules are separated by `,`.
+
+```console
+$ curl http://localhost:3000/api/posts?order=content.asc,id.desc
+[
+  {
+    "id": 2,
+    "content": "train"
+  },
+  {
+    "id": 1,
+    "content": "crazy"
+  }
+]
+```
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+require 'bundler/setup'
+
+APP_RAKEFILE = File.expand_path('test/dummy/Rakefile', __dir__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'

data/app/assets/config/crazy_train_manifest.js

@@ -0,0 +1 @@
+//= link_directory ../stylesheets/crazy_train .css

data/app/assets/stylesheets/crazy_train/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/crazy_train/application_controller.rb

@@ -0,0 +1,47 @@
+require 'jwt'
+
+module CrazyTrain
+  class ApplicationController < ActionController::Base
+    handle_api_errors
+
+    before_action :verify_token
+    before_action :setup_role
+    after_action :teardown_role
+
+    def verify_token
+      @default_role = CrazyTrain.current_role
+      @role = if jwt_token && jwt_payload
+                jwt_payload['role'] || CrazyTrain.config.authenticated_role
+              else
+                CrazyTrain.config.unauthorized_role
+              end
+
+      payload_string = JSON.generate(jwt_payload)
+      CrazyTrain.setup_jwt_claims!(payload_string)
+    end
+
+    def setup_role
+      switch_role(@role)
+    end
+
+    def teardown_role
+      switch_role(@default_role)
+    end
+
+    def switch_role(role)
+      ActiveRecord::Base.connection.execute("SET ROLE #{role};")
+    end
+
+    def jwt_token
+      request.headers['Authorization'].split.last
+    rescue StandardError
+      nil
+    end
+
+    def jwt_payload
+      CrazyTrain::JWT.decode(jwt_token, CrazyTrain.config.secret).first
+    rescue StandardError
+      nil
+    end
+  end
+end

data/app/controllers/crazy_train/resources_controller.rb

@@ -0,0 +1,47 @@
+module CrazyTrain
+  class ResourcesController < ApplicationController
+    def index
+      query_builder = CrazyTrain::QueryBuilder.new(klass, params)
+      query_builder.parse!
+
+      records = query_builder.query
+      render json: records
+    end
+
+    def show
+      resource = klass.find(params[:id])
+      render json: resource
+    end
+
+    def create
+      klass.create!(resource_params.to_h)
+
+      head :created
+    end
+
+    def update
+      resource = klass.find(params[:id])
+      resource.update!(resource_params.to_h)
+
+      head :no_content
+    end
+
+    def destroy
+      resource = klass.find(params[:id])
+      resource.destroy!
+
+      head :no_content
+    end
+
+    private
+
+    def klass
+      name = params[:resource].singularize
+      CrazyTrain::Table.klass(name)
+    end
+
+    def resource_params
+      params.permit(*klass.column_names)
+    end
+  end
+end

data/app/controllers/crazy_train/tables_controller.rb

@@ -0,0 +1,7 @@
+module CrazyTrain
+  class TablesController < ApplicationController
+    def index
+      render json: CrazyTrain::Table.names
+    end
+  end
+end

data/app/helpers/crazy_train/application_helper.rb

@@ -0,0 +1,4 @@
+module CrazyTrain
+  module ApplicationHelper
+  end
+end

data/app/jobs/crazy_train/application_job.rb

@@ -0,0 +1,4 @@
+module CrazyTrain
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/crazy_train/application_mailer.rb

@@ -0,0 +1,6 @@
+module CrazyTrain
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/models/crazy_train/application_record.rb

@@ -0,0 +1,5 @@
+module CrazyTrain
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/crazy_train/order_parser.rb

@@ -0,0 +1,18 @@
+module CrazyTrain
+  class OrderParser
+    attr_reader :orders
+
+    def initialize(order_text)
+      @order_text = order_text
+      @orders = {}
+    end
+
+    def parse!
+      @order_text.split(',').map do |text|
+        name, direction = text.split('.')
+        direction ||= 'asc'
+        @orders[name] = direction
+      end
+    end
+  end
+end

data/app/models/crazy_train/query_builder.rb

@@ -0,0 +1,26 @@
+module CrazyTrain
+  class QueryBuilder
+    attr_reader :klass, :params, :query, :orders
+
+    def initialize(klass, params)
+      @klass = klass
+      @params = params
+      @query = nil
+      @orders = []
+    end
+
+    def parse!
+      @query = klass.all
+
+      return unless params[:order]
+
+      @order_parser = CrazyTrain::OrderParser.new(params[:order])
+      @order_parser.parse!
+      @orders = @order_parser.orders
+      @query = @query.order(@orders)
+
+      # if params[:select]
+      # end
+    end
+  end
+end

data/app/models/crazy_train/table.rb

@@ -0,0 +1,19 @@
+module CrazyTrain
+  class Table
+    SYSTEM_TABLES = %w[ar_internal_metadata schema_migrations].freeze
+
+    class << self
+      def names
+        ActiveRecord::Base.connection.tables - SYSTEM_TABLES
+      end
+
+      def classes
+        names.map { |name| name.classify.constantize }
+      end
+
+      def klass(name)
+        name.classify.constantize
+      end
+    end
+  end
+end

data/app/views/crazy_train/tables/index.html.erb

@@ -0,0 +1,2 @@
+<h1>Tables#index</h1>
+<p>Find me in app/views/crazy_train/tables/index.html.erb</p>

data/app/views/layouts/crazy_train/application.html.erb

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Crazy train</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= stylesheet_link_tag    "crazy_train/application", media: "all" %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,8 @@
+CrazyTrain::Engine.routes.draw do
+  get 'tables' => 'tables#index', as: :tables, format: :json
+  get ':resource' => 'resources#index', as: :resources, format: :json
+  get ':resource/:id' => 'resources#show', as: :resource, format: :json
+  post ':resource' => 'resources#create', format: :json
+  patch ':resource/:id' => 'resources#update', format: :json
+  delete ':resource/:id' => 'resources#destroy', format: :json
+end

data/lib/crazy_train/engine.rb

@@ -0,0 +1,7 @@
+require 'api_error_handler'
+
+module CrazyTrain
+  class Engine < ::Rails::Engine
+    isolate_namespace CrazyTrain
+  end
+end

data/lib/crazy_train/grant.rb

@@ -0,0 +1,18 @@
+module CrazyTrain
+  class Grant
+    class << self
+      def execute!
+        sql "GRANT SELECT ON announcements TO #{CrazyTrain.config.unauthorized_role}"
+        sql "GRANT SELECT ON announcements TO #{CrazyTrain.config.authenticated_role}"
+        sql 'GRANT ALL PRIVILEGES ON announcements TO admin'
+        sql 'GRANT ALL PRIVILEGES ON users TO admin'
+        sql 'GRANT ALL PRIVILEGES ON notes TO admin'
+        sql 'GRANT USAGE ON announcements_id_seq TO admin'
+      end
+
+      def sql(statement)
+        ActiveRecord::Base.connection.execute(statement)
+      end
+    end
+  end
+end

data/lib/crazy_train/jwt.rb

@@ -0,0 +1,22 @@
+module CrazyTrain
+  class JWT
+    HEADERS = { 'alg' => 'HS256', 'typ' => 'JWT' }.freeze
+
+    def self.encode(payload, secret = CrazyTrain.config.secret)
+      ::JWT.encode(payload, secret, 'HS256', HEADERS)
+    end
+
+    def self.decode(token, secret = CrazyTrain.config.secret)
+      ::JWT.decode(token, secret, true, HEADERS)
+    end
+
+    def self.generate_token(payload_string)
+      payload = JSON.parse(payload_string || '{}')
+      encode(payload)
+    end
+
+    def self.generate_jwt_secret
+      SecureRandom.alphanumeric(32)
+    end
+  end
+end

data/lib/crazy_train/railtie.rb

@@ -0,0 +1,4 @@
+module CrazyTrain
+  class Railtie < ::Rails::Railtie
+  end
+end

data/lib/crazy_train/version.rb

@@ -0,0 +1,3 @@
+module CrazyTrain
+  VERSION = '0.2.0'.freeze
+end

data/lib/crazy_train.rb

@@ -0,0 +1,39 @@
+require 'crazy_train/version'
+require 'crazy_train/engine'
+require 'crazy_train/jwt'
+require 'jwt'
+
+module CrazyTrain
+  Config = Struct.new(:secret, :unauthorized_role, :authenticated_role)
+  @@config = Config.new(
+    secret: 'you-must-change-this',
+    unauthorized_role: 'anonymous',
+    authenticated_role: 'authenticated'
+  )
+
+  def self.config
+    @@config
+  end
+
+  def self.setup
+    yield @@config
+  end
+
+  def self.current_role
+    ActiveRecord::Base.connection.execute('SELECT current_user').to_a.first['current_user']
+  end
+
+  def self.current_settings
+    ActiveRecord::Base.connection.execute('SELECT current_setting').to_a.first['current_setting']
+  end
+
+  def self.setup_jwt_claims!(paylaod)
+    ActiveRecord::Base.connection.execute("SET request.jwt.claims = '#{paylaod}'")
+  end
+
+  def self.request_jwt_claims
+    sql = "SELECT current_setting('request.jwt.claims', true) AS request_jwt_claims"
+    string = ActiveRecord::Base.connection.execute(sql).to_a.first['request_jwt_claims']
+    JSON.parse(string)
+  end
+end

data/lib/generators/crazy_train/install/install_generator.rb

@@ -0,0 +1,17 @@
+require 'rails/generators'
+
+module CrazyTrain
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path('templates', __dir__)
+
+      def copy_initializer
+        template 'initializer_template.erb', 'config/initializers/crazy_train.rb'
+      end
+
+      def add_route
+        route "mount CrazyTrain::Engine, at: '/api'"
+      end
+    end
+  end
+end

data/lib/generators/crazy_train/install/templates/initializer_template.erb

@@ -0,0 +1,5 @@
+CrazyTrain.setup do |config|
+  config.secret = '<%= CrazyTrain::JWT.generate_jwt_secret %>'
+  config.unauthorized_role = 'anonymous'
+  config.authorized_role = 'authenticated'
+end

data/lib/tasks/crazy_train.rake

@@ -0,0 +1,7 @@
+require 'crazy_train'
+
+namespace :crazy_train do
+  task generate_token: :environment do
+    puts CrazyTrain::JWT.generate_token(ENV.fetch('PAYLOAD', nil))
+  end
+end

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: crazy_train
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- komagata
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-12-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: api_error_handler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.1
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.1
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.0.0
+description: Provides a RESTful API for database tables for your rails apps.
+email:
+- komagata@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/config/crazy_train_manifest.js
+- app/assets/stylesheets/crazy_train/application.css
+- app/controllers/crazy_train/application_controller.rb
+- app/controllers/crazy_train/resources_controller.rb
+- app/controllers/crazy_train/tables_controller.rb
+- app/helpers/crazy_train/application_helper.rb
+- app/jobs/crazy_train/application_job.rb
+- app/mailers/crazy_train/application_mailer.rb
+- app/models/crazy_train/application_record.rb
+- app/models/crazy_train/order_parser.rb
+- app/models/crazy_train/query_builder.rb
+- app/models/crazy_train/table.rb
+- app/views/crazy_train/tables/index.html.erb
+- app/views/layouts/crazy_train/application.html.erb
+- config/routes.rb
+- lib/crazy_train.rb
+- lib/crazy_train/engine.rb
+- lib/crazy_train/grant.rb
+- lib/crazy_train/jwt.rb
+- lib/crazy_train/railtie.rb
+- lib/crazy_train/version.rb
+- lib/generators/crazy_train/install/install_generator.rb
+- lib/generators/crazy_train/install/templates/initializer_template.erb
+- lib/tasks/crazy_train.rake
+homepage: https://github.com/komagata/crazy_train
+licenses: []
+metadata:
+  homepage_uri: https://github.com/komagata/crazy_train
+  source_code_uri: https://github.com/komagata/crazy_train
+  changelog_uri: https://github.com/komagata/crazy_train/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.22
+signing_key:
+specification_version: 4
+summary: Provides a RESTful API to DB tables.
+test_files: []