eucalypt 0.1.0

data/lib/eucalypt/eucalypt-security/helpers.rb

@@ -0,0 +1,22 @@
+require 'active_support'
+require 'active_support/core_ext'
+require 'thor'
+require 'eucalypt/helpers'
+require 'eucalypt/eucalypt-generate/namespaces/generate/cli/generate'
+
+module Eucalypt
+  class Security < Thor
+    module Helpers
+      include Eucalypt::Helpers
+      include Eucalypt::Helpers::Messages
+      using Colorize
+
+      def create_config_file(type, directory)
+        config_relative = File.join 'config', "#{type}.rb"
+        config_file = File.join(directory, config_relative)
+        Out.warning "#{type.to_s.capitalize} config file #{config_relative.colorize(:bold)} already exists." if File.file? config_file
+        template "#{type}.tt", config_file
+      end
+    end
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security/cli/security.rb

@@ -0,0 +1,31 @@
+require 'eucalypt/errors'
+require 'eucalypt/eucalypt-security/namespaces/security-warden/cli/security-warden'
+require 'eucalypt/eucalypt-security/namespaces/security-pundit/cli/security-pundit'
+require 'eucalypt/eucalypt-security/namespaces/security-policy/cli/security-policy'
+require 'eucalypt/helpers'
+
+module Eucalypt
+  class Security < Thor
+    include Thor::Actions
+    include Eucalypt::Helpers
+    using Colorize
+
+    class << self
+      require 'eucalypt/list'
+      include Eucalypt::List
+      def banner(task, namespace = false, subcommand = true)
+        basename + ' ' + task.formatted_usage(self, true, subcommand).split(':').join(' ')
+      end
+    end
+
+    register(Eucalypt::SecurityWarden, 'warden', 'warden [COMMAND]', 'Configure Warden authentication'.colorize(:grey))
+    register(Eucalypt::SecurityPundit, 'pundit', 'pundit [COMMAND]', 'Configure Pundit authorization'.colorize(:grey))
+    register(Eucalypt::SecurityPolicy, 'policy', 'policy [COMMAND]', 'Pundit policy commands'.colorize(:grey))
+  end
+
+  class CLI < Thor
+    include Eucalypt::Helpers
+    using Colorize
+    register(Security, 'security', 'security [COMMAND]', 'Manage authentication and authorization'.colorize(:grey))
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-policy/cli/security-policy.rb

@@ -0,0 +1,91 @@
+require 'thor'
+require 'eucalypt/errors'
+require 'eucalypt/helpers'
+require 'eucalypt/eucalypt-security/namespaces/security-policy/generators/policy'
+require 'eucalypt/eucalypt-security/namespaces/security-policy-permission/cli/security-policy-permission'
+require 'eucalypt/eucalypt-security/namespaces/security-policy-role/cli/security-policy-role'
+
+module Eucalypt
+  class SecurityPolicy < Thor
+    include Thor::Actions
+    include Eucalypt::Helpers
+    using Colorize
+
+    method_option :permissions, type: :array, aliases: '-p', default: [], desc: "Permissions to generate along with the policy"
+    desc "generate [NAME]", "Create a new Pundit policy".colorize(:grey)
+    def generate(name)
+      directory = File.expand_path('.')
+      if Eucalypt.app? directory
+        # Check for authorization gems
+        return unless Gemfile.check(%w[pundit], 'eucalypt security pundit setup', directory)
+
+        # Check for user model
+        unless File.exist? File.join(directory, 'app', 'models', 'user.rb')
+          Eucalypt::Error.no_user_model
+          return
+        end
+
+        # Check for role model
+        unless File.exist? File.join(directory, 'app', 'models', 'role.rb')
+          Eucalypt::Error.no_role_model
+          return
+        end
+
+        policy = Inflect.new(:policy, name)
+
+        policy_generator = Eucalypt::Generators::Policy.new
+        policy_generator.destination_root = directory
+
+        # Generate policy file
+        policy_generator.generate(name: name)
+
+        # Create policy roles table
+        policy_generator.generate_policy_roles_migration(policy: policy.resource)
+
+        # Create policy role model
+        Dir.chdir(directory) do
+          Eucalypt::CLI.start(['generate', 'model', "#{policy.resource}_role", '--no-spec', '--no-table'])
+        end
+
+        # Add validation to role model
+        role_model_file = File.join directory, 'app', 'models', "#{policy.resource}_role.rb"
+        File.open(role_model_file) do |f|
+          insert = "  validates :permission, uniqueness: true"
+          inject_into_class(role_model_file, "#{policy.resource}_role".camelize, "#{insert}\n") unless f.read.include? insert
+        end
+
+        # Add policy column to user roles table
+        Dir.chdir(directory) do
+          args = %w[migration add column]
+          args << 'roles'
+          args << policy.resource
+          args << 'string'
+          args << %w[-o default:default]
+          args.flatten!
+          Eucalypt::CLI.start(args)
+        end
+
+        # Generate permissions
+        options[:permissions].each do |permission|
+          Eucalypt::CLI.start(['security', 'policy', 'permission', 'generate', policy.resource, permission])
+        end
+      else
+        Eucalypt::Error.wrong_directory
+      end
+    end
+
+    #def destroy()
+    #end
+
+    class << self
+      require 'eucalypt/list'
+      include Eucalypt::List
+      def banner(task, namespace = false, subcommand = true)
+        "#{basename} security #{task.formatted_usage(self, true, subcommand).split(':').join(' ')}"
+      end
+    end
+
+    register(Eucalypt::SecurityPolicyPermission, 'permission', 'permission [COMMAND]', 'Pundit policy permission commands'.colorize(:grey))
+    register(Eucalypt::SecurityPolicyRole, 'role', 'role [COMMAND]', 'Pundit policy role commands'.colorize(:grey))
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-policy/generators/policy.rb

@@ -0,0 +1,31 @@
+require 'active_support'
+require 'active_support/core_ext'
+require 'thor'
+require 'eucalypt/helpers'
+
+module Eucalypt
+  module Generators
+    class Policy < Thor::Group
+      include Thor::Actions
+      include Eucalypt::Helpers
+
+      def self.source_root
+        File.join File.dirname(__dir__), 'templates'
+      end
+
+      def generate(name:)
+        policy = Inflect.new(:policy, name)
+        config = {class_name: policy.class_name, resource: policy.resource, constant: policy.constant}
+        template('policy.tt', policy.file_path, config)
+      end
+
+      def generate_policy_roles_migration(policy:)
+        sleep 1
+        migration = Eucalypt::Helpers::Migration[title: "create_#{policy}_roles", template: 'create_policy_roles_migration.tt']
+        return unless migration.create_anyway? if migration.exists?
+        config = {migration_title: migration.title.camelize, policy: policy}
+        template migration.template, migration.file_path, config
+      end
+    end
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-policy/templates/create_policy_roles_migration.tt

@@ -0,0 +1,11 @@
+class <%= config[:migration_title] %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :<%= config[:policy] %>_roles do |t|
+      t.string :permission, null: false
+      t.boolean :admin, default: true
+      t.boolean :default, default: false
+    end
+
+    add_index :<%= config[:policy] %>_roles, :permission, unique: true
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-policy/templates/policy.tt

@@ -0,0 +1,16 @@
+class <%= config[:class_name] %>
+  attr_reader :user, :<%= config[:resource] %>
+
+  def initialize(user, <%= config[:resource] %>)
+    @user = user
+    @<%= config[:resource] %> = <%= config[:resource] %>
+  end
+
+  if ActiveRecord::Base.connection.table_exists?(:<%= config[:resource] %>_roles)
+    <%= config[:constant] %>Role.pluck(:permission).each do |permission|
+      define_method("#{permission}?") do
+        <%= config[:constant] %>Role.find_by(permission: permission).send(user.role.<%= config[:resource] %>)
+      end
+    end
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-policy-permission/cli/security-policy-permission.rb

@@ -0,0 +1,62 @@
+require 'thor'
+require 'eucalypt/errors'
+require 'eucalypt/helpers'
+require 'eucalypt/eucalypt-security/namespaces/security-policy-permission/generators/policy-permission'
+
+module Eucalypt
+  class SecurityPolicyPermission < Thor
+    include Thor::Actions
+    include Eucalypt::Helpers
+    using Colorize
+
+    desc "generate [POLICY] [PERMISSION]", "Create a new Pundit policy permission".colorize(:grey)
+    def generate(name, permission)
+      directory = File.expand_path('.')
+      if Eucalypt.app? directory
+        # Check for authorization gems
+        return unless Gemfile.check(%w[pundit], 'eucalypt security pundit setup', directory)
+
+        # Check for user model
+        unless File.exist? File.join(directory, 'app', 'models', 'user.rb')
+          Eucalypt::Error.no_user_model
+          return
+        end
+
+        # Check for role model
+        unless File.exist? File.join(directory, 'app', 'models', 'role.rb')
+          Eucalypt::Error.no_role_model
+          return
+        end
+
+        policy = Inflect.new(:policy, name)
+
+        # Check for policy file and policy role model
+        policy_file = File.join(directory, 'app', 'policies', policy.file_name)
+        policy_role_model = File.join(directory, 'app', 'models', "#{policy.resource}_role.rb")
+        unless File.exist?(policy_file) && File.exist?(policy_role_model)
+          Eucalypt::Error.no_policy(policy.resource)
+          return
+        end
+
+        policy_permission = Eucalypt::Generators::PolicyPermission.new
+        policy_permission.destination_root = directory
+
+        # Add permission record to policy role table
+        policy_permission.generate(policy_name: policy.resource, permission: Inflect.resource_keep_inflection(permission))
+      else
+        Eucalypt::Error.wrong_directory
+      end
+    end
+
+    # def destroy()
+    # end
+
+    class << self
+      require 'eucalypt/list'
+      include Eucalypt::List
+      def banner(task, namespace = false, subcommand = true)
+        "#{basename} security policy #{task.formatted_usage(self, true, subcommand).split(':').join(' ')}"
+      end
+    end
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-policy-permission/generators/policy-permission.rb

@@ -0,0 +1,28 @@
+require 'active_support'
+require 'active_support/core_ext'
+require 'thor'
+require 'eucalypt/helpers'
+
+module Eucalypt
+  module Generators
+    class PolicyPermission < Thor::Group
+      include Thor::Actions
+      include Eucalypt::Helpers
+
+      def self.source_root
+        File.join File.dirname(__dir__), 'templates'
+      end
+
+      def generate(policy_name:, permission:)
+        sleep 1
+        migration = Eucalypt::Helpers::Migration[
+          title: "add_#{permission}_permission_to_#{policy_name}_policy",
+          template: 'add_permission_to_policy_migration.tt'
+        ]
+        return unless migration.create_anyway? if migration.exists?
+        config = {migration_title: migration.title.camelize, policy_name: policy_name, permission: permission}
+        template migration.template, migration.file_path, config
+      end
+    end
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-policy-permission/templates/add_permission_to_policy_migration.tt

@@ -0,0 +1,5 @@
+class <%= config[:migration_title] %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    <%= config[:policy_name].camelize %>Role.create permission: '<%= config[:permission] %>'
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-policy-role/cli/security-policy-role.rb

@@ -0,0 +1,66 @@
+require 'thor'
+require 'eucalypt/errors'
+require 'eucalypt/helpers'
+
+module Eucalypt
+  class SecurityPolicyRole < Thor
+    include Thor::Actions
+    include Eucalypt::Helpers
+    using Colorize
+
+    desc "generate [POLICY] [ROLE]", "Create a new Pundit policy role".colorize(:grey)
+    def generate(name, role)
+      directory = File.expand_path('.')
+      if Eucalypt.app? directory
+        # Check for authorization gems
+        return unless Gemfile.check(%w[pundit], 'eucalypt security pundit setup', directory)
+
+        # Check for user model
+        unless File.exist? File.join(directory, 'app', 'models', 'user.rb')
+          Eucalypt::Error.no_user_model
+          return
+        end
+
+        # Check for role model
+        unless File.exist? File.join(directory, 'app', 'models', 'role.rb')
+          Eucalypt::Error.no_role_model
+          return
+        end
+
+        policy = Inflect.new(:policy, name)
+
+        # Check for policy file and policy role model
+        policy_file = File.join(directory, 'app', 'policies', policy.file_name)
+        policy_role_model = File.join(directory, 'app', 'models', "#{policy.resource}_role.rb")
+        unless File.exist?(policy_file) && File.exist?(policy_role_model)
+          Eucalypt::Error.no_policy(policy.resource)
+          return
+        end
+
+        # Add role column to policy roles table
+        Dir.chdir(directory) do
+          args = %w[migration add column]
+          args << "#{policy.resource}_roles"
+          args << Inflect.resource(role)
+          args << 'boolean'
+          args << %w[-o default:false]
+          args.flatten!
+          Eucalypt::CLI.start(args)
+        end
+      else
+        Eucalypt::Error.wrong_directory
+      end
+    end
+
+    # def destroy()
+    # end
+
+    class << self
+      require 'eucalypt/list'
+      include Eucalypt::List
+      def banner(task, namespace = false, subcommand = true)
+        "#{basename} security policy #{task.formatted_usage(self, true, subcommand).split(':').join(' ')}"
+      end
+    end
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-pundit/cli/security-pundit.rb

@@ -0,0 +1,79 @@
+require 'thor'
+require 'eucalypt/helpers'
+require 'eucalypt/eucalypt-security/helpers'
+require 'eucalypt/eucalypt-security/namespaces/security-pundit/generators/role'
+
+module Eucalypt
+  class SecurityPundit < Thor
+    include Thor::Actions
+    include Eucalypt::Helpers
+    include Eucalypt::Helpers::Messages
+    include Eucalypt::Helpers::Gemfile
+    include Eucalypt::Security::Helpers
+    using Colorize
+
+    def self.source_root
+      File.join File.dirname(__dir__), 'templates'
+    end
+
+    desc "setup", "Set up Pundit authorization".colorize(:grey)
+    def setup
+      directory = File.expand_path('.')
+      if Eucalypt.app? directory
+        # Check if user model exists
+        user_model_file = File.join(directory, 'app', 'models', 'user.rb')
+        unless File.file? user_model_file
+          Eucalypt::Error.no_user_model
+          return
+        end
+
+        Out.setup "Setting up Pundit authorization..."
+
+        # Add Pundit to Gemfile
+        gemfile_add('Authorization', {pundit: '~> 2.0'}, directory)
+
+        # Create Pundit config file
+        create_config_file(:pundit, directory)
+
+        # Create roles migration
+        Eucalypt::Generators::Role.new.generate_roles_migration
+
+        # Create Role model
+        role_model_file = File.join(directory, 'app', 'models', 'role.rb')
+        Out.warning "Role model already exists." if File.file? role_model_file
+        Dir.chdir(directory) do
+          Eucalypt::CLI.start(%w[generate model role --no-spec --no-table])
+        end
+
+        # Add belongs_to to Role model
+        File.open(role_model_file) do |f|
+          insert = "  belongs_to :user"
+          inject_into_class(role_model_file, 'Role', "#{insert}\n") unless f.read.include? insert
+        end
+
+        # Add relationship to User model
+        File.open(user_model_file) do |f|
+          contents = f.read
+          insert = "  has_one :role, dependent: :destroy\n"
+          inject_into_file(user_model_file, insert, before: /  include BCrypt/) unless contents.include? insert
+          insert = "  after_save :create_role\n\n"
+          inject_into_file(user_model_file, insert, before: /  include BCrypt/) unless contents.include? insert
+          insert = "\n  private\n\n  def create_role\n    self.role = Role.new\n  end\n"
+          inject_into_file(user_model_file, insert, before: /^end/) unless contents.include? insert
+        end
+
+        Out.info "Ensure you run `#{'rake db:migrate'.colorize(:bold)}` to create the necessary tables for Pundit."
+      else
+        Eucalypt::Error.wrong_directory
+      end
+    end
+
+    class << self
+      require 'eucalypt/list'
+      include Eucalypt::List
+      def banner(task, namespace = false, subcommand = true)
+        "#{basename} security #{task.formatted_usage(self, true, subcommand).split(':').join(' ')}"
+      end
+    end
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-pundit/generators/role.rb

@@ -0,0 +1,24 @@
+require 'active_support'
+require 'active_support/core_ext'
+require 'thor'
+require 'eucalypt/helpers'
+
+module Eucalypt
+  module Generators
+    class Role < Thor::Group
+      include Thor::Actions
+      include Eucalypt::Helpers
+
+      def self.source_root
+        File.join File.dirname(__dir__), 'templates'
+      end
+
+      def generate_roles_migration
+        sleep 1
+        migration = Eucalypt::Helpers::Migration[title: "create_roles", template: 'create_roles_migration.tt']
+        return unless migration.create_anyway? if migration.exists?
+        template migration.template, migration.file_path
+      end
+    end
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-pundit/templates/create_roles_migration.tt

@@ -0,0 +1,7 @@
+class CreateRoles < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :roles do |t|
+      t.references :user, foreign_key: true
+    end
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-pundit/templates/pundit.tt

@@ -0,0 +1,4 @@
+class ApplicationController < Sinatra::Base
+  # Include Pundit for authorization
+  include Pundit
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-warden/cli/security-warden.rb

@@ -0,0 +1,61 @@
+require 'thor'
+require 'eucalypt/helpers'
+require 'eucalypt/eucalypt-security/helpers'
+require 'eucalypt/eucalypt-security/namespaces/security-warden/generators/user'
+require 'eucalypt/eucalypt-security/namespaces/security-warden/generators/auth_controller'
+
+module Eucalypt
+  class SecurityWarden < Thor
+    include Thor::Actions
+    include Eucalypt::Helpers
+    include Eucalypt::Helpers::Messages
+    include Eucalypt::Helpers::Gemfile
+    include Eucalypt::Security::Helpers
+    using Colorize
+
+    def self.source_root
+      File.join File.dirname(__dir__), 'templates'
+    end
+
+    option :controller, type: :boolean, default: true, desc: "Include an authentication controller"
+    desc "setup", "Set up Warden authentication".colorize(:grey)
+    def setup
+      directory = File.expand_path('.')
+      if Eucalypt.app? directory
+        Out.setup "Setting up Warden authentication..."
+
+        # Add Warden and BCrypt to Gemfile
+        gemfile_add('Authentication and encryption', {warden: '~> 1.2', bcrypt: '~> 3.1'}, directory)
+
+        # Create Warden config file
+        create_config_file(:warden, directory)
+
+        user = Eucalypt::Generators::User.new
+
+        # Create user migration
+        user.generate_migration
+
+        # Create user model
+        user.generate_model(directory)
+
+        if options[:controller]
+          auth_controller = Eucalypt::Generators::AuthController.new
+          auth_controller.destination_root = directory
+          auth_controller.generate
+        end
+
+        Out.info "Ensure you run `#{'rake db:migrate'.colorize(:bold)}` to create the necessary tables for Warden."
+      else
+        Eucalypt::Error.wrong_directory
+      end
+    end
+
+    class << self
+      require 'eucalypt/list'
+      include Eucalypt::List
+      def banner(task, namespace = false, subcommand = true)
+        "#{basename} security #{task.formatted_usage(self, true, subcommand).split(':').join(' ')}"
+      end
+    end
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-warden/generators/auth_controller.rb

@@ -0,0 +1,34 @@
+require 'active_support'
+require 'active_support/core_ext'
+require 'thor'
+require 'eucalypt/helpers'
+
+module Eucalypt
+  module Generators
+    class AuthController < Thor::Group
+      include Thor::Actions
+      include Eucalypt::Helpers
+      using String::Builder
+
+      def self.source_root
+        File.join File.dirname(__dir__), 'templates'
+      end
+
+      def generate
+        template 'auth_controller.tt', File.join('app', 'controllers', 'authentication_controller.rb')
+
+        config = {}
+        config[:data] = String.build do |s|
+          s << "<%=\n"
+          s << "  form_for :user, '/auth/login' do\n"
+          s << "    text_field :username\n"
+          s << "    password_field :password\n"
+          s << "    submit 'Login'\n"
+          s << "  end\n"
+          s << "%>"
+        end
+        template 'auth_login.tt', File.join('app', 'views', 'authentication', 'login.erb'), config
+      end
+    end
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-warden/generators/user.rb

@@ -0,0 +1,37 @@
+require 'active_support'
+require 'active_support/core_ext'
+require 'thor'
+require 'eucalypt/helpers'
+require 'active_record'
+
+module Eucalypt
+  module Generators
+    class User < Thor::Group
+      include Thor::Actions
+      include Eucalypt::Helpers
+      include Eucalypt::Helpers::Messages
+
+      def self.source_root
+        File.join File.dirname(__dir__), 'templates'
+      end
+
+      def generate_migration
+        sleep 1
+        migration = Eucalypt::Helpers::Migration[title: 'create_users', template: 'create_users_table_migration.tt']
+        return unless migration.create_anyway? if migration.exists?
+        template migration.template, migration.file_path
+      end
+
+      def generate_model(directory)
+        model_file = File.join(directory, 'app', 'models', 'user.rb')
+
+        if File.file? model_file
+          Out.warning 'User model already exists.'
+          return
+        end
+
+        template 'user.tt', model_file
+      end
+    end
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-warden/templates/auth_controller.tt

@@ -0,0 +1,25 @@
+class AuthenticationController < Eucalypt::Controller(route: '/auth')
+  helpers AuthenticationHelper if defined? AuthenticationHelper
+
+  get '/login' do
+    redirect '/' if current_user
+    erb :'authentication/login', layout: false
+  end
+
+  post '/login' do
+    redirect '/' if current_user
+    authenticate
+    redirect session[:return_to] || '/'
+  end
+
+  get '/logout' do
+    env['warden'].logout
+    redirect to '/login'
+  end
+
+  post '/invalid' do
+    session[:return_to] = env['warden.options'][:attempted_path]
+    status 403 # Unauthenticated
+    redirect to '/login'
+  end
+end

data/lib/eucalypt/eucalypt-security/namespaces/security-warden/templates/auth_login.tt

@@ -0,0 +1 @@
+<%= config[:data] %>

data/lib/eucalypt/eucalypt-security/namespaces/security-warden/templates/create_users_table_migration.tt

@@ -0,0 +1,9 @@
+class CreateUsers < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :users do |t|
+      t.string :username, null: false
+      t.string :encrypted_password, null: false
+      t.timestamps
+    end
+  end
+end