flagsmith 2.0.0 → 3.0.0

data/example/apps/web/application.rb

@@ -0,0 +1,162 @@
+require 'hanami/helpers'
+require 'hanami/assets'
+
+require_relative '../../../lib/flagsmith'
+
+module Web
+  class Application < Hanami::Application
+    configure do
+      root __dir__
+
+      load_paths << %w[
+        controllers
+        views
+      ]
+
+      routes 'config/routes'
+
+      layout :application # It will load Web::Views::ApplicationLayout
+
+      templates 'templates'
+
+      ##
+      # ASSETS
+      #
+      assets do
+        # In order to skip JavaScript compression comment the following line
+        javascript_compressor :builtin
+
+        # In order to skip stylesheet compression comment the following line
+        stylesheet_compressor :builtin
+      end
+
+      ##
+      # SECURITY
+      #
+
+      # X-Frame-Options is a HTTP header supported by modern browsers.
+      # It determines if a web page can or cannot be included via <frame> and
+      # <iframe> tags by untrusted domains.
+      #
+      # Web applications can send this header to prevent Clickjacking attacks.
+      #
+      # Read more at:
+      #
+      #   * https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
+      #   * https://www.owasp.org/index.php/Clickjacking
+      #
+      security.x_frame_options 'DENY'
+
+      # X-Content-Type-Options prevents browsers from interpreting files as
+      # something else than declared by the content type in the HTTP headers.
+      #
+      # Read more at:
+      #
+      #   * https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Content-Type-Options
+      #   * https://msdn.microsoft.com/en-us/library/gg622941%28v=vs.85%29.aspx
+      #   * https://blogs.msdn.microsoft.com/ie/2008/09/02/ie8-security-part-vi-beta-2-update
+      #
+      security.x_content_type_options 'nosniff'
+
+      # X-XSS-Protection is a HTTP header to determine the behavior of the
+      # browser in case an XSS attack is detected.
+      #
+      # Read more at:
+      #
+      #   * https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
+      #   * https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-XSS-Protection
+      #
+      security.x_xss_protection '1; mode=block'
+
+      # Content-Security-Policy (CSP) is a HTTP header supported by modern
+      # browsers. It determines trusted sources of execution for dynamic
+      # contents (JavaScript) or other web related assets: stylesheets, images,
+      # fonts, plugins, etc.
+      #
+      # Web applications can send this header to mitigate Cross Site Scripting
+      # (XSS) attacks.
+      #
+      # The default value allows images, scripts, AJAX, fonts and CSS from the
+      # same origin, and does not allow any other resources to load (eg object,
+      # frame, media, etc).
+      #
+      # Inline JavaScript is NOT allowed. To enable it, please use:
+      # "script-src 'unsafe-inline'".
+      #
+      # Content Security Policy introduction:
+      #
+      #  * http://www.html5rocks.com/en/tutorials/security/content-security-policy/
+      #  * https://www.owasp.org/index.php/Content_Security_Policy
+      #  * https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
+      #
+      # Inline and eval JavaScript risks:
+      #
+      #   * http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
+      #   * http://www.html5rocks.com/en/tutorials/security/content-security-policy/#eval-too
+      #
+      # Content Security Policy usage:
+      #
+      #  * http://content-security-policy.com/
+      #  * https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Using_Content_Security_Policy
+      #
+      # Content Security Policy references:
+      #
+      #  * https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives
+      #
+      security.content_security_policy %(
+        form-action 'self';
+        frame-ancestors 'self';
+        base-uri 'self';
+        default-src 'none';
+        script-src 'self';
+        connect-src 'self';
+        img-src 'self' https: data:;
+        style-src 'self' 'unsafe-inline' https:;
+        font-src 'self';
+        object-src 'none';
+        plugin-types application/pdf;
+        child-src 'self';
+        frame-src 'self';
+        media-src 'self'
+      )
+
+      ##
+      # FRAMEWORKS
+      #
+
+      # Configure the code that will yield each time Web::Action is included
+      # This is useful for sharing common functionality
+      #
+      # See: http://www.rubydoc.info/gems/hanami-controller#Configuration
+      controller.prepare do
+        # include MyAuthentication # included in all the actions
+        # before :authenticate!    # run an authentication before callback
+      end
+
+      # Configure the code that will yield each time Web::View is included
+      # This is useful for sharing common functionality
+      #
+      # See: http://www.rubydoc.info/gems/hanami-view#Configuration
+      view.prepare do
+        include Hanami::Helpers
+        include Web::Assets::Helpers
+      end
+    end
+
+    ##
+    # DEVELOPMENT
+    #
+    configure :development do
+      # Don't handle exceptions, render the stack trace
+      handle_exceptions false
+    end
+
+    ##
+    # TEST
+    #
+    configure :test do
+      # Don't handle exceptions, render the stack trace
+      handle_exceptions false
+    end
+  end
+end

data/example/apps/web/config/routes.rb

@@ -0,0 +1 @@
+get '/', to: 'home#index'

data/example/apps/web/controllers/home/index.rb

@@ -0,0 +1,32 @@
+module Web
+  module Controllers
+    module Home
+      class Index
+        include Web::Action
+
+        expose :identifier, :show_button, :button_color
+
+        def call(params)
+          @identifier = params.get(:flagsmith, :identifier)
+
+          if @identifier.nil? || @identifier.blank?
+            # Get the default flags for the current environment
+            flags = $flagsmith.get_environment_flags
+            @show_button = flags.is_feature_enabled("secret_button")
+            @button_data = JSON.parse(flags.get_feature_value("secret_button"))["colour"]
+          else
+            trait_key = params.get(:flagsmith, :trait_key)
+            trait_value = params.get(:flagsmith, :trait_value)
+            traits = trait_key.nil? ? nil : { trait_key: trait_value }
+
+            # Get the flags for an identity, including the provided trait which will be
+            # persisted to the API for future requests.
+            identity_flags = $flagsmith.get_identity_flags(identifier, traits)
+            @show_button = identity_flags.is_feature_enabled('secret_button')
+            @button_color = JSON.parse(identity_flags.get_feature_value('secret_button'))['colour']
+          end
+        end
+      end
+    end
+  end
+end

data/example/apps/web/templates/application.html.slim

@@ -0,0 +1,7 @@
+doctype html
+html
+  head
+    title Flagsmith Example
+  body
+    main[style="max-width: 768px; margin: auto; text-align: center"]
+      = yield

data/example/apps/web/templates/home/index.html.slim

@@ -0,0 +1,10 @@
+p
+  ' Hello,
+  = (identifier.nil? || identifier.blank?) ? 'World' : identifier
+
+= if show_button
+  button[style="background-color: #{button_color}"] A secret button
+
+p
+
+= form

data/example/apps/web/views/application_layout.rb

@@ -0,0 +1,7 @@
+module Web
+  module Views
+    class ApplicationLayout
+      include Web::Layout
+    end
+  end
+end

data/example/apps/web/views/home/index.rb

@@ -0,0 +1,29 @@
+module Web
+  module Views
+    module Home
+      class Index
+        include Web::View
+
+        def form
+          form_for :flagsmith, '/', method: :get do
+            h3 'Identify as a User'
+            div style: 'margin-bottom: 1em;' do
+              label :identifier
+              text_field :identifier
+            end
+            p '... with an optional user trait'
+            div style: 'margin-bottom: 1em;' do
+              label :trait_key
+              text_field :trait_key
+            end
+            div style: 'margin-bottom: 1em;' do
+              label :trait_value
+              text_field :trait_value
+            end
+            div { submit 'Identify!' }
+          end
+        end
+      end
+    end
+  end
+end

data/example/config/boot.rb

@@ -0,0 +1,2 @@
+require_relative './environment'
+Hanami.boot

data/example/config/environment.rb

@@ -0,0 +1,17 @@
+require 'bundler/setup'
+require 'hanami/setup'
+require 'hanami/model'
+require_relative '../apps/web/application'
+
+Hanami.configure do
+  mount Web::Application, at: '/'
+
+  model do
+    adapter :sql, ENV.fetch('DATABASE_URL')
+  end
+
+  environment :development do
+    # See: https://guides.hanamirb.org/projects/logging
+    logger level: :debug
+  end
+end

data/example/config/initializers/flagsmith.rb

@@ -0,0 +1,9 @@
+$flagsmith = Flagsmith::Client.new(
+  enable_local_evaluation: true,
+  environment_refresh_interval_seconds: 60,
+  default_flag_handler: lambda { |feature_name|
+    Flagsmith::Flag.new(
+      feature_name: feature_name, enabled: false, value: {}.to_json, feature_id: nil
+    )
+  }
+)

data/example/config/puma.rb

@@ -0,0 +1,15 @@
+require_relative './environment'
+workers 1
+
+threads_count = 1
+threads threads_count, threads_count
+
+preload_app!
+
+rackup      DefaultRackup
+port        2300
+environment 'development'
+
+on_worker_boot do
+  Hanami.boot
+end

data/example/config.ru

@@ -0,0 +1,3 @@
+require_relative 'config/environment'
+
+run Hanami.app

data/example/spec/features_helper.rb

@@ -0,0 +1,12 @@
+# Require this file for feature tests
+require_relative './spec_helper'
+
+require 'capybara'
+require 'capybara/rspec'
+
+RSpec.configure do |config|
+  config.include RSpec::FeatureExampleGroup
+
+  config.include Capybara::DSL,           feature: true
+  config.include Capybara::RSpecMatchers, feature: true
+end

data/example/spec/spec_helper.rb

@@ -0,0 +1,103 @@
+# Require this file for unit tests
+ENV['HANAMI_ENV'] ||= 'test'
+
+require_relative '../config/environment'
+Hanami.boot
+Hanami::Utils.require!("#{__dir__}/support")
+
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause
+# this file to always be loaded, without a need to explicitly require it in any
+# files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, consider making
+# a separate helper file that requires the additional dependencies and performs
+# the additional setup, and require it from the spec files that actually need
+# it.
+#
+# The `.rspec` file also contains a few flags that are not defaults but that
+# users commonly want.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    #     be_bigger_than(2).and_smaller_than(4).description
+    #     # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #     # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+
+# The settings below are suggested to provide a good initial experience
+# with RSpec, but feel free to customize to your heart's content.
+=begin
+  # These two settings work together to allow you to limit a spec run
+  # to individual examples or groups you care about by tagging them with
+  # `:focus` metadata. When nothing is tagged with `:focus`, all examples
+  # get run.
+  config.filter_run :focus
+  config.run_all_when_everything_filtered = true
+
+  # Allows RSpec to persist some state between runs in order to support
+  # the `--only-failures` and `--next-failure` CLI options. We recommend
+  # you configure your source control system to ignore this file.
+  config.example_status_persistence_file_path = "spec/examples.txt"
+
+  # Limits the available syntax to the non-monkey patched syntax that is
+  # recommended. For more details, see:
+  #   - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
+  #   - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
+  config.disable_monkey_patching!
+
+  # This setting enables warnings. It's recommended, but in many cases may
+  # be too noisy due to issues in dependencies.
+  config.warnings = false
+
+  # Many RSpec users commonly either run the entire suite or an individual
+  # file, and it's useful to allow more verbose output when running an
+  # individual spec file.
+  if config.files_to_run.one?
+    # Use the documentation formatter for detailed output,
+    # unless a formatter has already been configured
+    # (e.g. via a command-line flag).
+    config.default_formatter = 'doc'
+  end
+
+  # Print the 10 slowest examples and example groups at the
+  # end of the spec run, to help surface which specs are running
+  # particularly slow.
+  config.profile_examples = 10
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = :random
+
+  # Seed global randomization in this process using the `--seed` CLI option.
+  # Setting this allows you to use `--seed` to deterministically reproduce
+  # test failures related to randomization by passing the same `--seed` value
+  # as the one that triggered the failure.
+  Kernel.srand config.seed
+=end
+end

data/example/spec/support/capybara.rb

@@ -0,0 +1,8 @@
+module RSpec
+  module FeatureExampleGroup
+    def self.included(group)
+      group.metadata[:type] = :feature
+      Capybara.app = Hanami.app
+    end
+  end
+end

data/example/spec/web/controllers/home/index_spec.rb

@@ -0,0 +1,9 @@
+RSpec.describe Web::Controllers::Home::Index, type: :action do
+  let(:action) { described_class.new }
+  let(:params) { Hash[] }
+
+  it 'is successful' do
+    response = action.call(params)
+    expect(response[0]).to eq 200
+  end
+end

data/example/spec/web/views/application_layout_spec.rb

@@ -0,0 +1,10 @@
+require "spec_helper"
+
+RSpec.describe Web::Views::ApplicationLayout, type: :view do
+  let(:layout)   { Web::Views::ApplicationLayout.new({ format: :html }, "contents") }
+  let(:rendered) { layout.render }
+
+  it 'contains application name' do
+    expect(rendered).to include('Web')
+  end
+end

data/example/spec/web/views/home/index_spec.rb

@@ -0,0 +1,10 @@
+RSpec.describe Web::Views::Home::Index, type: :view do
+  let(:exposures) { Hash[format: :html] }
+  let(:template)  { Hanami::View::Template.new('apps/web/templates/home/index.html.slim') }
+  let(:view)      { described_class.new(template, exposures) }
+  let(:rendered)  { view.render }
+
+  it 'exposes #format' do
+    expect(view.format).to eq exposures.fetch(:format)
+  end
+end

data/lib/flagsmith/engine/core.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+require 'semantic'
+require 'securerandom'
+
+require_relative 'environments/models'
+require_relative 'features/models'
+require_relative 'identities/models'
+require_relative 'organisations/models'
+require_relative 'projects/models'
+require_relative 'segments/evaluator'
+require_relative 'segments/models'
+require_relative 'utils/hash_func'
+
+module Flagsmith
+  module Engine
+    # Flags engine methods
+    module Core
+      include Flagsmith::Engine::Segments::Evaluator
+
+      def get_identity_feature_state(environment, identity, feature_name, override_traits = nil)
+        feature_states = get_identity_feature_states_dict(environment, identity, override_traits).values
+
+        feature_state = feature_states.find { |f| f.feature.name == feature_name }
+
+        raise Flagsmith::FeatureStateNotFound, 'Feature State Not Found' if feature_state.nil?
+
+        feature_state
+      end
+
+      def get_identity_feature_states(environment, identity, override_traits = nil)
+        feature_states = get_identity_feature_states_dict(environment, identity, override_traits).values
+
+        return feature_states.select(&:enabled?) if environment.project.hide_disabled_flags
+
+        feature_states
+      end
+
+      def get_environment_feature_state(environment, feature_name)
+        features_state = environment.feature_states.find { |f| f.feature.name == feature_name }
+
+        raise Flagsmith::FeatureStateNotFound, 'Feature State Not Found' if features_state.nil?
+
+        features_state
+      end
+
+      def get_environment_feature_states(environment)
+        return environment.feature_states.select(&:enabled?) if environment.project.hide_disabled_flags
+
+        environment.feature_states
+      end
+
+      private
+
+      def get_identity_feature_states_dict(environment, identity, override_traits = nil)
+        # Get feature states from the environment
+        feature_states = {}
+        override = ->(fs) { feature_states[fs.feature.id] = fs }
+        environment.feature_states.each(&override)
+
+        override_by_matching_segments(environment, identity, override_traits) do |fs|
+          override.call(fs) unless higher_segment_priority?(feature_states, fs)
+        end
+
+        # Override with any feature states defined directly the identity
+        identity.identity_features.each(&override)
+        feature_states
+      end
+
+      # Override with any feature states defined by matching segments
+      def override_by_matching_segments(environment, identity, override_traits)
+        identity_segments = get_identity_segments(environment, identity, override_traits)
+        identity_segments.each do |matching_segment|
+          matching_segment.feature_states.each do |feature_state|
+            yield feature_state if block_given?
+          end
+        end
+      end
+
+      def higher_segment_priority?(collection, feature_state)
+        collection.key?(feature_state.feature.id) &&
+          collection[feature_state.feature.id].higher_segment_priority?(
+            feature_state
+          )
+      end
+    end
+  end
+end

data/lib/flagsmith/engine/environments/models.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module Flagsmith
+  module Engine
+    # EnvironmentModel
+    class Environment
+      attr_reader :id, :api_key
+      attr_accessor :project, :feature_states, :amplitude_config, :segment_config,
+                    :mixpanel_config, :heap_config
+
+      def initialize(id:, api_key:, project:, feature_states: [])
+        @id = id
+        @api_key = api_key
+        @project = project
+        @feature_states = feature_states
+      end
+
+      class << self
+        def build(json)
+          project = Flagsmith::Engine::Project.build(json[:project])
+          feature_states = json[:feature_states].map do |fs|
+            Flagsmith::Engine::FeatureState.build(fs)
+          end
+
+          new(**json.slice(:id, :api_key).merge(project: project, feature_states: feature_states))
+        end
+      end
+    end
+
+    module Environments
+      # EnvironmentApiKeyModel
+      class ApiKey
+        attr_reader :id, :key, :created_at, :name, :client_api_key
+        attr_accessor :expires_at, :active
+
+        def initialize(params = {})
+          @id = params.fetch(:id)
+          @key = params.fetch(:key)
+          @name = params.fetch(:name)
+          @client_api_key = params.fetch(:client_api_key)
+          @created_at = params.fetch(:created_at, Time.now)
+          @expires_at = params.fetch(:expires_at, nil)
+          @active = params.fetch(:active, true)
+        end
+
+        def valid?
+          active && (!expires_at || expires_at > Time.now)
+        end
+
+        class << self
+          def build(json)
+            attributes = json.slice(:id, :key, :name, :client_api_key, :active)
+            attributes = attributes.merge(expires_at: Date.parse(json[:created_at])) unless json[:created_at].nil?
+            attributes = attributes.merge(expires_at: Date.parse(json[:expires_at])) unless json[:expires_at].nil?
+            new(**attributes)
+          end
+        end
+      end
+    end
+  end
+end