handcart 0.0.2

data/config/routes.rb

@@ -0,0 +1,5 @@
+Handcart::Engine.routes.draw do
+  resources :ip_addresses
+  resources :subdomains
+  root to: "subdomains#index"
+end

data/db/migrate/20131009165427_create_handcart_subdomains.rb

@@ -0,0 +1,9 @@
+class CreateHandcartSubdomains < ActiveRecord::Migration
+  def change
+    create_table :handcart_subdomains do |t|
+      t.string :name
+
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20131203000934_create_handcart_ip_addresses.rb

@@ -0,0 +1,12 @@
+class CreateHandcartIpAddresses < ActiveRecord::Migration
+  def change
+    create_table :handcart_ip_addresses do |t|
+      t.string :address
+      t.string :subnet_mask
+      t.belongs_to :handcart, index: true
+      t.boolean :blacklisted, default: false
+
+      t.timestamps
+    end
+  end
+end

data/lib/handcart.rb

@@ -0,0 +1,67 @@
+require "handcart/engine"
+require "handcart/acts_as_handcart"
+require "handcart/ip_authorization"
+require 'handcart/controller_additions'
+require 'haml'
+require 'sass/rails'
+require "handcart/simple_form"
+require 'jquery-rails'
+
+module Handcart
+  module Strategies
+    # Load the IP Authorization strategies
+    autoload :BaseIpStrategy, "handcart/strategies/base_ip_strategy"
+    autoload :InclusionStrategy, 'handcart/strategies/inclusion_strategy'
+    autoload :ContainmentStrategy, 'handcart/strategies/containment_strategy'
+  end
+
+  mattr_accessor :subdomain_class
+  @@subdomain_class = "Handcart::Subdomain"
+
+  mattr_accessor :handcart_class
+  @@handcart_class = nil
+
+  mattr_accessor :handcart_show_path
+  @@handcart_show_path = nil
+
+  mattr_accessor :domain_constraints
+  @@domain_constraints = []
+
+  mattr_accessor :reserved_subdomains
+  @@reserved_subdomains = [
+    "www",
+    "ftp",
+    "ssh",
+    "pop3",
+    "staging",
+    "master",
+  ]
+
+  mattr_accessor :ip_authorization_strategy
+  @@ip_authorization_strategy = nil
+
+  # Enable Global IP Forwarding for certain environments
+  mattr_accessor :global_ip_forwarding_enabled_environments
+  @@global_ip_forwarding_enabled_environments = []
+
+  # Enable Gobal IP Blocking for certain environments
+  mattr_accessor :global_ip_blocking_enabled_environments
+  @@global_ip_blocking_enabled_environments = []
+
+  def self.setup
+    yield self
+  end
+
+  def self.handcart_class
+    @@handcart_class.constantize
+  end
+
+  def self.subdomain_class
+    @@subdomain_class.constantize
+  end
+
+  def self.ip_authorization
+    IpAuthorization.instance
+  end
+
+end

data/lib/handcart/acts_as_handcart.rb

@@ -0,0 +1,16 @@
+module Handcart
+  module ActsAsHandcart
+    extend ActiveSupport::Concern
+
+    included do
+    end
+
+    module ClassMethods
+      def acts_as_handcart
+        include Handcart::Concerns::Handcarts
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.send :include, Handcart::ActsAsHandcart

data/lib/handcart/controller_additions.rb

@@ -0,0 +1,152 @@
+module Handcart
+
+  # This module is automatically included into all controllers.
+  module ControllerAdditions
+    module ClassMethods
+
+      def enable_forwarding(forwarding, rejection, *args)
+        self.class_variable_set(:@@forwarding_url, forwarding)
+        self.class_variable_set(:@@rejection_url, rejection)
+
+        options = args.extract_options!
+        if Handcart.global_ip_forwarding_enabled_environments.include?(Rails.env)
+          before_action :setup_forwarding_resources, options.slice(:except, :only)
+          before_action :forward_or_reject, options.slice(:except, :only)
+        else
+          # No forwarding is enabled
+        end
+      end
+
+      # Enable IP Blocking on the sessions controller
+      def enable_blocking(rejection, *args)
+        options = args.extract_options!
+        self.class_variable_set(:@@rejection_url, rejection)
+
+        if Handcart.global_ip_blocking_enabled_environments.include?(Rails.env)
+          before_action :setup_blocking_resources, options.slice(:except, :only)
+          before_action :allow_or_reject, options.slice(:except, :only)
+        else
+          # Do nothing, no blocking is enabled
+        end
+      end
+    end
+
+    # Instance Methods here
+    def current_subdomain
+      @current_subdomain = Handcart::Subdomain.find_by_name(request.subdomain)
+    end
+
+    def current_handcart
+      @current_handcart = current_subdomain.handcart
+    end
+
+    def self.included(base)
+      base.extend ClassMethods
+      base.helper_method :current_subdomain, :current_handcart
+    end
+
+    private
+
+    def setup_forwarding_resources
+      @forwarding_url = self.class.class_variable_get(:@@forwarding_url)
+      @rejection_url = self.class.class_variable_get(:@@rejection_url)
+    end
+
+    def setup_blocking_resources
+      @rejection_url = self.class.class_variable_get(:@@rejection_url)
+    end
+
+    def forward_or_reject
+      # We assume the the rejection action is going to be on the public controller
+      # since we wouldn't want to forward the rejection to the handcart
+      my_forbidden_url = main_app.url_for({
+        subdomain: '',
+        host: Handcart::DomainConstraint.default_constraint.domain,
+        controller: @rejection_url.split("#").first,
+        action: @rejection_url.split("#").last,
+        trailing_slash: false,
+      })
+
+      # Look for the IP Address
+      ip_address = Handcart::IpAddress.permitted.find_by_address(request.remote_ip)
+      if ip_address
+        # Do we have a current_handcart for this foreign IP?...
+        if ip_address.handcart.present?
+          # Does it respond to enable_ip_blocking? and if so, is it disabled right now?
+          if ip_address.handcart.respond_to?(:enable_ip_blocking?)
+            truthiness = ip_address.handcart.present? && !ip_address.handcart.enable_ip_blocking?
+          else
+            # otherwise, it doesn't respond to it, so just make sure the handcart is present
+            truthiness = ip_address.handcart.present?
+          end
+        end
+
+        # Now do the forwarding
+        if truthiness
+          my_forwarding_url = main_app.url_for({
+            subdomain: ip_address.handcart.subdomain.name,
+            host: Handcart::DomainConstraint.default_constraint.domain,
+            controller: @forwarding_url.split("#").first,
+            action: @forwarding_url.split("#").last,
+            trailing_slash: false,
+          })
+          redirect_to my_forwarding_url
+        else
+          # Franchisee hasn't been activated yet, or this IP Address isn't associated with a franchisee yet.
+          flash[:error] = 'Cannot login from this IP address!'
+          redirect_to my_forbidden_url
+        end
+      else
+        # Blacklisted
+        flash[:error] = "IP Address has not been authorized to access this site"
+        redirect_to my_forbidden_url
+      end
+    end
+
+    # Don't allow unauthorized or blacklisted foreign IP addresses to hit
+    # what we assume is the session controller for the franchisee.
+    def allow_or_reject
+      # We assume the the rejection action is going to be on the public controller
+      # since we wouldn't want to forward the rejection to the handcart
+      my_rejection_url = main_app.url_for({
+        # subdomain: '',
+        host: Handcart::DomainConstraint.default_constraint.domain,
+        controller: @rejection_url.split("#").first,
+        action: @rejection_url.split("#").last,
+        trailing_slash: false,
+      })
+
+      # See if they have enable IP blocking if they respond to that.
+      if current_handcart.respond_to?(:enable_ip_blocking?)
+        truthiness = current_handcart.enable_ip_blocking?
+      else
+        # Default to true
+        truthiness = true
+      end
+
+      if truthiness
+        ip_address = current_handcart.ip_addresses.permitted.find_by_address(request.remote_ip)
+        if ip_address
+          if Handcart.ip_authorization.strategy.is_in_range?(ip_address.address, current_handcart)
+            # Do nothing, let them login
+          else
+            # # The strategy doesn't match
+            redirect_to my_rejection_url
+          end
+        else
+          # No IP Address was found
+          redirect_to my_rejection_url
+        end
+      else
+        # Do nothing, blocking mode is disabled
+      end
+    end
+
+  end
+end
+
+if defined? ActionController::Base
+  ActionController::Base.class_eval do
+    include Handcart::ControllerAdditions
+  end
+end

data/lib/handcart/engine.rb

@@ -0,0 +1,27 @@
+module Handcart
+  class Engine < ::Rails::Engine
+    config.generators do |g|
+      g.test_framework :rspec, fixture: false, view_specs: false
+      g.fixture_replacement :factory_girl, dir: 'spec/factories'
+      g.template_engine :haml
+      g.stylesheet_engine :scss
+      g.assets false
+      g.helper false
+    end
+
+    config.after_initialize do
+      if File.exists?(File.join(Rails.root, 'config', 'handcart.json')) && !Rails.env.test?
+        # Don't load the app's config file when we're testing the gem
+        config_file = File.join(Rails.root, 'config', 'handcart.json')
+      elsif File.exists?(File.join(Handcart::Engine.root, 'config', 'handcart.json'))
+        # But default to using the gem config if one can't be found
+        config_file = File.join(Handcart::Engine.root, 'config', 'handcart.json')
+      end
+      my_config_file = JSON.parse(File.read(config_file))
+      CONFIG = my_config_file.fetch(Rails.env, {})
+      CONFIG.symbolize_keys!
+    end
+
+    isolate_namespace Handcart
+  end
+end

data/lib/handcart/ip_authorization.rb

@@ -0,0 +1,27 @@
+require 'singleton'
+
+module Handcart
+  class IpAuthorization
+    # A singleton
+    attr_accessor :ip_authorization_strategy, :strategy
+
+    include Singleton
+
+    def initialize
+      @ip_authorization_strategy = Handcart.ip_authorization_strategy
+
+      # Setup what strategy we're using
+      case @ip_authorization_strategy
+      when :none
+        nil
+      when :containment
+        @strategy = Handcart::Strategies::ContainmentStrategy.new
+      when :inclusion
+        @strategy = Handcart::Strategies::InclusionStrategy.new
+      else
+        nil
+      end
+    end
+
+  end
+end

data/lib/handcart/simple_form.rb

@@ -0,0 +1,179 @@
+# lib/my-engine/simple-form.rb
+require 'simple_form'
+
+# Use this setup block to configure all options available in SimpleForm.
+SimpleForm.setup do |config|
+  # Wrappers are used by the form builder to generate a
+  # complete input. You can remove any component from the
+  # wrapper, change the order or even add your own to the
+  # stack. The options given below are used to wrap the
+  # whole input.
+  config.wrappers :default, class: :input,
+    hint_class: :field_with_hint, error_class: :field_with_errors do |b|
+    ## Extensions enabled by default
+    # Any of these extensions can be disabled for a
+    # given input by passing: `f.input EXTENSION_NAME => false`.
+    # You can make any of these extensions optional by
+    # renaming `b.use` to `b.optional`.
+
+    # Determines whether to use HTML5 (:email, :url, ...)
+    # and required attributes
+    b.use :html5
+
+    # Calculates placeholders automatically from I18n
+    # You can also pass a string as f.input placeholder: "Placeholder"
+    b.use :placeholder
+
+    ## Optional extensions
+    # They are disabled unless you pass `f.input EXTENSION_NAME => :lookup`
+    # to the input. If so, they will retrieve the values from the model
+    # if any exists. If you want to enable the lookup for any of those
+    # extensions by default, you can change `b.optional` to `b.use`.
+
+    # Calculates maxlength from length validations for string inputs
+    b.optional :maxlength
+
+    # Calculates pattern from format validations for string inputs
+    b.optional :pattern
+
+    # Calculates min and max from length validations for numeric inputs
+    b.optional :min_max
+
+    # Calculates readonly automatically from readonly attributes
+    b.optional :readonly
+
+    ## Inputs
+    b.use :label_input
+    b.use :hint,  wrap_with: { tag: :span, class: :hint }
+    b.use :error, wrap_with: { tag: :span, class: :error }
+  end
+
+  config.wrappers :bootstrap, tag: 'div', class: 'control-group', error_class: 'error' do |b|
+    b.use :html5
+    b.use :placeholder
+    b.use :label
+    b.wrapper tag: 'div', class: 'controls' do |ba|
+      ba.use :input
+      ba.use :error, wrap_with: { tag: 'span', class: 'help-inline' }
+      ba.use :hint,  wrap_with: { tag: 'p', class: 'help-block' }
+    end
+  end
+
+  config.wrappers :prepend, tag: 'div', class: "control-group", error_class: 'error' do |b|
+    b.use :html5
+    b.use :placeholder
+    b.use :label
+    b.wrapper tag: 'div', class: 'controls' do |input|
+      input.wrapper tag: 'div', class: 'input-prepend' do |prepend|
+        prepend.use :input
+      end
+      input.use :hint,  wrap_with: { tag: 'span', class: 'help-block' }
+      input.use :error, wrap_with: { tag: 'span', class: 'help-inline' }
+    end
+  end
+
+  config.wrappers :append, tag: 'div', class: "control-group", error_class: 'error' do |b|
+    b.use :html5
+    b.use :placeholder
+    b.use :label
+    b.wrapper tag: 'div', class: 'controls' do |input|
+      input.wrapper tag: 'div', class: 'input-append' do |append|
+        append.use :input
+      end
+      input.use :hint,  wrap_with: { tag: 'span', class: 'help-block' }
+      input.use :error, wrap_with: { tag: 'span', class: 'help-inline' }
+    end
+  end
+
+  # Wrappers for forms and inputs using the Twitter Bootstrap toolkit.
+  # Check the Bootstrap docs (http://twitter.github.com/bootstrap)
+  # to learn about the different styles for forms and inputs,
+  # buttons and other elements.
+  config.default_wrapper = :bootstrap
+
+  # Define the way to render check boxes / radio buttons with labels.
+  # Defaults to :nested for bootstrap config.
+  #   inline: input + label
+  #   nested: label > input
+  config.boolean_style = :nested
+
+  # Default class for buttons
+  config.button_class = 'btn'
+
+  # Method used to tidy up errors.
+  # config.error_method = :first
+
+  # Default tag used for error notification helper.
+  config.error_notification_tag = :div
+
+  # CSS class to add for error notification helper.
+  config.error_notification_class = 'alert alert-error'
+
+  # ID to add for error notification helper.
+  # config.error_notification_id = nil
+
+  # Series of attempts to detect a default label method for collection.
+  # config.collection_label_methods = [ :to_label, :name, :title, :to_s ]
+
+  # Series of attempts to detect a default value method for collection.
+  # config.collection_value_methods = [ :id, :to_s ]
+
+  # You can wrap a collection of radio/check boxes in a pre-defined tag, defaulting to none.
+  # config.collection_wrapper_tag = nil
+
+  # You can define the class to use on all collection wrappers. Defaulting to none.
+  # config.collection_wrapper_class = nil
+
+  # You can wrap each item in a collection of radio/check boxes with a tag,
+  # defaulting to :span. Please note that when using :boolean_style = :nested,
+  # SimpleForm will force this option to be a label.
+  # config.item_wrapper_tag = :span
+
+  # You can define a class to use in all item wrappers. Defaulting to none.
+  # config.item_wrapper_class = nil
+
+  # How the label text should be generated altogether with the required text.
+  # config.label_text = lambda { |label, required| "#{required} #{label}" }
+
+  # You can define the class to use on all labels. Default is nil.
+  config.label_class = 'control-label'
+
+  # You can define the class to use on all forms. Default is simple_form.
+  # config.form_class = :simple_form
+
+  # You can define which elements should obtain additional classes
+  # config.generate_additional_classes_for = [:wrapper, :label, :input]
+
+  # Whether attributes are required by default (or not). Default is true.
+  # config.required_by_default = true
+
+  # Tell browsers whether to use default HTML5 validations (novalidate option).
+  # Default is enabled.
+  config.browser_validations = false
+
+  # Collection of methods to detect if a file type was given.
+  # config.file_methods = [ :mounted_as, :file?, :public_filename ]
+
+  # Custom mappings for input types. This should be a hash containing a regexp
+  # to match as key, and the input type that will be used when the field name
+  # matches the regexp as value.
+  # config.input_mappings = { /count/ => :integer }
+
+  # Default priority for time_zone inputs.
+  # config.time_zone_priority = nil
+
+  # Default priority for country inputs.
+  # config.country_priority = nil
+
+  # Default size for text inputs.
+  # config.default_input_size = 50
+
+  # When false, do not use translations for labels.
+  # config.translate_labels = true
+
+  # Automatically discover new inputs in Rails' autoload path.
+  # config.inputs_discovery = true
+
+  # Cache SimpleForm inputs discovery
+  # config.cache_discovery = !Rails.env.development?
+end