hephaestus 0.0.1

data/templates/app/controllers/application_controller.rb

@@ -0,0 +1,107 @@
+# typed: false
+# frozen_string_literal: true
+
+class ApplicationController < ActionController::Base
+  include ActionController::MimeResponds
+
+  rescue_from ActionController::UnknownFormat, with: :not_acceptable
+
+  before_action :set_request_span_context
+  def set_request_span_context
+  end
+
+  after_action :set_response_span_context
+  def set_response_span_context
+    OpenTelemetry::Trace.current_span.add_attributes({
+      OpenTelemetry::SemanticConventions::Trace::HTTP_RESPONSE_CONTENT_LENGTH => response.headers["content-length"] || 0,
+    })
+  end
+
+  def no_content
+    head(:no_content)
+  end
+
+  def okay
+    render(
+      json: {
+        message: "OK",
+      }.to_json,
+      status: :ok,
+    )
+  end
+
+  def created
+    render(
+      json: {
+        message: "Created",
+      }.to_json,
+      status: :created,
+    )
+  end
+
+  def bad_request
+    render(
+      json: {
+        errors: [
+          {
+            message: "Bad Request",
+          },
+        ],
+      }.to_json,
+      status: :bad_request,
+    )
+  end
+
+  def forbidden
+    render(
+      json: {
+        errors: [
+          {
+            message: "Forbidden",
+          },
+        ],
+      }.to_json,
+      status: :forbidden,
+    )
+  end
+
+  def not_acceptable(e)
+    render(
+      json: ::ErrorSerializer.format("Not Acceptable").to_json,
+      status: :not_acceptable,
+    )
+  end
+
+  def not_found
+    render(
+      json: ::ErrorSerializer.format("Not Found").to_json,
+      status: :not_found,
+    )
+  end
+
+  def service_unavailable(msg)
+    render(
+      json: {
+        errors: [
+          {
+            message: "Service Unavailable: #{msg}",
+          },
+        ],
+      }.to_json,
+      status: :service_unavailable,
+    )
+  end
+
+  def bad_gateway
+    render(
+      json: {
+        errors: [
+          {
+            message: "Bad Gateway",
+          },
+        ],
+      }.to_json,
+      status: :bad_gateway,
+    )
+  end
+end

data/templates/app/controllers/concerns/authable.rb

@@ -0,0 +1,32 @@
+# typed: strict
+# frozen_string_literal: true
+
+module Authable
+  extend T::Sig
+
+  include ActionDispatch::Http::Cache::Response
+
+  include ActionController::Helpers::ClassMethods
+  include ActionController::HttpAuthentication::Basic::ControllerMethods
+  include BodyParameter::YettoParameters
+
+  SHA256_DIGEST = OpenSSL::Digest.new("sha256")
+
+  sig { void }
+  def from_yetto?
+    return bad_request if request.headers.blank?
+
+    yetto_signature = request.headers.fetch(Headers::Yetto::HEADER_SIGNATURE, "")
+
+    return bad_request unless yetto_signature.start_with?("sha256=")
+
+    hmac_header = yetto_signature.split("sha256=").last
+    body = request.env["RAW_POST_DATA"]
+
+    calculated_hmac = OpenSSL::HMAC.hexdigest(SHA256_DIGEST, YETTO_PLUG_APP_TOKEN, body)
+
+    return true if ActiveSupport::SecurityUtils.secure_compare(calculated_hmac, hmac_header)
+
+    bad_request
+  end
+end

data/templates/app/controllers/root_controller.rb

@@ -0,0 +1,11 @@
+# typed: strict
+# frozen_string_literal: true
+
+class RootController < ApplicationController
+  extend T::Sig
+
+  sig { void }
+  def index
+    okay
+  end
+end

data/templates/app/controllers/settings_controller.rb

@@ -0,0 +1,7 @@
+# typed: false
+# frozen_string_literal: true
+
+class SettingsController < ApplicationController
+  def index
+  end
+end

data/templates/app/controllers/staff_controller.rb

@@ -0,0 +1,15 @@
+# typed: strict
+# frozen_string_literal: true
+
+class StaffController < ApplicationController
+  extend T::Sig
+
+  class << self
+    extend T::Sig
+
+    sig { params(request: ActionDispatch::Request).returns(T::Boolean) }
+    def staff_request?(request)
+      false
+    end
+  end
+end

data/templates/app/controllers/yetto_controller.rb

@@ -0,0 +1,30 @@
+# typed: false
+# frozen_string_literal: true
+
+class YettoController < ApplicationController
+  include BodyParameter::YettoParameters
+  include PathParameter::YettoParameters
+  include Authable
+
+  include Headers::Yetto
+
+  before_action :from_yetto?
+
+  def event
+    case pparam_yetto_event
+    when Headers::Yetto::EVENT_AFTER_CREATE
+      case pparam_yetto_record_type
+      when Headers::Yetto::RECORD_TYPE_PLUG_INSTALLATION
+
+        no_content
+      when Headers::Yetto::RECORD_TYPE_MESSAGE
+
+        no_content
+      else
+        not_found
+      end
+    else
+      not_found
+    end
+  end
+end

data/templates/app/jobs/application_job.rb

@@ -0,0 +1,10 @@
+# typed: false
+# frozen_string_literal: true
+
+class ApplicationJob < ActiveJob::Base
+  # Automatically retry jobs that encountered a deadlock
+  # retry_on ActiveRecord::Deadlocked
+
+  # Most jobs are safe to ignore if the underlying records are no longer available
+  # discard_on ActiveJob::DeserializationError
+end

data/templates/app/jobs/update_yetto_job.rb

@@ -0,0 +1,27 @@
+# typed: false
+# frozen_string_literal: true
+
+# Send updated data to Yetto to store in the database
+# This can be used to update installation data or message data
+
+class UpdateYettoJob < ApplicationJob
+  queue_as :default
+
+  def perform(params)
+    type = params.delete(:type)
+
+    organization_id = params.fetch(:organization, {}).fetch(:id, nil)
+    inbox_id = params.fetch(:inbox, {}).fetch(:id, nil)
+    plug_installation_id = params.fetch(:plug_installation, {}).fetch(:id, nil)
+
+    case type
+    when "installation"
+      YettoService.update_installation(organization_id, inbox_id, plug_installation_id, params)
+    when "switch"
+      plug_id = params.fetch(:plug, {}).fetch(:id, nil)
+      YettoService.create_switch(organization_id, inbox_id, plug_id, params)
+    when "message"
+      YettoService.create_message(organization_id, inbox_id, params)
+    end
+  end
+end

data/templates/app/lib/body_parameter/yetto_parameters.rb

@@ -0,0 +1,8 @@
+# typed: false
+# frozen_string_literal: true
+
+module BodyParameter
+  module YettoParameters
+    extend T::Sig
+  end
+end

data/templates/app/lib/body_parameter.rb

@@ -0,0 +1,6 @@
+# typed: strict
+# frozen_string_literal: true
+
+module BodyParameter
+  extend T::Sig
+end

data/templates/app/lib/constants/app.rb

@@ -0,0 +1,8 @@
+# typed: false
+# frozen_string_literal: true
+
+module Constants
+  module PlugApp
+    PLUG_APP_API_VERSION = "2023-03-06"
+  end
+end

data/templates/app/lib/headers/yetto.rb

@@ -0,0 +1,17 @@
+# typed: false
+# frozen_string_literal: true
+
+module Headers
+  module Yetto
+    YETTO_DELIVERY_ID = "HTTP_X_YETTO_DELIVERY_ID"
+
+    HEADER_EVENT = "HTTP_X_YETTO_EVENT"
+    EVENT_AFTER_CREATE = "after_create"
+
+    HEADER_RECORD_TYPE = "HTTP_X_YETTO_RECORD_TYPE"
+    RECORD_TYPE_PLUG_INSTALLATION = "plug_installation"
+    RECORD_TYPE_MESSAGE = "message"
+
+    HEADER_SIGNATURE = "HTTP_X_YETTO_SIGNATURE"
+  end
+end

data/templates/app/lib/headers.rb

@@ -0,0 +1,5 @@
+# typed: false
+# frozen_string_literal: true
+
+module Headers
+end

data/templates/app/lib/path_parameter/yetto_parameters.rb

@@ -0,0 +1,25 @@
+# typed: false
+# frozen_string_literal: true
+
+module PathParameter
+  module YettoParameters
+    extend T::Sig
+
+    sig { returns(String) }
+    def pparam_yetto_event
+      yetto_path_params.fetch(:event, "")
+    end
+
+    sig { returns(String) }
+    def pparam_yetto_record_type
+      yetto_path_params.fetch(:record_type, "")
+    end
+
+    sig { returns(ActionController::Parameters) }
+    def yetto_path_params
+      return ActionController::Parameters.new if params.blank?
+
+      params.permit(:event, :record_type)
+    end
+  end
+end

data/templates/app/lib/path_parameter.rb

@@ -0,0 +1,8 @@
+# typed: strict
+# frozen_string_literal: true
+
+module PathParameter
+  extend T::Sig
+
+  delegate :path_parameters, to: :request
+end

data/templates/app/lib/plug_app/http.rb

@@ -0,0 +1,34 @@
+# typed: strict
+# frozen_string_literal: true
+
+module PlugApp
+  module HTTP
+    extend T::Sig
+
+    OK = "OK"
+    OK_I = 200
+
+    CREATED = "Created"
+    CREATED_I = 201
+    NO_CONTENT = "No Content"
+    NO_CONTENT_I = 204
+
+    NOT_FOUND = "Not Found"
+    NOT_FOUND_I = 404
+    BAD_REQUEST = "Bad Request"
+    BAD_REQUEST_I = 400
+    UNAUTHORIZED = "Unauthorized"
+    UNAUTHORIZED_I = 401
+    FORBIDDEN = "Forbidden"
+    FORBIDDEN_I = 403
+    NOT_ACCEPTABLE = "Not Acceptable"
+    NOT_ACCEPTABLE_I = 406
+    SERVICE_UNAVAILABLE = "Service Unavailable"
+    SERVICE_UNAVAILABLE_I = 503
+
+    sig { params(status: Integer).returns(T::Boolean) }
+    def status_ok?(status)
+      status == OK_I
+    end
+  end
+end

data/templates/app/lib/plug_app/middleware/malformed_request.rb

@@ -0,0 +1,110 @@
+# typed: strict
+# frozen_string_literal: true
+
+module PlugApp
+  module Middleware
+    # There is no valid reason for a request to contain a malformed string
+    # so just return HTTP 400 (Bad Request) if we receive one
+    class MalformedRequest
+      extend T::Sig
+
+      include ActionController::HttpAuthentication::Basic
+
+      NULL_BYTE_REGEX = T.let(Regexp.new(Regexp.escape("\u0000")).freeze, Regexp)
+
+      sig { returns(T.untyped) }
+      attr_reader :app
+
+      sig { params(app: T.untyped).void }
+      def initialize(app)
+        @app = T.let(app, T.untyped)
+      end
+
+      sig { params(env: T.untyped).returns(T.untyped) }
+      def call(env)
+        return [PlugApp::HTTP::BAD_REQUEST_I, { "Content-Type" => "text/plain" }, [PlugApp::HTTP::BAD_REQUEST]] if request_contains_malformed_string?(env)
+
+        app.call(env)
+      end
+
+      private
+
+      sig { params(env: T.untyped).returns(T::Boolean) }
+      def request_contains_malformed_string?(env)
+        # Duplicate the env, so it is not modified when accessing the parameters
+        # https://github.com/rails/rails/blob/34991a6ae2fc68347c01ea7382fa89004159e019/actionpack/lib/action_dispatch/http/parameters.rb#L59
+        request = ActionDispatch::Request.new(env.dup)
+
+        return true if malformed_path?(request.path)
+        return true if credentials_malformed?(request)
+
+        request.params.values.any? do |value|
+          param_has_null_byte?(value)
+        end
+      rescue ActionController::BadRequest
+        # If we can't build an ActionDispatch::Request something's wrong
+        # This would also happen if `#params` contains invalid UTF-8
+        # in this case we'll return a 400
+        true
+      end
+
+      sig { params(path: String).returns(T::Boolean) }
+      def malformed_path?(path)
+        string_malformed?(Rack::Utils.unescape(path))
+      rescue ArgumentError
+        # Rack::Utils.unescape raised this, path is malformed.
+        true
+      end
+
+      sig { params(request: T.untyped).returns(T::Boolean) }
+      def credentials_malformed?(request)
+        credentials = if has_basic_credentials?(request)
+          decode_credentials(request).presence
+        else
+          request.authorization.presence
+        end
+
+        return false unless credentials
+
+        string_malformed?(credentials)
+      end
+
+      sig { params(value: T.untyped, depth: Integer).returns(T::Boolean) }
+      def param_has_null_byte?(value, depth = 0)
+        # Guard against possible attack sending large amounts of nested params
+        # Should be safe as deeply nested params are highly uncommon.
+        return false if depth > 2
+
+        depth += 1
+
+        if value.respond_to?(:match)
+          string_malformed?(value)
+        elsif value.respond_to?(:values)
+          value.values.any? do |hash_value|
+            param_has_null_byte?(hash_value, depth)
+          end
+        elsif value.is_a?(Array)
+          value.any? do |array_value|
+            param_has_null_byte?(array_value, depth)
+          end
+        else
+          false
+        end
+      end
+
+      sig { params(string: String).returns(T::Boolean) }
+      def string_malformed?(string)
+        # We're using match instead of include because that raises an ArgumentError
+        # when the string contains invalid UTF-8
+        #
+        # We try to encode the string from ASCII-8BIT to UTF8. If we failed to do
+        # so for certain characters in the string, those chars are probably incomplete
+        # multibyte characters.
+        string.dup.force_encoding(Encoding::UTF_8).match?(NULL_BYTE_REGEX)
+      rescue ArgumentError, Encoding::UndefinedConversionError
+        # If we're here, we caught a malformed string. Return true
+        true
+      end
+    end
+  end
+end

data/templates/app/lib/plug_app/middleware/not_found.rb

@@ -0,0 +1,41 @@
+# typed: false
+# frozen_string_literal: true
+
+require "openapi_first"
+
+module PlugApp
+  module Middleware
+    # frozen_string_literal: true
+
+    # Rack::NotFound is a default endpoint. Optionally initialize with the
+    # path to a custom 404 page, to override the standard response body.
+    #
+    # Examples:
+    #
+    # Serve default 404 response:
+    #   run Rack::NotFound.new
+    #
+    # Serve a custom 404 page:
+    #   run Rack::NotFound.new('path/to/your/404.html')
+
+    class NotFound
+      F = ::File
+
+      def initialize(path = nil, content_type = "text/html")
+        if path.nil?
+          @content = "Not found\n"
+        else
+          @content = F.read(path)
+          @content = F.read(path)
+        end
+        @length = @content.bytesize.to_s
+
+        @content_type = content_type
+      end
+
+      def call(env)
+        [404, { "Content-Type" => @content_type, "Content-Length" => @length }, [@content]]
+      end
+    end
+  end
+end

data/templates/app/lib/plug_app/middleware/openapi_validation.rb

@@ -0,0 +1,54 @@
+# typed: false
+# frozen_string_literal: true
+
+require "openapi_first"
+
+module PlugApp
+  module Middleware
+    class OpenapiValidation
+      API_PATH_PREFIX = "/api/"
+      SPEC_PATH = Rails.root.join("lib/plug_app/schemas/api/2023-03-06/openapi.json")
+
+      def initialize(app)
+        @app = app
+        spec = OpenapiFirst.load(SPEC_PATH)
+        @response_validator = OpenapiFirst::ResponseValidator.new(spec)
+        @request_validator = OpenapiFirst::RequestValidation.new(->(_env) {}, spec: SPEC_PATH, raise_error: true)
+      end
+
+      def call(env)
+        request = Rack::Request.new(env)
+
+        if request.path.starts_with?(API_PATH_PREFIX)
+          # force content-type to JSON
+          if env["CONTENT_TYPE"] == "application/x-www-form-urlencoded"
+            env["CONTENT_TYPE"] = "application/json"
+          end
+
+          begin
+            @request_validator.call(env)
+            # response = @app.call(env)
+            # @response_validator.validate(request, response)
+          rescue OpenapiFirst::NotFoundError
+            PlugApp::Middleware::NotFound.new.call(env)
+          rescue OpenapiFirst::RequestInvalidError => e
+            error_hsh = ::ErrorSerializer.format(e.message)
+
+            return [PlugApp::HTTP::BAD_REQUEST_I, { "Content-Type" => "application/json" }, [error_hsh]]
+          rescue => e
+            raise e unless Rails.env.production?
+
+            logger.error(
+              "openapi.request_validation.error",
+              path: request.path,
+              method: request.env["REQUEST_METHOD"],
+              error_message: e.message,
+            )
+          end
+        end
+
+        @app.call(env)
+      end
+    end
+  end
+end

data/templates/app/lib/plug_app/middleware/tracing_attributes.rb

@@ -0,0 +1,42 @@
+# typed: false
+# frozen_string_literal: true
+
+require "openapi_first"
+require "active_support/parameter_filter"
+
+module PlugApp
+  module Middleware
+    class TracingAttributes
+      extend T::Sig
+
+      sig { returns(T.untyped) }
+      attr_reader :app
+
+      HTTP_REQUEST_BODY = "http.request.body"
+
+      sig { params(app: T.untyped).void }
+      def initialize(app)
+        @app = T.let(app, T.untyped)
+        @filterer = ActiveSupport::ParameterFilter.new(Rails.application.config.filter_parameters)
+      end
+
+      sig { params(env: T.untyped).returns(T.untyped) }
+      def call(env)
+        request = ActionDispatch::Request.new(env.dup)
+
+        OpenTelemetry::Trace.current_span.add_attributes({
+          OpenTelemetry::VERSION => PlugApp::Application::GIT_SHA,
+          OpenTelemetry::SemanticConventions::Trace::HTTP_REQUEST_CONTENT_LENGTH => env["CONTENT_LENGTH"].to_i,
+          HTTP_REQUEST_BODY => filtered_params(request),
+        })
+
+        app.call(env)
+      end
+
+      def filtered_params(request)
+        params = request.params
+        @filterer.filter(params).to_json
+      end
+    end
+  end
+end

data/templates/app/lib/query_parameter.rb

@@ -0,0 +1,6 @@
+# typed: strict
+# frozen_string_literal: true
+
+module QueryParameter
+  extend T::Sig
+end

data/templates/app/serializers/error_serializer.rb

@@ -0,0 +1,16 @@
+# typed: false
+# frozen_string_literal: true
+
+class ErrorSerializer
+  class << self
+    def format(message)
+      {
+        errors: [
+          {
+            message: message,
+          },
+        ],
+      }.to_json
+    end
+  end
+end