hephaestus 0.0.1

data/templates/lib/plug_app/schemas/api/2023-03-06/components/schemas/responses.json

@@ -0,0 +1,64 @@
+{
+    "202": {
+        "type": "object",
+        "required": [
+            "message"
+        ],
+        "properties": {
+            "message": {
+                "type": "string",
+                "value": "Accepted"
+            }
+        }
+    },
+    "204": {
+        "type": "object",
+        "required": [
+            "message"
+        ],
+        "properties": {
+            "message": {
+                "type": "string",
+                "value": "No Content"
+            }
+        }
+    },
+    "400": {
+        "type": "object",
+        "required": [
+            "errors"
+        ],
+        "properties": {
+            "errors": {
+                "type": "array",
+                "items": {
+                    "type": "object",
+                    "properties": {
+                        "message": {
+                            "type": "string"
+                        }
+                    }
+                }
+            }
+        }
+    },
+    "404": {
+        "type": "object",
+        "required": [
+            "errors"
+        ],
+        "properties": {
+            "errors": {
+                "type": "array",
+                "items": {
+                    "type": "object",
+                    "properties": {
+                        "message": {
+                            "type": "string"
+                        }
+                    }
+                }
+            }
+        }
+    }
+}

data/templates/lib/plug_app/schemas/api/2023-03-06/components/schemas/yetto.json

@@ -0,0 +1 @@
+{}

data/templates/lib/plug_app/schemas/api/2023-03-06/openapi.json

@@ -0,0 +1,27 @@
+{
+    "openapi": "3.0.0",
+    "info": {
+        "title": "${APP} Plug API",
+        "description": "An OpenAPI definition for the ${APP} Plug REST API.",
+        "version": "2023-03-06",
+        "termsOfService": "https://yetto.app/terms/",
+        "license": {
+            "name": "Apache 2.0",
+            "url": "http://www.apache.org/licenses/LICENSE-2.0.html"
+        }
+    },
+    "servers": [
+        {
+            "url": "https://yetto.app/2023-03-06",
+            "description": "Production basepath"
+        }
+    ],
+    "paths": {
+        "/api/2023-03-06/after_create/plug_installation": {
+            "$ref": "paths/yetto/after_create_plug_installation.json"
+        },
+        "/api/2023-03-06/after_create/message": {
+            "$ref": "paths/yetto/after_create_message.json"
+        }
+    }
+}

data/templates/lib/plug_app/schemas/api/2023-03-06/paths/plug.json

@@ -0,0 +1,91 @@
+{
+    "post": {
+        "tags": [
+            "Inbound",
+            "${APP}"
+        ],
+        "description": "This represents something",
+        "operationId": "Post a Yetto message",
+        "parameters": [
+            {
+                "$ref": "../components/parameters/plugInstallation.json#/plugInstallationId"
+            }
+        ],
+        "requestBody": {
+            "required": true,
+            "content": {
+                "application/json": {
+                    "schema": {
+                        "$ref": "../components/schemas/plug.json#/something"
+                    }
+                },
+                "example": {
+                    "message": {
+                        "text_content": "Hello _World_",
+                        "is_public": true,
+                        "metadata": {
+                            "author": {
+                                "name": "John Doe"
+                            }
+                        }
+                    },
+                    "creator": {
+                        "id": "usr_1234567890"
+                    }
+                }
+            }
+        },
+        "responses": {
+            "202": {
+                "description": "Accepted",
+                "content": {
+                    "application/json": {
+                        "schema": {
+                            "$ref": "../components/schemas/responses.json#/202"
+                        }
+                    }
+                }
+            },
+            "204": {
+                "description": "No Content",
+                "content": {
+                    "application/json": {
+                        "schema": {
+                            "$ref": "../components/schemas/responses.json#/204"
+                        }
+                    }
+                }
+            },
+            "400": {
+                "description": "Bad Request",
+                "content": {
+                    "application/json": {
+                        "schema": {
+                            "$ref": "../components/schemas/responses.json#/400"
+                        }
+                    }
+                }
+            },
+            "403": {
+                "description": "Forbidden",
+                "content": {
+                    "application/json": {
+                        "schema": {
+                            "$ref": "../components/schemas/responses.json#/403"
+                        }
+                    }
+                }
+            },
+            "503": {
+                "description": "Service Unavailable",
+                "content": {
+                    "application/json": {
+                        "schema": {
+                            "$ref": "../components/schemas/responses.json#/502"
+                        }
+                    }
+                }
+            }
+        }
+    }
+}

data/templates/lib/plug_app/schemas/api/2023-03-06/paths/yetto/after_create_message.json

@@ -0,0 +1,41 @@
+{
+    "post": {
+        "tags": [
+            "Yetto"
+        ],
+        "description": "After a message is created in Yetto, this delivers it.",
+        "operationId": "Create a new email",
+        "responses": {
+            "204": {
+                "description": "No Content",
+                "content": {
+                    "application/json": {
+                        "schema": {
+                            "$ref": "../../components/schemas/responses.json#/204"
+                        }
+                    }
+                }
+            },
+            "400": {
+                "description": "Bad Request",
+                "content": {
+                    "application/json": {
+                        "schema": {
+                            "$ref": "../../components/schemas/responses.json#/400"
+                        }
+                    }
+                }
+            },
+            "404": {
+                "description": "Not Found",
+                "content": {
+                    "application/json": {
+                        "schema": {
+                            "$ref": "../../components/schemas/responses.json#/404"
+                        }
+                    }
+                }
+            }
+        }
+    }
+}

data/templates/lib/plug_app/schemas/api/2023-03-06/paths/yetto/after_create_plug_installation.json

@@ -0,0 +1,41 @@
+{
+    "post": {
+        "tags": [
+            "Yetto"
+        ],
+        "description": "After a plug installation is created, this executes",
+        "operationId": "Post a thing",
+        "responses": {
+            "204": {
+                "description": "No Content",
+                "content": {
+                    "application/json": {
+                        "schema": {
+                            "$ref": "../../components/schemas/responses.json#/204"
+                        }
+                    }
+                }
+            },
+            "400": {
+                "description": "Bad Request",
+                "content": {
+                    "application/json": {
+                        "schema": {
+                            "$ref": "../../components/schemas/responses.json#/400"
+                        }
+                    }
+                }
+            },
+            "404": {
+                "description": "Not Found",
+                "content": {
+                    "application/json": {
+                        "schema": {
+                            "$ref": "../../components/schemas/responses.json#/404"
+                        }
+                    }
+                }
+            }
+        }
+    }
+}

data/templates/lib/tasks/test_tasks.rake

@@ -0,0 +1,10 @@
+# typed: false
+# frozen_string_literal: true
+
+require "rake/testtask"
+
+if Rails.env.development? || Rails.env.test?
+  require "rubocop/rake_task"
+
+  RuboCop::RakeTask.new(:rubocop)
+end

data/templates/script/ci

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+
+export CI=true
+
+script/test

data/templates/script/hmac_text

@@ -0,0 +1,22 @@
+#!/usr/bin/env rails runner
+# frozen_string_literal: true
+
+require "optparse"
+require "debug" if ENV.fetch("DEBUG", false)
+
+options = {}
+OptionParser.new do |opts|
+  opts.banner = "Usage: hmac_text [options]"
+
+  opts.on("-l", "--load PATH", "Load file from path") { |v| options[:load_path] = v }
+  opts.on("-p", "--parse STRING", "Parses string directly") { |v| options[:parse_string] = v }
+end.parse!
+
+body = if options[:load_path].present?
+  File.read(options[:load_path])
+elsif options[:parse_string].present?
+  options[:parse_string]
+end
+
+puts "Parsing `#{body}` into HMAC"
+puts OpenSSL::HMAC.hexdigest(Authable::SHA256_DIGEST, YETTO_PLUG_APP_TOKEN, body)

data/templates/script/licenses

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+set -e
+
+function usage() {
+  echo "Usage:"
+  echo "$0 [options]"
+  echo ""
+  echo "  Options:"
+  echo "    -u/--update           Update license information"
+  echo "    -v/--verify           Verify license information"
+  echo "    -g/--generate         Generate CSV license data"
+  echo "    -h/--help             Display this help message"
+  echo ""
+  exit 1
+}
+
+while [ "$1" != "" ]; do
+    case $1 in
+    -v | --verify)
+        echo "Verifying dependency licenses ..."
+        bin/bundle exec licensed env -c .licensed.yml
+        bin/bundle exec licensed list -c .licensed.yml
+        bin/bundle exec licensed status -c .licensed.yml
+        RET=$?
+        if [ $RET -ne 0 ]; then
+        echo
+        echo "*** When fixed, please run 'script/licenses -c' to update the license cache. ***"
+        echo
+        fi
+
+        exit $RET
+        ;;
+    -u | --update)
+        echo "Caching dependency licenses ..."
+        bin/bundle exec licensed cache -c .licensed.yml
+        ;;
+    -g | --generate)
+        echo "Generating CSV licenses ..."
+        bin/bundle exec rake licenses:generate
+        ;;
+    -h | --help)
+        usage
+        ;;
+    *)
+        usage
+        exit 1
+        ;;
+    esac
+    shift
+done

data/templates/script/ngrok

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -e
+
+ngrok http --region=us --hostname=plug-app.ngrok.io 6661

data/templates/script/security_checks/brakeman

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -e
+
+bundle exec brakeman --color -o /dev/stdout -o security-results.json

data/templates/script/security_checks/bundle-audit

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -e
+
+bundle exec bundle-audit check --update

data/templates/script/server

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -e
+
+bin/foreman start -f Procfile.dev

data/templates/script/server-debug

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -e
+
+bin/foreman start -f Procfile.debug

data/templates/script/test

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -e
+
+bin/rails test "$@"

data/templates/script/typecheck

@@ -0,0 +1,42 @@
+#!/bin/bash
+
+set -e
+
+function usage() {
+  echo "Usage:"
+  echo "$0 [options]"
+  echo ""
+  echo "  Options:"
+  echo "    -u/--update           Update tapioca RBI files"
+  echo "    -v/--verify           Verify tapioca RBI files"
+  echo "    -h/--help             Display this help message"
+  echo ""
+  exit 1
+}
+
+while [ "$1" != "" ]; do
+    case $1 in
+    -u | --update)
+        echo "Updating Tapioca RBI files ..."
+        bin/tapioca gem
+        echo "Updating Tapioca DSL files ..."
+        bin/tapioca dsl
+        echo "Updating Tapioca TODO files ..."
+        bin/tapioca todo
+        ;;
+    -v | --verify)
+        echo "Verify gem RBIs are up-to-date ..."
+        bin/tapioca gem --verify
+        echo "Verify duplicates in shims ..."
+        bin/tapioca check-shims
+        ;;
+    -h | --help)
+        usage
+        ;;
+    *)
+        usage
+        exit 1
+        ;;
+    esac
+    shift
+done

data/templates/sorbet/custom.rbi

@@ -0,0 +1,14 @@
+# typed: strong
+# Custom, artisanal RBIs for stuff sorbet and tapioca aren't able to understand (yet?)
+#
+# It's likely that some of these could be corrected by adding a `sig` to the appropriate location(s)
+
+module Authable
+  sig { returns(ActionDispatch::Request) }
+  def request; end
+  sig { returns(ActionDispatch::Response) }
+  def response; end
+
+  sig { void}
+  def bad_request; end
+end

data/templates/test/controllers/root_controller_test.rb

@@ -0,0 +1,12 @@
+# typed: false
+# frozen_string_literal: true
+
+require "test_helper"
+
+class RootControllerTest < ActionDispatch::IntegrationTest
+  test "GET / 200s" do
+    get "/"
+
+    assert_response :ok
+  end
+end

data/templates/test/controllers/settings_controller_test.rb

@@ -0,0 +1,27 @@
+# typed: false
+# frozen_string_literal: true
+
+require "test_helper"
+
+class SettingsControllerTest < ActionDispatch::IntegrationTest
+  include API::TestHelpers
+
+  include Webmocks::Yetto
+
+  test "GET /settings without asking for JSON fails" do
+    api(:get, "/settings", headers: nil)
+
+    assert_response :not_acceptable
+  end
+
+  test "GET /settings asking for JSON works" do
+    settings_json = api(:get, "/settings")
+
+    assert_response :ok
+
+    settings = settings_json["settings"]
+
+    assert_equal "2023-03-06", settings_json["version"]
+    assert_equal 3, settings.length
+  end
+end

data/templates/test/controllers/yetto_controller_test.rb

@@ -0,0 +1,130 @@
+# typed: false
+# frozen_string_literal: true
+
+require "test_helper"
+
+class YettoControllerTest < ActionDispatch::IntegrationTest
+  include API::TestHelpers
+
+  include Webmocks::Yetto
+
+  def setup
+    super
+    @after_create_plug_installation = {
+      plug_installation: {
+        id: @plug_installation_id,
+        settings: {
+          from_name: "it me",
+          from_email: "new@from.company",
+          reply_to_email: "new@from.company",
+        },
+      },
+      organization: {
+        id: @organization_id,
+      },
+      plug: {
+        id: @plug_id,
+      },
+      inbox: {
+        id: @inbox_id,
+      },
+    }
+
+    @after_create_message = {
+      plug_installation: {
+        id: @plug_installation_id,
+        settings: {},
+        credentials: {},
+      },
+      message: {
+        id: @message_id,
+        text_content: "blern",
+        html_content: "<p>blern</p>",
+        metadata: {},
+        conversation: {
+          id: @conversation_id,
+          title: "Hey there?",
+          metadata: {
+            "in-reply-to" => "123",
+          },
+        },
+      },
+      inbox: {
+        id: @inbox_id,
+        organization: {
+          id: @organization_id,
+          status: "active",
+        },
+      },
+    }
+  end
+
+  def headers(body)
+    {
+      Headers::Yetto::HEADER_EVENT => "after_create",
+      Headers::Yetto::HEADER_RECORD_TYPE => "plug_installation",
+      Headers::Yetto::HEADER_SIGNATURE => yetto_auth_header(body),
+    }
+  end
+
+  test "it handles null headers" do
+    api(:post, "/after_create/plug_installation", headers: nil)
+
+    assert_response :bad_request
+  end
+
+  test "it handles missing headers" do
+    api(:post, "/after_create/plug_installation", headers: {})
+
+    assert_response :bad_request
+  end
+
+  test "it handles incorrect headers" do
+    api(:post, "/after_create/plug_installation", headers: { "X-Yetto-Signature" => "Basic jabroni:lies" })
+
+    assert_response :bad_request
+
+    api(:post, "/after_create/plug_installation", headers: { "X-Yetto-Signature" => "sha256=123456" })
+
+    assert_response :bad_request
+  end
+
+  test "it handles missing body" do
+    body = {}
+    api(:post, "/after_create/plug_installation", headers: headers(body), body: body)
+
+    assert_response :bad_request
+  end
+
+  test "it handles wrong event" do
+    body = @after_create_plug_installation
+    api(:post, "/bloop/plug_installation", headers: headers(body), body: body)
+
+    assert_response :not_found
+  end
+
+  test "it handles wrong record type" do
+    body = @after_create_plug_installation
+
+    api(:post, "/after_create/plug_instunk", headers: headers(body), body: body)
+
+    assert_response :not_found
+  end
+
+  test "it handles wrong signature type" do
+    body = @after_create_plug_installation
+    headers_with_one_body = headers(body)
+    # body different than headers
+    body_two = {
+      plug: {
+        id: "plg_#{Faker::Alphanumeric.alphanumeric(number: 26).upcase}",
+      },
+      inbox: {
+        id: "inbx_#{Faker::Alphanumeric.alphanumeric(number: 26).upcase}",
+      },
+    }
+    api(:post, "/after_create/plug_installation", headers: headers_with_one_body, body: body_two)
+
+    assert_response :bad_request
+  end
+end

data/templates/test/jobs/update_yetto_job_test.rb

@@ -0,0 +1,41 @@
+# typed: false
+# frozen_string_literal: true
+
+require "test_helper"
+
+class UpdateYettoJobTest < ActiveJob::TestCase
+  include Webmocks::Yetto
+
+  def setup
+    super
+
+    @update_installation_body = {
+      plug_installation: {
+        credentials: {},
+        settings: {},
+      },
+    }
+
+    @installation_params = {
+      type: "installation",
+      inbox: {
+        id: @inbox_id,
+      },
+      organization: {
+        id: @organization_id,
+      },
+    }
+
+    @installation_params[:plug_installation] = @update_installation_body[:plug_installation].dup
+    @installation_params[:plug_installation][:id] = @plug_installation_id
+  end
+
+  test "does nothing if type is not supported" do
+    params = {
+      type: "not_supported",
+    }
+    assert_no_enqueued_jobs do
+      UpdateYettoJob.perform_now(params)
+    end
+  end
+end