hephaestus 0.8.11 → 0.8.12

data/templates/Gemfile.erb

@@ -1,120 +0,0 @@
-# frozen_string_literal: true
-
-source "https://rubygems.org"
-git_source(:github) { |repo| "https://github.com/#{repo}.git" }
-
-ruby File.read(".ruby-version").strip
-
-# Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main"
-gem "rails", "~> 7.0"
-
-# Use the Puma web server [https://github.com/puma/puma]
-gem "puma", "~> 6.3"
-
-# for making kick-ass http queries
-gem "httpsensible", "~> 0.1"
-
-# Build JSON APIs with ease [https://github.com/rails/jbuilder]
-gem "jbuilder", "~> 2.11"
-
-# Use Redis adapter to run Action Cable in production
-gem "redis", "~> 5.0"
-
-# Use hiredis to get better performance than the "redis" gem
-gem "hiredis", "~> 0.6"
-
-# better loggin'
-gem "lograge", "~> 0.12"
-
-# provides middleware to make OpenAPI parsing simpler
-gem "openapi_first", "~> 1.0"
-
-# For Honeycomb.io
-gem "opentelemetry-sdk", "~> 1.2"
-gem "opentelemetry-exporter-otlp", "~> 0.25"
-gem "opentelemetry-semantic_conventions", "~> 1.10"
-
-gem "opentelemetry-instrumentation-rack", "~> 0.23"
-gem "opentelemetry-instrumentation-rails", "~> 0.27"
-gem "opentelemetry-instrumentation-concurrent_ruby", "~> 0.21"
-
-gem "opentelemetry-instrumentation-net_http", "~> 0.22"
-
-gem "opentelemetry-instrumentation-active_job", "~> 0.5"
-gem "opentelemetry-instrumentation-redis", "~> 0.25"
-gem "opentelemetry-instrumentation-sidekiq", "~> 0.23"
-
-# massively improved JSON parsing
-gem "oj", "~> 3.16"
-
-# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
-gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw, :jruby]
-
-# Reduces boot times through caching; required in config/boot.rb
-gem "bootsnap", require: false
-
-gem "safety_dance", "~> 1.0"
-
-# Use Sidekiq for the jobs queue
-gem "sidekiq", "~> 7.1"
-
-# sends logs to Slack
-gem "slack_webhook_logger", "~> 0.5"
-
-group :development, :test do
-  # better debug output with `ap`
-  gem "amazing_print"
-
-  # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
-  gem "debug", platforms: [:mri, :mingw, :x64_mingw], require: false
-
-  gem "faker", "~> 3.0"
-  gem "rubocop", require: false
-  gem "rubocop-standard", require: false
-end
-
-group :development do
-  gem "dotenv-rails"
-
-  gem "foreman", "~> 0.87"
-
-  gem "licensed", "~> 4.4"
-
-  gem "ruby-lsp", "~> 0.6", require: false
-
-  gem "spoom"
-  gem "sorbet"
-  gem "tapioca", require: false
-  gem "webrick"
-end
-gem "sorbet-runtime"
-
-group :test do
-  gem "simplecov", "~> 0.18", require: false
-  gem "simplecov-console", "~> 0.7", require: false
-
-  # track down flakey tests
-  gem "minitest-bisect"
-
-  # mocking lib
-  gem "mocha"
-
-  # allow easier middleware testing
-  gem "rack-test", "~> 2.0"
-
-  # navigate website
-  gem "selenium-webdriver"
-
-  # jump around through time
-  gem "timecop", "~> 0.9"
-
-  # prevents real http requests
-  gem "webmock", "~> 3.8"
-end
-
-group :ci do
-  gem "brakeman", "~> 6.0"
-  gem "bundle-audit", "~> 0.1"
-end
-
-gem "hephaestus", group: [:development, :test]

data/templates/Procfile.debug

@@ -1,2 +0,0 @@
-web: rdbg -n -O -c -- bin/rails server -p 6661
-worker: bundle exec sidekiq -c 2

data/templates/Procfile.dev

@@ -1,2 +0,0 @@
-web: bin/rails server -p 6661
-worker: bundle exec sidekiq -c 2

data/templates/app/controllers/app_controller.rb

@@ -1,72 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-
-class AppController < ApplicationController
-  include Authable
-
-  include Constants::PlugApp
-  include PathParameter::AppParameters
-  include BodyParameter::AppParameters
-
-  before_action :from_app?
-
-  # Inbound message from ${App}
-  def webhook
-    # Error if necessary parameters from ${App} are missing
-    return bad_request unless has_inbound_app_params?
-
-    response = YettoService.get_plug_installation(pparam_organization_id, pparam_inbox_id, pparam_plug_installation_id)
-
-    # Error if Yetto is down
-    return service_unavailable(response) if response.unavailable?
-
-    plug_installation = response.parse_json_body
-    installed_on_inbox = plug_installation.fetch("installed_on_inbox", {})
-
-    organization = installed_on_inbox.fetch("organization", {})
-
-    # Bail if the organization is not active
-    return forbidden unless organization.fetch("status", "") == "active"
-
-    plug_id = plug_installation.fetch("plug", {}).fetch("id", "")
-    inbox_id = installed_on_inbox.fetch("id", "")
-    organization_id = organization.fetch("id", "")
-
-    return bad_request if plug_id.blank? || inbox_id.blank?
-
-    # Send the message to Yetto
-    update_data = {
-      type: "create_message",
-      inbox: { id: inbox_id },
-      organization: { id: organization_id },
-      payload: {
-        creator: {
-          id: plug_id,
-        },
-        message: {
-          title: title,
-          text_content: text_body,
-          is_public: true,
-          author: {
-            version: "2023-03-06",
-            name: from_email,
-          },
-          attachments: bparam_attachments,
-          metadata: {
-            cc_addresses: cc_addresses,
-            postmark_message_id: bparam_message_id,
-            email_message_id: email_message_id,
-          },
-        },
-      },
-    }
-
-    UpdateYettoJob.perform_later(update_data)
-
-    created
-  end
-
-  def process_inbound
-    no_content
-  end
-end

data/templates/app/controllers/concerns/authable.rb

@@ -1,50 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-
-module Authable
-  extend T::Sig
-
-  include ActionDispatch::Http::Cache::Response
-
-  include ActionController::Helpers::ClassMethods
-  include ActionController::HttpAuthentication::Basic::ControllerMethods
-  include BodyParameter::YettoParameters
-
-  SHA256_DIGEST = OpenSSL::Digest.new("sha256")
-
-  sig { void }
-  def from__app_?
-    state = params.fetch(:state, "")
-    _, _, gh_nonce, _, _, _, _ = parse_state(state)
-
-    return false if ActiveSupport::SecurityUtils.secure_compare((gh_nonce || ""), PLUG_APP_NONCE)
-
-    self.status = PlugApp::HTTP::BAD_REQUEST_I
-    self.response_body = ::ErrorSerializer.format(PlugApp::HTTP::BAD_REQUEST)
-
-    return true if response.status == 200
-
-    # status is annoyingly set to 401, but we want
-    # to hide that an issue exists
-    self.status = PlugApp::HTTP::BAD_REQUEST_I
-    self.response_body = ::ErrorSerializer.format(PlugApp::HTTP::BAD_REQUEST)
-  end
-
-  sig { void }
-  def from_yetto?
-    return bad_request if request.headers.blank?
-
-    yetto_signature = request.headers.fetch(Headers::Yetto::HEADER_SIGNATURE, "")
-
-    return bad_request unless yetto_signature.start_with?("sha256=")
-
-    hmac_header = yetto_signature.split("sha256=").last
-    body = request.env.fetch("RAW_POST_DATA", "")
-
-    calculated_hmac = OpenSSL::HMAC.hexdigest(SHA256_DIGEST, SIGNING_SECRET, body)
-
-    return true if ActiveSupport::SecurityUtils.secure_compare(calculated_hmac, hmac_header)
-
-    bad_request
-  end
-end

data/templates/app/controllers/staff_controller.rb

@@ -1,15 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-
-class StaffController < ApplicationController
-  extend T::Sig
-
-  class << self
-    extend T::Sig
-
-    sig { params(request: ActionDispatch::Request).returns(T::Boolean) }
-    def staff_request?(request)
-      false
-    end
-  end
-end

data/templates/app/jobs/update_yetto_job.rb

@@ -1,26 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-
-# Send updated data to Yetto to store in the database
-# This can be used to update installation data or message data
-
-class UpdateYettoJob < ApplicationJob
-  queue_as :update_yetto
-
-  def perform(params)
-    type = params.delete(:type)
-
-    params.fetch(:inbox, {}).fetch(:id, nil)
-    plug_installation_id = params.fetch(:plug_installation, {}).fetch(:id, nil)
-    message_id = params.fetch(:message, {}).fetch(:id, nil)
-
-    case type
-    when "update_plug_installation"
-      YettoService.update_plug_installation(plug_installation_id, params)
-    when "create_message_reply"
-      YettoService.create_message_reply(message_id, plug_installation_id, params)
-    when "add_message_metadata"
-      YettoService.update_message(message_id, plug_installation_id, params)
-    end
-  end
-end

data/templates/app/lib/headers/yetto.rb

@@ -1,19 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-
-module Headers
-  module Yetto
-    YETTO_DELIVERY_ID = "HTTP_X_YETTO_DELIVERY_ID"
-
-    HEADER_EVENT = "HTTP_X_YETTO_EVENT"
-    EVENT_AFTER_CREATE = "created"
-    EVENT_AFTER_UPDATE = "updated"
-    EVENT_AFTER_DESTROY = "destroyed"
-
-    HEADER_RECORD_TYPE = "HTTP_X_YETTO_RECORD_TYPE"
-    RECORD_TYPE_PLUG_INSTALLATION = "plug_installation"
-    RECORD_TYPE_MESSAGE = "message"
-
-    HEADER_SIGNATURE = "HTTP_X_YETTO_SIGNATURE"
-  end
-end

data/templates/app/lib/headers.rb

@@ -1,5 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-
-module Headers
-end

data/templates/app/lib/path_parameter/settings_parameters.rb

@@ -1,22 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-
-module PathParameter
-  module SettingsParameters
-    extend T::Sig
-
-    sig { returns(String) }
-    def pparam_plug_installation_id
-      yetto_path_params.fetch(:event, "")
-    end
-
-    sig { returns(T::Hash[Symbol, T.untyped]) }
-    def settings_path_params
-      return {} if params.blank?
-
-      {
-        plug_installation_id: params.fetch(:plug_installation_id, ""),
-      }
-    end
-  end
-end

data/templates/app/lib/path_parameter/yetto_parameters.rb

@@ -1,28 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-
-module PathParameter
-  module YettoParameters
-    extend T::Sig
-
-    sig { returns(String) }
-    def pparam_yetto_event
-      yetto_path_params.fetch(:event, "")
-    end
-
-    sig { returns(String) }
-    def pparam_yetto_record_type
-      yetto_path_params.fetch(:record_type, "")
-    end
-
-    sig { returns(T::Hash[String, String]) }
-    def yetto_path_params
-      return {} if path_parameters.blank?
-
-      {
-        event: path_parameters.fetch(:event, ""),
-        record_type: path_parameters.fetch(:record_type, ""),
-      }
-    end
-  end
-end

data/templates/app/lib/path_parameter.rb

@@ -1,8 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-
-module PathParameter
-  extend T::Sig
-
-  delegate :path_parameters, to: :request
-end

data/templates/app/lib/plug_app/http.rb

@@ -1,37 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-
-module PlugApp
-  module HTTP
-    extend T::Sig
-
-    OK = "OK"
-    OK_I = 200
-
-    CREATED = "Created"
-    CREATED_I = 201
-    NO_CONTENT = "No Content"
-    NO_CONTENT_I = 204
-
-    FOUND = "Found"
-    FOUND_I = 302
-
-    NOT_FOUND = "Not Found"
-    NOT_FOUND_I = 404
-    BAD_REQUEST = "Bad Request"
-    BAD_REQUEST_I = 400
-    UNAUTHORIZED = "Unauthorized"
-    UNAUTHORIZED_I = 401
-    FORBIDDEN = "Forbidden"
-    FORBIDDEN_I = 403
-    NOT_ACCEPTABLE = "Not Acceptable"
-    NOT_ACCEPTABLE_I = 406
-    SERVICE_UNAVAILABLE = "Service Unavailable"
-    SERVICE_UNAVAILABLE_I = 503
-
-    sig { params(status: Integer).returns(T::Boolean) }
-    def status_ok?(status)
-      status == OK_I
-    end
-  end
-end

data/templates/app/lib/plug_app/middleware/malformed_request.rb

@@ -1,110 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-
-module PlugApp
-  module Middleware
-    # There is no valid reason for a request to contain a malformed string
-    # so just return HTTP 400 (Bad Request) if we receive one
-    class MalformedRequest
-      extend T::Sig
-
-      include ActionController::HttpAuthentication::Basic
-
-      NULL_BYTE_REGEX = T.let(Regexp.new(Regexp.escape("\u0000")).freeze, Regexp)
-
-      sig { returns(T.untyped) }
-      attr_reader :app
-
-      sig { params(app: T.untyped).void }
-      def initialize(app)
-        @app = T.let(app, T.untyped)
-      end
-
-      sig { params(env: T.untyped).returns(T.untyped) }
-      def call(env)
-        return [PlugApp::HTTP::BAD_REQUEST_I, { "Content-Type" => "text/plain" }, [PlugApp::HTTP::BAD_REQUEST]] if request_contains_malformed_string?(env)
-
-        app.call(env)
-      end
-
-      private
-
-      sig { params(env: T.untyped).returns(T::Boolean) }
-      def request_contains_malformed_string?(env)
-        # Duplicate the env, so it is not modified when accessing the parameters
-        # https://github.com/rails/rails/blob/34991a6ae2fc68347c01ea7382fa89004159e019/actionpack/lib/action_dispatch/http/parameters.rb#L59
-        request = ActionDispatch::Request.new(env.dup)
-
-        return true if malformed_path?(request.path)
-        return true if credentials_malformed?(request)
-
-        request.params.values.any? do |value|
-          param_has_null_byte?(value)
-        end
-      rescue ActionController::BadRequest
-        # If we can't build an ActionDispatch::Request something's wrong
-        # This would also happen if `#params` contains invalid UTF-8
-        # in this case we'll return a 400
-        true
-      end
-
-      sig { params(path: String).returns(T::Boolean) }
-      def malformed_path?(path)
-        string_malformed?(Rack::Utils.unescape(path))
-      rescue ArgumentError
-        # Rack::Utils.unescape raised this, path is malformed.
-        true
-      end
-
-      sig { params(request: T.untyped).returns(T::Boolean) }
-      def credentials_malformed?(request)
-        credentials = if has_basic_credentials?(request)
-          decode_credentials(request).presence
-        else
-          request.authorization.presence
-        end
-
-        return false unless credentials
-
-        string_malformed?(credentials)
-      end
-
-      sig { params(value: T.untyped, depth: Integer).returns(T::Boolean) }
-      def param_has_null_byte?(value, depth = 0)
-        # Guard against possible attack sending large amounts of nested params
-        # Should be safe as deeply nested params are highly uncommon.
-        return false if depth > 2
-
-        depth += 1
-
-        if value.respond_to?(:match)
-          string_malformed?(value)
-        elsif value.respond_to?(:values)
-          value.values.any? do |hash_value|
-            param_has_null_byte?(hash_value, depth)
-          end
-        elsif value.is_a?(Array)
-          value.any? do |array_value|
-            param_has_null_byte?(array_value, depth)
-          end
-        else
-          false
-        end
-      end
-
-      sig { params(string: String).returns(T::Boolean) }
-      def string_malformed?(string)
-        # We're using match instead of include because that raises an ArgumentError
-        # when the string contains invalid UTF-8
-        #
-        # We try to encode the string from ASCII-8BIT to UTF8. If we failed to do
-        # so for certain characters in the string, those chars are probably incomplete
-        # multibyte characters.
-        string.dup.force_encoding(Encoding::UTF_8).match?(NULL_BYTE_REGEX)
-      rescue ArgumentError, Encoding::UndefinedConversionError
-        # If we're here, we caught a malformed string. Return true
-        true
-      end
-    end
-  end
-end

data/templates/app/lib/plug_app/middleware/openapi_validation.rb

@@ -1,83 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-
-require "openapi_first"
-
-module PlugApp
-  module Middleware
-    class OpenapiValidation
-      API_PATH_PREFIX = "/api/"
-      SPEC_PATH = Rails.root.join("lib/plug_app/schemas/api/2023-03-06/openapi.json")
-      SPEC = OpenapiFirst.load(SPEC_PATH)
-
-      def initialize(app)
-        @app = app
-      end
-
-      def call(env)
-        request = Rack::Request.new(env)
-
-        return @app.call(env) unless request.path.starts_with?(API_PATH_PREFIX) && request.path.exclude?("/settings")
-
-        begin
-          # force content-type to JSON
-          env["CONTENT_TYPE"] = "application/json" if env["CONTENT_TYPE"] != "application/json"
-
-          validated_request = SPEC.validate_request(request)
-
-          return @app.call(env) if validated_request.valid?
-
-          case validated_request.error
-          when OpenapiFirst::Schema::ValidationError
-            error_arr = format_arr(validated_request.error.errors.map(&:message))
-            Rails.logger.error(error_arr) if print_user_api_errors?
-            [PlugApp::HTTP::BAD_REQUEST_I, { "Content-Type" => "application/json" }, [error_arr]]
-          else
-            case validated_request.error.type
-            when :not_found
-              [PlugApp::HTTP::NOT_FOUND_I, { "Content-Type" => "application/json" }, [format_str("Not Found")]]
-            else
-              error_message = if validated_request.error.errors.present?
-                format_arr(validated_request.error.errors.map(&:message))
-              else
-                format_str(validated_request.error.message)
-              end
-
-              Rails.logger.error(error_message) if print_user_api_errors?
-              [PlugApp::HTTP::BAD_REQUEST_I, { "Content-Type" => "application/json" }, [error_message]]
-            end
-          end
-        rescue StandardError => e
-          raise e unless Rails.env.production?
-
-          logger.error(
-            "openapi.request_validation.error",
-            path: request.path,
-            method: request.env["REQUEST_METHOD"],
-            error_message: e.message,
-          )
-        end
-      end
-
-      private def format_str(error)
-        {
-          errors: [
-            {
-              message: error,
-            },
-          ],
-        }.to_json
-      end
-
-      private def format_arr(errors)
-        {
-          errors: errors.each_with_object([]) do |error, arr|
-            arr << {
-              message: error,
-            }
-          end,
-        }.to_json
-      end
-    end
-  end
-end

data/templates/app/lib/plug_app/middleware/tracing_attributes.rb

@@ -1,46 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-
-require "openapi_first"
-require "active_support/parameter_filter"
-
-module PlugApp
-  module Middleware
-    class TracingAttributes
-      extend T::Sig
-
-      sig { returns(T.untyped) }
-      attr_reader :app
-
-      HTTP_REQUEST_BODY = "http.request.body"
-      PLUG_APP_PATH_PREFIX = "/app/"
-      RACK_REQUEST_BODY = "rack.input"
-
-      sig { params(app: T.untyped).void }
-      def initialize(app)
-        @app = T.let(app, T.untyped)
-        @filterer = ActiveSupport::ParameterFilter.new(Rails.application.config.filter_parameters)
-      end
-
-      sig { params(env: T.untyped).returns(T.untyped) }
-      def call(env)
-        OpenTelemetry::Trace.current_span.add_attributes({
-          OpenTelemetry::VERSION => PlugApp::Application::GIT_SHA,
-          OpenTelemetry::SemanticConventions::Trace::HTTP_REQUEST_CONTENT_LENGTH => env["CONTENT_LENGTH"].to_i,
-          HTTP_REQUEST_BODY => filtered_params(env),
-        })
-
-        app.call(env)
-      end
-
-      def filtered_params(env)
-        body = env[RACK_REQUEST_BODY]&.read
-        return "{}" if body.blank? || body == "{}"
-
-        @filterer.filter(JSON.parse(body)).to_json
-      ensure
-        env[RACK_REQUEST_BODY]&.try(:rewind)
-      end
-    end
-  end
-end

data/templates/app/lib/query_parameter.rb

@@ -1,6 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-
-module QueryParameter
-  extend T::Sig
-end

data/templates/app/serializers/error_serializer.rb

@@ -1,16 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-
-class ErrorSerializer
-  class << self
-    def format(message)
-      {
-        errors: [
-          {
-            message: message,
-          },
-        ],
-      }.to_json
-    end
-  end
-end