hippo-fw 0.9.1 → 0.9.2

data/lib/hippo.rb

@@ -1,5 +1,6 @@
 require 'active_record'
 require 'pathname'
+require 'require_all'
 
 module Hippo
     ROOT_PATH = Pathname.new(__FILE__).dirname.join('..')
@@ -19,6 +20,7 @@ require_relative "hippo/numbers"
 require_relative "hippo/concerns/all"
 require_relative "hippo/validators/all"
 require_relative "hippo/model"
+require_relative 'hippo/tenant'
 require_relative "hippo/system_settings"
 require_relative "hippo/asset"
 require_relative "hippo/extension"
@@ -26,9 +28,13 @@ require_relative "hippo/screen"
 require_relative "hippo/job"
 require_relative "hippo/job/failure_logger"
 require_relative "hippo/templates/base"
-require_relative "hippo/templates/latex"
 require_relative "hippo/templates/liquid"
+require_relative "hippo/templates/latex"
+require_relative "hippo/templates/mail"
+require_rel      'hippo/templates/*.rb'
+
 require_relative "hippo/mailer"
 require_relative 'hippo/user'
 require_relative "hippo/access"
 require_relative "hippo/workspace"
+require_relative "hippo/webpack"

data/lib/hippo/access.rb

@@ -42,7 +42,6 @@ module Hippo
 
 end
 
-require_relative 'access/authentication_provider'
 require_relative 'access/locked_fields'
 require_relative 'access/role'
 require_relative 'access/role_collection'

data/lib/hippo/access/roles/basic_user.rb

@@ -5,6 +5,8 @@ module Hippo
 
             class BasicUser < Role
 
+                self.read << Hippo::Tenant
+
             end
 
         end

data/lib/hippo/api.rb

@@ -9,9 +9,10 @@ require_relative 'api/cable'
 require_relative 'api/sprockets_extension'
 require_relative 'api/helper_methods'
 require_relative 'api/pub_sub'
-require_relative 'api/handlers/user_session'
-require_relative 'api/handlers/asset'
-require_relative 'api/handlers/print'
+require_rel      'api/handlers/*.rb'
+require_relative 'api/route_set'
+require_relative "api/authentication_provider"
+require_relative 'api/tenant_domain_router'
 require_relative 'api/root'
 
 module Hippo

data/lib/hippo/{access → api}/authentication_provider.rb

@@ -3,7 +3,7 @@ module Hippo
         class AuthenticationProvider
 
             def self.user_for_request(request)
-                token = request.params['jwt']
+                token = request.env['HTTP_AUTHORIZATION']
                 token ? User.for_jwt_token(token) : nil
             end
 
@@ -32,6 +32,7 @@ module Hippo
             end
 
             def allowed_access_to?(klass, options = {})
+
                 return true if options[:public] == true and current_user.nil?
                 return false if current_user.nil?
                 case request.request_method
@@ -57,6 +58,7 @@ module Hippo
             end
 
             def wrap_model_access(model, req, options = {})
+                fail_request(req) and return unless Tenant.current
                 if allowed_access_to?(model, options)
                     ::Hippo::User.scoped_to(current_user) do | user |
                         yield

data/lib/hippo/api/controller_base.rb

@@ -61,7 +61,7 @@ module Hippo
             end
 
             def perform_multiple_destroy
-                query = model.where(id: data.map{|rec|rec['id']})
+                query = model.where(id: data.map { |rec| rec['id'] })
                 query = add_access_limits_to_query(query)
                 success = true
                 query.each do |record|
@@ -74,7 +74,7 @@ module Hippo
             end
 
             def perform_multiple_updates
-                query = model.where(id: data.map {|rec|rec['id'] })
+                query = model.where(id: data.map { |rec| rec['id'] })
                 query = add_access_limits_to_query(query)
                 success = true
                 query.each do |record|

data/lib/hippo/api/handlers/asset.rb

@@ -28,11 +28,37 @@ module Hippo::API::Handlers
             end
         end
 
-        def self.getter
+        def self.file_getter
             root = Hippo::Extensions.controlling.root_path.join('public', 'files')
             lambda do
-                send_file(root.join( params['splat'].first ).to_s)
+                send_file(root.join(params['splat'].first).to_s)
             end
         end
+
+        def self.asset_getter
+            root = Hippo::Extensions.controlling.root_path.join('public', 'assets')
+            webpack = Hippo::API::Root.webpack
+            if Hippo.env.production?
+                lambda do
+                    file = webpack.file(params['asset'].to_sym, raise_on_not_found: false)
+                    if file
+                        redirect "/assets/#{file}"
+                    else
+                        halt 404
+                    end
+                end
+            else
+                lambda do
+                    webpack.wait_until_available
+                    file = webpack.file(params['asset'].to_sym, raise_on_not_found: false)
+                    if file
+                        redirect "http://#{env['SERVER_NAME']}:#{webpack.process.port}/assets/#{file}"
+                    else
+                        halt 404
+                    end
+                end
+            end
+        end
+
     end
 end

data/lib/hippo/api/handlers/tenant.rb

@@ -0,0 +1,26 @@
+module Hippo::API::Handlers
+
+    class Tenant < Hippo::API::ControllerBase
+        PUBLIC_ATTRS = %w{slug name}
+
+        def show
+            std_api_reply(:retrieve, Hippo::Tenant.current, only: PUBLIC_ATTRS)
+        end
+
+        # isn't really a create, but FE will think it's creating because we don't expose the id
+        def create
+            tenant = Hippo::Tenant.current
+            tenant.assign_attributes(data.slice(*PUBLIC_ATTRS))
+            success = tenant.save
+            if success
+                Hippo::Tenant.system.perform do
+                    Hippo::Templates::TenantChange.create(tenant).deliver
+                end
+            end
+            std_api_reply(:update, tenant,
+                          only: PUBLIC_ATTRS,
+                          success: success)
+        end
+    end
+
+end

data/lib/hippo/api/helper_methods.rb

@@ -5,19 +5,11 @@ module Hippo
                 Extensions.controlling.title
             end
 
-            def hippo_javascript_tags
-                []
-                # assets = API.webpack.assets.map do | k |
-                #     "<script src=\"http://localhost:#{API.webpack.port}/#{k}\"></script>"
-                # end
-                # assets.join("\n")
-
-                # "<script src=\"http://localhost:#{API.webpack.port}/hippo.js\"></script>"
-                # javascript_tag('hippo/vendor') + "\n" + javascript_tag('hippo')
-            end
-
-            def hippo_stylesheet_tags
-                # stylesheet_tag('hippo')
+            def javascript_tags(*entries)
+                Root.webpack.wait_until_available
+                entries.map { |entry|
+                    "<script src=\"#{Root.webpack.host}/assets/#{Root.webpack.file(entry)}\"></script>"
+                }.join("\n")
             end
 
             def client_bootstrap_data(mergedWith: {})

data/lib/hippo/api/request_wrapper.rb

@@ -72,7 +72,14 @@ module Hippo
             #
             # @param [options] options for additional checks
             # @option opts [Boolean] :with_transaction rollback DB transaction if exceptions occur
-            def wrap_reply(options = {with_transaction: true})
+            # @option opts [Boolean] :require_tenant return error if tenant is not found
+            def wrap_reply(options = { with_transaction: true, require_tenant: true })
+                if options[:require_tenant] && Hippo::Tenant.current.nil?
+                    return json_reply(
+                               { success: false, message: "invalid address",
+                                 errors: { address: 'invalid' } }
+                           )
+                end
                 response = { success: false, message: "No response was generated" }
                 log_request
                 if options[:with_transaction]

data/lib/hippo/api/root.rb

@@ -3,68 +3,67 @@ require 'oj'
 require 'rack/protection'
 require 'rack/cors'
 
-require_relative "../access/authentication_provider"
+module Hippo::API
+    class Root < Sinatra::Application
+        CORS_PATHS = {}
 
-module Hippo
-    module API
-        class Root < Sinatra::Application
-            CORS_PATHS = {}
-
-            Hippo.config.get(:environment) do | env |
-                set :environment, env
-            end
-            helpers RequestWrapper
-            helpers HelperMethods
-            helpers FormattedReply
-
-            use Rack::Session::Cookie,
-                :key => 'rack.session',
-                :secret => Hippo.config.session_secret_key_base
-            not_found do
-                Oj.dump({ message: "endpoint not found", success: false  })
-            end
-            error ActiveRecord::RecordNotFound do
-                halt 404, error_as_json
-            end
-            error do
-                error_as_json
-            end
+        Hippo.config.get(:environment) do | env |
+            set :environment, env
+        end
+        helpers RequestWrapper
+        helpers HelperMethods
+        helpers FormattedReply
+        use TenantDomainRouter
+        use Rack::Session::Cookie,
+            :key => 'rack.session',
+            :secret => Hippo.config.session_secret_key_base
+        not_found do
+            Oj.dump({ message: "endpoint not found", success: false  })
+        end
 
-            configure do
-                set :show_exceptions, false
-                require_relative 'routing'
-                Hippo::Configuration.apply
-                Extensions.load_controlling_config
+        error ActiveRecord::RecordNotFound do
+            halt 404, error_as_json
+        end
 
-                set :views, Extensions.controlling.root_path.join('views')
+        error do
+            error_as_json
+        end
 
-                require_relative './default_routes'
-                API::Cable.configure
-            end
+        configure do
+            set :show_exceptions, false
+            Hippo::Configuration.apply
+            Hippo::Extensions.load_controlling_config
+            set :views, Hippo::Extensions.controlling.root_path.join('views')
+            set :webpack, Hippo::Webpack.new
+            webpack.start
+            require_relative './routing'
+            Cable.configure
+            cors_resources = []
+            if CORS_PATHS.any?
+                use Rack::Cors,
+                    debug: !Hippo.env.production?,
+                    logger: Hippo.logger do
 
-            configure do
-                cors_resources = []
-                if API::Root::CORS_PATHS.any?
-                    use Rack::Cors, debug: !Hippo.env.production?, logger: Hippo.logger do
-                        API::Root::CORS_PATHS.each do | path, options |
-                            allow do
-                                cors_resources.push  Rack::Cors::Resource.new('', path)
-                                origins options[:origins]
-                                resource path,
-                                         :methods => options[:methods].map(&:to_sym) + [:options],
-                                         :headers => :any
-                            end
+                    CORS_PATHS.each do | path, options |
+                        allow do
+                            cors_resources.push  Rack::Cors::Resource.new('', path)
+                            origins options[:origins]
+                            resource path,
+                                     :methods => options[:methods].map(&:to_sym) + [:options],
+                                     :headers => :any
                         end
-
                     end
 
                 end
-                # use Rack::Protection, allow_if: -> (env) {
-                #     path = env['PATH_INFO']
-                #     cors_resources.any?{|r| r.matches_path?(path) }
-                # }
 
             end
+
+            use Rack::Protection, allow_if: -> (env) {
+                path = env['PATH_INFO']
+                cors_resources.any?{|r| r.matches_path?(path) }
+            }
         end
+
     end
+
 end

data/lib/hippo/api/route_set.rb

@@ -0,0 +1,101 @@
+module Hippo
+    module API
+
+        class RoutingBlock
+            def initialize(ext_id)
+                Hippo::Extensions.for_identifier(ext_id) ||
+                    raise( "Unable to find extension '#{ext_id}' for screen group")
+                @ext_id = ext_id
+            end
+
+            [:get, :post, :put, :patch, :delete].each do | method_name |
+                define_method(method_name) do | path_suffix, options = {}, &block |
+                    API::Root.send(method_name, make_path(path_suffix), options, &block)
+                end
+            end
+
+            def enable_cors(path_suffix, options = {origins: '*', methods: [:get]})
+                API::Root::CORS_PATHS[make_path(path_suffix)] = options
+            end
+
+            def resources(model, options = {})
+                path = options[:path] || model.api_path
+                controller = options[:controller] || Hippo::API::GenericController
+                format = options[:format] || '.json'
+                if options[:under]
+                    options[:parent_attribute] = options[:under].underscore.singularize+'_id'
+                end
+
+                prefix = options[:parent_attribute] ? options[:parent_attribute] + '/' : ''
+
+                valid_methods = []
+
+                bind = lambda{ |method, route, wrapper_method = method|
+                    valid_methods.push(method)
+                    self.send(method, route + format,
+                              &RequestWrapper.send(wrapper_method, model, controller, options))
+                }
+
+                # show
+                if controller.method_defined?(:show)
+                    bind[:get, "#{prefix}#{path}/?:id?"]
+                end
+
+                # create
+                if controller.method_defined?(:create)
+                    bind[:post, "#{prefix}#{path}"]
+                end
+
+                unless options[:immutable]
+
+                    # update
+                    if controller.method_defined?(:update)
+                        bind[:patch, "#{prefix}#{path}/?:id?", :update]
+                        bind[:put,   "#{prefix}#{path}/?:id?", :update]
+                    end
+
+                    # destroy
+                    if controller.method_defined?(:destroy) and not options[:indestructible]
+                        bind[:delete, "#{prefix}#{path}/?:id?"]
+                    end
+
+                end
+
+                if options[:cors] && valid_methods.any?
+                    cors = options[:cors].is_a?(Hash) ? otions[:cors] : {origins: options[:cors]}
+                    enable_cors "#{prefix}#{path}/?:id?#{format}",
+                                cors.merge(methods: valid_methods)
+                end
+
+            end
+
+            private
+
+            def make_path(path)
+                path = Hippo.config.api_path + '/' + @ext_id + '/' + path
+                Hippo.logger.debug("[route]: #{path}")
+                path
+            end
+        end
+
+        class RouteSet
+            def initialize(root)
+                @root = root
+            end
+
+            def draw(&block)
+                @root.instance_eval(&block)
+            end
+
+            def for_extension(ext_id, &block)
+                routes = RoutingBlock.new(ext_id)
+                routes.instance_eval(&block)
+            end
+        end
+
+        def self.routes(&block)
+            @routes ||= RouteSet.new(API::Root)
+        end
+
+    end
+end

data/lib/hippo/api/routing.rb

@@ -1,110 +1,21 @@
 module Hippo
     module API
 
-        def self.set_root_view(view)
-            API::Root.get Hippo.config.mounted_at + '?*' do
-                if request.accept? 'text/html'
-                    erb :hippo_root_view
-                else
-                    pass
-                end
-            end
-        end
-
-        class RoutingBlock
-            def initialize(ext_id)
-                Hippo::Extensions.for_identifier(ext_id) ||
-                    raise( "Unable to find extension '#{ext_id}' for screen group")
-                @ext_id = ext_id
-            end
-
-            [:get, :post, :put, :patch, :delete].each do | method_name |
-                define_method(method_name) do | path_suffix, options = {}, &block |
-                    API::Root.send(method_name, make_path(path_suffix), options, &block)
-                end
-            end
-
-            def enable_cors(path_suffix, options = {origins: '*', methods: [:get]})
-                API::Root::CORS_PATHS[make_path(path_suffix)] = options
-            end
-
-            def resources(model, options = {})
-                path = options[:path] || model.api_path
-                controller = options[:controller] || Hippo::API::GenericController
-                format = options[:format] || '.json'
-                if options[:under]
-                    options[:parent_attribute] = options[:under].underscore.singularize+'_id'
-                end
-
-                prefix = options[:parent_attribute] ? options[:parent_attribute] + '/' : ''
-
-                valid_methods = []
-
-                bind = lambda{ |method, route, wrapper_method = method|
-                    valid_methods.push(method)
-                    self.send(method, route + format,
-                              &RequestWrapper.send(wrapper_method, model, controller, options))
-                }
-
-                # show
-                if controller.method_defined?(:show)
-                    bind[:get, "#{prefix}#{path}/?:id?"]
-                end
+        module Routing
+            mattr_accessor :root_view_route
 
-                # create
-                if controller.method_defined?(:create)
-                    bind[:post, "#{prefix}#{path}"]
+            API.routes.draw do
+                # WS endpoint must come first
+                get Hippo.config.api_path + '/ws' do
+                    API::Cable.handle_request(request)
                 end
 
-                unless options[:immutable]
-
-                    # update
-                    if controller.method_defined?(:update)
-                        bind[:patch, "#{prefix}#{path}/?:id?", :update]
-                        bind[:put,   "#{prefix}#{path}/?:id?", :update]
-                    end
-
-                    # destroy
-                    if controller.method_defined?(:destroy) and not options[:indestructible]
-                        bind[:delete, "#{prefix}#{path}/?:id?"]
-                    end
-
-                end
-
-                if options[:cors] && valid_methods.any?
-                    cors = options[:cors].is_a?(Hash) ? otions[:cors] : {origins: options[:cors]}
-                    enable_cors "#{prefix}#{path}/?:id?#{format}",
-                                cors.merge(methods: valid_methods)
+                Extensions.each(reversed: true) do | ext |
+                    ext.route(self)
                 end
-
-            end
-
-            private
-
-            def make_path(path)
-                path = Hippo.config.api_path + '/' + @ext_id + '/' + path
-                Hippo.logger.debug("[route]: #{path}")
-                path
             end
-        end
-
-        class RouteSet
-            def initialize(root)
-                @root = root
-            end
-
-            def draw(&block)
-                @root.instance_eval(&block)
-            end
-
-            def for_extension(ext_id, &block)
-                routes = RoutingBlock.new(ext_id)
-                routes.instance_eval(&block)
-            end
-        end
 
-        def self.routes(&block)
-            @routes ||= RouteSet.new(API::Root)
+            root_view_route.call if root_view_route
         end
 
     end