jungle_path 0.0.0

data/lib/jungle_path/app/api/server_custom.rb

@@ -0,0 +1,121 @@
+#require 'pry-byebug'
+require 'time'
+require 'date'
+require 'pp'
+
+require_relative '../config/base_config'
+require_relative '../../lib/query'
+require_relative '../../lib/controller'
+require_relative '../../lib/key_helpers'
+require_relative '../../lib/gen_node_tree'
+#require_relative 'pubnub_rs'
+require_relative '../db/db'
+require_relative '../schemas/schema'
+require_relative 'server_base'
+require_relative '../utils/utils'
+require_relative '../controllers/controller'
+require_relative '../services/email'
+
+module Server
+  class API < Server::BaseAPI
+    get '/' do
+      # default page:
+      #if request.env['X_MOBILE_DEVICE']
+      #  #{}"<html><head></head><body>This is mobile!</body></html>"
+      #  send_file File.join(settings.public_folder, 'index_mobile.html')
+      #else
+        #send_file File.join(settings.public_folder, 'src/pages/app/app.html')
+        #"you are here"
+        send_file File.join(settings.public_folder, 'index.html')
+      #end
+    end
+
+    get '/app' do
+      #"<html><head></head><body>zzzIs this mobile? mobile: #{request.env['X_MOBILE_DEVICE']}</body></html>"
+      #send_file File.join(settings.public_folder, 'src/pages/app/app.html')
+      send_file File.join(settings.public_folder, 'lib/pages/app/app.html')
+      #"admin #{settings.public_folder}"
+    end
+
+    get '/admin' do
+      #"<html><head></head><body>zzzIs this mobile? mobile: #{request.env['X_MOBILE_DEVICE']}</body></html>"
+      #send_file File.join(settings.public_folder, 'src/pages/app/app.html')
+      send_file File.join(settings.public_folder, 'src/pages/app/app.html')
+      #"admin #{settings.public_folder}"
+    end
+
+    get '/query' do
+      send_file File.join(settings.public_folder, 'query/query.html')
+      #file = File.join(settings.public_folder, 'query/query.html')
+      #"query #{settings.public_folder}<br>file: #{file}"
+    end
+
+    get '/query/doc' do
+      file = File.join(configatron.application.public_dir, 'query/documents/query_api_documentation.txt')
+      send_file File.join(file)
+    end
+
+    get '/query/schema_tree' do
+      #root = Gen.gen_node_tree(Schema::Base.models)
+      template_file = File.join(configatron.application.public_dir, 'query/documents/schema_tree_template.txt')
+      template = File.read(template_file)
+
+      node_tree = current_auth.schema_node_tree
+      #template_output = "#{template}\n\n#{root.to_str}"
+      template_output = "#{template}\n\n#{node_tree.to_str}"
+
+      #output_file = File.join(configatron.application.public_dir, 'query/documents/schema_tree.txt')
+      #File.write(output_file, template_output)
+      #send_file File.join(output_file)
+      template_output
+    end
+
+    get '/db/version' do
+      ds = db.base['select version from schema_info']
+      handle_result(ds.all)
+    end
+
+    get '/cachetest/:key' do
+      key = params[:key]
+      value = LocalCache[key]
+      handle_result({key: "#{key}", value: "#{value}"})
+    end
+
+    get '/cachetest/:key/:value' do
+      key = params[:key]
+      value = params[:value]
+      LocalCache[key] = value
+      handle_result({key: "#{key}", value: "#{value}"})
+    end
+
+		get '/current/identity' do
+			handle_result({identity: current_identity})
+		end
+
+    get '/current/user' do
+      handle_result({user: current_user, key: current_key, roles: current_roles, auth: {permissions: current_auth.permissions, restrictions: current_auth.restrictions, schema_filter: current_auth.schema_filter}} )
+    end
+
+    get '/current/user/auth' do
+      message = {
+        user_id: current_user.id,
+        user_name: current_user.user_name,
+        key_id: current_key.id,
+        key_name: current_key.name,
+        key_value: current_key.key,
+        roles: current_auth.roles,
+        permissions: current_auth.permissions,
+        restrictions: current_auth.restrictions,
+        schema_filter: current_auth.schema_filter
+      }
+      handle_result message
+    end
+
+    post '/debug/params' do
+      puts "/debug/params:"
+      pp params
+    end
+  end
+end
+
+require_relative 'server_gen'

data/lib/jungle_path/app/api/server_gen.rb

@@ -0,0 +1,11 @@
+#This file was generated using the ../lib/api_template.erb. Do not modify directly.
+require 'sinatra/base'
+require_relative '../db/db'
+require_relative '../schemas/schema'
+require_relative 'base_api'
+require_relative '../controllers/controller'
+
+module Server
+  class API < Server::BaseAPI
+	end
+end

data/lib/jungle_path/app/auth/authorization.rb

@@ -0,0 +1,96 @@
+require 'jungle_path/authorization/paths'
+require '../config/config'
+
+module ServerAPI
+	module Authorization
+		def set_authorization
+			before do
+				puts "verb: #{request.request_method}."
+				puts "path: #{request.path_info}."
+
+				authorized = false
+
+				authorized = JunglePath::Authorization::Path.is_open_path?(request, jungle.route_access)
+				authorized = JunglePath::Authorization::Path.is_authenticated_path?(request, jungle.route_access) unless authorized
+
+				unless authorized
+					if request.get?
+						authorized = true if current_auth.has_permission?(:root)
+						authorized = true if current_auth.has_permission?(:read)
+					end
+
+					if request.post? or request.put? or request.delete?
+						authorized = true if current_auth.has_permission?(:root) unless authorized
+						authorized = true if current_auth.has_permission?(:write) unless authorized
+						authorized = true if request.path_info == "/query" and current_auth.has_permission?(:read) unless authorized
+						authorized = true if request.path_info == "/users/#{current_user.id}" unless authorized
+						authorized = true if ServerAPI::Authorization.authorized_admin?(request, params, current_auth, db) unless authorized
+						authorized = false if current_auth.has_restriction?(:read)
+					end
+
+					authorized = false if current_auth.has_restriction?(:query_only) unless JunglePath::Authorization::Path.is_query_only_path? request, current_auth
+				end
+
+				unless authorized
+					message = "request was not allowed.\n\nrequest: #{request.request_method} #{request.path_info}\nuser_name: #{current_user.user_name}\napi key name: #{current_key.name}\napi key value: #{current_key.key}\nroles: #{current_auth.roles}\npermissions: #{current_auth.permissions}\nrestrictions: #{current_auth.restrictions}"
+					# http status code 403 Forbidden.
+					puts "request status: 403\n#{message}."
+					halt 403, message
+				end
+			end
+		end
+
+		def self.authorized_admin? request, params, current_auth, db
+			authorized = false
+			if current_auth.has_permission?(:admin)
+				# auth_admin not allowed to deal with root users/keys/roles...
+
+				authorized = true
+
+				parts = request.path_info.split('/')
+
+				allowed = {
+					'organizations' => true,
+					'user_organizations' => true,
+					'images' => true,
+					'sentiment_sets' => true,
+					'events' => true,
+					'sessions' => true,
+					'moderators' => true,
+					'foci' => true,
+					'categories' => true
+				}
+
+				if request.path_info == "/users" # post...
+					role_id = params[:role_id]
+					authorized = false if role_id and SQL::UserRole.is_root_role_by_role_id(db, role_id) # :auth_admin not allowed to add a root user_role.
+
+				elsif parts[1] == "users" # put or delete
+					user_id = parts[2].to_i
+					role_id = params[:role_id]
+					authorized = false if SQL::AuthLocalUser::UserRole.has_root_role_by_user_id(db, user_id) # :auth_admin not allowed to modify data related to a user with a role of root.
+					authorized = false if authorized and role_id and SQL::UserRole.is_root_role_by_role_id(db, role_id) # :auth_admin not allowed to add a root user_role.
+
+				elsif request.path_info == "/user_roles" # post...
+					user_id = params[:user_id]
+					role_id = params[:role_id]
+					authorized = false if SQL::AuthLocalUser::UserRole.has_root_role_by_user_id(db, user_id)
+					authorized = false if authorized and SQL::UserRole.is_root_role_by_role_id(db, role_id)
+
+				elsif parts[1] == "user_roles" # put or delete
+					user_id = parts[2].to_i
+					role_id = parts[3].to_i
+					authorized = false if SQL::AuthLocalUser::UserRole.has_root_role_by_user_id(db, user_id)
+					authorized = false if authorized and SQL::UserRole.is_root_role_by_role_id(db, role_id)
+
+				elsif allowed[parts[1]]
+					authorized = true
+
+				else
+					authorized = false
+				end
+			end
+			authorized
+		end
+	end
+end

data/lib/jungle_path/app/config/a.gitignore

@@ -0,0 +1 @@
+override.rb

data/lib/jungle_path/app/config/config.rb

@@ -0,0 +1,240 @@
+# base_config.rb
+require 'date'
+require 'jungle_path/config'
+require 'jungle_path/logging'
+
+# create a config.rb to override any of the jungle... values as needed:
+module Config
+	def self.init
+		# setting global config settings name 'jungle' on:
+		JunglePath::Config.set_global_on # configuration will be global: can access 'jungle...' anywhere.
+		environment
+		application
+		on_startup
+		db
+		smtp
+		sms
+		password_settings
+		roles
+		users
+		schema_filters
+		role_schema_filters
+		role_query_filters
+		restriction_query_filters
+		user_query_filters
+		permissions_and_restrictions
+		route_access
+		schema_filters
+		debug
+		config_override
+		jungle.lock = true
+	end
+
+	def self.environment
+		# create 'environment.rb' file to override this setting:
+		jungle.environment.name = "dev" # "dev", "stage", or "prod"
+		begin
+			require_relative 'environment'
+			puts "[application root]/config/environment.rb file was loaded."
+			puts "jungle.environment.name == '#{jungle.environment.name}'"
+		rescue LoadError => ex
+			puts "[application root]/config/environment.rb file was not found, defaulting to jungle.environment.name == '#{jungle_config.environment.name}'."
+			puts "to override, create file ./config/environment.rb with one line like this:"
+			puts "jungle.environment.name = 'stage' \# valid environments may be: 'dev', 'stage' or 'prod' or whatever you want to use :)"
+		end
+	end
+
+	def self.application
+		jungle.application.id = 5
+		jungle.application.root_dir = ::File.expand_path('..',::File.dirname(__FILE__))
+		jungle.application.public_dir = File.join(jungle.application.root_dir, 'web_apps', 'public')
+		jungle.application.name = 'jungle_path'
+		jungle.application.url = nil
+		jungle.application.logger = Logging.make_logger(jungle.application.root_dir, "#{jungle.application.name}_requests.log") # $stdout
+		puts "application root dir: #{jungle.application.root_dir}"
+		puts "application public dir: #{jungle.application.public_dir}"
+	end
+
+	def self.on_startup
+		jungle.on_startup.run_database_migrations = false # Servers usually handle this on their own with deployments. For devs, may want to override in override.rb.
+	end
+
+	def self.db
+		jungle.db.name = "jungle_path"
+		jungle.db.type = "postgres"
+		jungle.db.user_name = "jungle_path"
+		jungle.db.password =  nil
+		jungle.db.host = "localhost"
+		jungle.db.extensions = [:pg_json]
+		jungle.db.port = nil # defaults to PostgreSQL default port of 5432.
+		jungle.db.options = {max_connections: 4}
+	end
+
+	def self.smtp # (email)
+		jungle.smtp.host = "localhost"
+		jungle.smtp.port = 25 #587 # 25
+		jungle.smtp.domain_of_sender = 'mydomain.com'
+		jungle.smtp.user_name = nil
+		jungle.smtp.password = nil
+		jungle.smtp.enable_tls = false
+		jungle.smtp.authentication = nil
+		jungle.smtp.from = nil # 'me@mydomain.com'
+	end
+
+	def self.sms # (texting)
+		jungle.sms.from_phone_number = nil
+		jungle.sms.account_sid = nil
+		jungle.sms.auth_token = nil
+	end
+
+	def self.password_settings
+		jungle.password_settings = {
+			length: {must_be_greater_than: 0, message: "Password length must be at least 1 characters."},
+			#length: {must_be_greater_than: 7, message: "Password length must be at least 8 characters."},
+			regular_expression_matches: [
+				## {expression: /[[:alpha:]]/, message: "Password must have at least one alphabetical character."},
+				## {expression: /[[:digit:]]/, message: "Password must have at least one numeric character."}
+				#{expression: /\D/, message: "Password must have at least one alphabetical character."},
+				#{expression: /\d/, message: "Password must have at least one numeric character."}
+			]
+		}
+	end
+
+	def self.roles
+		jungle.roles = {
+			root: {
+				id: 0,
+				name: :root,
+				description: 'root can do anything',
+				permissions: [:root],
+				restrictions: []
+			},
+			admin: {
+				id: 1,
+				name: :admin,
+				description: 'admin and add, edit and delete users, but not root users.',
+				permissions: [:admin],
+				restrictions: []
+			},
+			user: {
+				id: 2,
+				name: :user,
+				description: 'basic system user -- has read only access.',
+				permissions: [:read],
+				restrictions: [:query_only, :me_related]
+			}
+		}
+	end
+
+	def self.users
+		jungle.users = {
+			root: {
+				id: 0,
+				name: 'root',
+				email: nil,
+				phone: nil,
+				active: true,
+				user_name: :root,
+				password: 'test',
+				roles: [:root]
+			},
+			admin: {
+				id: 1,
+				name: 'admin',
+				email: nil,
+				phone: nil,
+				active: true,
+				user_name: :admin,
+				password: 'test',
+				roles: [:admin]
+			},
+			user: {
+				id: 2,
+				name: 'user',
+				email: nil,
+				phone: nil,
+				active: true,
+				user_name: :user,
+				password: 'test',
+				roles: [:user]
+			}
+		}
+	end
+
+	def self.schema_filters
+		jungle.schema_filters = lambda {|identity|
+			filters = {
+				allow_all_tables: {allow: [table: /./]},
+				hide_nonpublic_tables: {allow: [{table: /./}], deny: [{table: /^utility_/}, {table: /^temp_/}]}
+			}
+		}
+	end
+
+	def self.role_schema_filters
+		jungle.role_schema_filters = lambda {|identity|
+			filters = {
+				root: :allow_all_tables,
+				admin: :allow_all_tables,
+				user: :hide_nonpublic_tables
+			}
+		}
+	end
+
+	def self.role_query_filters
+		jungle.role_query_filters = lambda {|identity|
+			filters = {
+				admin: [
+					{table_name: :table_i_want_to_filter, sub_select: "select id from table_i_want_to_filter where a = b"}
+				]
+				# more...
+			}
+		}
+	end
+
+	def self.restriction_query_filters
+		jungle.restriction_query_filters = lambda {|identity|
+			filters = {
+				me_related:[
+					{table_name: :user, sub_select: "select id from user where id = #{identity.user.id}"}
+				]
+			}
+		}
+	end
+
+	def self.user_query_filters
+		jungle.user_query_filters = lambda {|identity|
+			filters = {}
+		}
+	end
+
+	def self.route_access
+		jungle.route_access = {
+			public: {
+				get: {
+					routes: ['/', '/app', '/admin', '/query', '/query/doc'],
+					routes_start_with: ['/activate/', '/passwordresetcode/']
+				}
+			},
+			authenticated: {
+				get: {
+					routes: ['/query/schema_tree'],
+					routes_start_with: []
+				}
+			}
+		}
+	end
+
+	def self.debug
+		jungle.debug.show_params = false
+	end
+
+	def self.config_override
+		begin
+			require_relative 'override'
+			puts "[application root]/config/override.rb file was loaded."
+		rescue LoadError => ex
+			puts "warning!!! [application root]/config/override.rb file was not found, please create an override.rb file so that you can override default settings in 'config.rb'! override.rb should be in the same directory as config.rb."
+		end
+	end
+end
+Config.init

data/lib/jungle_path/app/config/override.rb

@@ -0,0 +1,3 @@
+# Use override.rb for configuration of any sensitive data such as passwords.
+# Do not push override.rb to git! :)
+jungle.db.password =  nil

data/lib/jungle_path/app/config.ru

@@ -0,0 +1,28 @@
+#\ -w -p 8087
+# config.ru
+#require 'opal'
+#require 'sinatra'
+require 'time'
+#require 'rack/mobile-detect'
+#require_relative '../lib/rack_json_body_parser'
+require_relative 'api/server_custom'
+require_relative 'config/config' # contains all settings except sensitive data set to nil. Put sensitive data (passwords, etc.) in config/override.rb and .gitignore override.rb!
+require_relative 'schemas/schema'
+require_relative 'db/db'
+require_relative 'ztools/migration'
+puts "startup at #{Time.now}."
+
+#use Rack::MobileDetect
+#use Rack::CommonLogger, configatron.application.logger
+#use Rack::PostBodyContentTypeParser, true
+
+if jungle.application.on_startup.run_database_migrations
+	puts "running (main) database migrations..."
+	puts "set jungle.application.on_startup.run_database_migrations = false in your config.rb or override.rb to prevent running main database migrations at startup."
+	Migration.run Schema, ServerAPI::DB.instance
+else
+	puts "skipping database (main) migrations."
+	puts "set jungle.application.on_startup.run_database_migrations = true in your config.rb or override.rb to run main database migrations at startup."
+end
+
+map('/') {run Server::API}

data/lib/jungle_path/app/run.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+#rackup config.ru
+echo "no longer running with rackup, starting with thin directly (and passing in config.ru...)"
+thin --threaded start -R config.ru -p 8087 -t 300

data/lib/jungle_path/app/schemas/schema.rb

@@ -0,0 +1,21 @@
+# can just require this:
+#require 'jungle_path/schema'
+
+# or these:
+require 'jungle_path/schema/version'
+require 'jungle_path/schema/base'
+require 'jungle_path/schema/db'
+require 'jungle_path/schema/auth'
+
+# application tables examples:
+
+class Answer < Schema::Base
+	self.description = ""
+	define(
+		[:id, :primary_key],
+		[:question_id, :foreign_key, :question],
+		[:description, :string],
+		[:is_correct, :boolean],
+		[:audit_user]
+	)
+end