katalyst-koi 4.0.0

data/app/controllers/admin/url_rewrites_controller.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+module Admin
+  class UrlRewritesController < ApplicationController
+    before_action :set_url_rewrite, only: %i[show edit update destroy]
+
+    def index
+      collection = Collection.new.with_params(params).apply(UrlRewrite.strict_loading)
+      table      = Koi::IndexTableComponent.new(collection:)
+
+      respond_to do |format|
+        format.turbo_stream { render(table) }  if self_referred?
+        format.html { render :index, locals: { table:, collection: } }
+      end
+    end
+
+    def show
+      render :show, locals: { url_rewrite: @url_rewrite }
+    end
+
+    def new
+      @url_rewrite = UrlRewrite.new
+      render :new, locals: { url_rewrite: @url_rewrite }
+    end
+
+    def edit
+      render :edit, locals: { url_rewrite: @url_rewrite }
+    end
+
+    def create
+      @url_rewrite = UrlRewrite.new(url_rewrite_params)
+
+      if @url_rewrite.save
+        redirect_to admin_url_rewrite_path(@url_rewrite)
+      else
+        render :new, status: :unprocessable_entity, locals: { url_rewrite: @url_rewrite }
+      end
+    end
+
+    def update
+      @url_rewrite.attributes = url_rewrite_params
+
+      if @url_rewrite.save
+        redirect_to admin_url_rewrite_path(@url_rewrite)
+      else
+        render :edit, status: :unprocessable_entity, locals: { url_rewrite: @url_rewrite }
+      end
+    end
+
+    def destroy
+      @url_rewrite.destroy!
+
+      redirect_to admin_url_rewrites_path
+    end
+
+    private
+
+    def url_rewrite_params
+      params.require(:url_rewrite).permit(:from, :to, :active)
+    end
+
+    def set_url_rewrite
+      @url_rewrite = UrlRewrite.find(params[:id])
+    end
+
+    class Collection < Katalyst::Tables::Collection::Base
+      attribute :search, :string, default: ""
+      attribute :scope, :string, default: "active"
+
+      config.sorting  = "from"
+      config.paginate = true
+
+      def filter
+        self.items = items.admin_search(search) if search.present?
+
+        self.items = case scope&.to_sym
+                     when :active
+                       items.where(active: true)
+                     when :inactive
+                       items.where(active: false)
+                     else
+                       items
+                     end
+      end
+    end
+  end
+end

data/app/controllers/concerns/koi/controller/has_admin_users.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Koi
+  module Controller
+    module HasAdminUsers
+      extend ActiveSupport::Concern
+
+      included do
+        helper_method :admin_signed_in?
+        helper_method :current_admin_user
+        helper_method :current_admin
+      end
+
+      def admin_signed_in?
+        current_admin_user.present?
+      end
+
+      def current_admin_user
+        @current_admin_user ||= Admin::User.find(session[:admin_user_id]) if session[:admin_user_id].present?
+      end
+
+      # @deprecated Use current_admin_user instead
+      alias_method :current_admin, :current_admin_user
+
+      module Test
+        # Include in view specs to stub out the current admin user
+        module ViewHelper
+          extend ActiveSupport::Concern
+
+          included do
+            before do
+              view.singleton_class.module_eval do
+                def admin_signed_in?
+                  current_admin_user.present?
+                end
+
+                def current_admin_user
+                  respond_to?(:admin_user) ? admin_user : nil
+                end
+
+                alias_method :current_admin, :current_admin_user
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/concerns/koi/controller/has_webauthn.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Koi
+  module Controller
+    module HasWebauthn
+      extend ActiveSupport::Concern
+
+      included do
+        helper_method :webauthn_auth_options
+      end
+
+      def webauthn_relying_party
+        @webauthn_relying_party ||=
+          WebAuthn::RelyingParty.new(
+            name:   "Koi Admin",
+            origin: request.base_url,
+          )
+      end
+
+      def webauthn_auth_options
+        options = webauthn_relying_party.options_for_authentication(
+          allow: Admin::Credential.pluck(:external_id),
+        )
+        session[:authentication_challenge] = options.challenge
+
+        options
+      end
+
+      def webauthn_authenticate!
+        return if session_params[:response].blank?
+
+        webauthn_credential, stored_credential = webauthn_relying_party.verify_authentication(
+          JSON.parse(session_params[:response]),
+          session[:authentication_challenge],
+        ) do |credential|
+          Admin::Credential.find_by!(external_id: credential.id)
+        end
+
+        stored_credential.update!(sign_count: webauthn_credential.sign_count)
+
+        stored_credential.admin
+      end
+    end
+  end
+end

data/app/controllers/concerns/koi/controller/is_admin_controller.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Koi
+  module Controller
+    module IsAdminController
+      extend ActiveSupport::Concern
+
+      class_methods do
+        def authenticate_local_admins(value)
+          Koi::Controller::IsAdminController.authenticate_local_admins = value
+        end
+      end
+
+      included do
+        include HasAdminUsers
+        include Katalyst::Tables::Backend
+        include Pagy::Backend
+
+        default_form_builder "Koi::FormBuilder"
+
+        helper Katalyst::GOVUK::Formbuilder::Frontend
+        helper Katalyst::Navigation::FrontendHelper
+        helper Katalyst::Tables::Frontend
+        helper Pagy::Frontend
+        helper IndexActionsHelper
+        helper :all
+
+        layout "koi/application"
+
+        before_action :authenticate_local_admin, if: -> { Koi::Controller::IsAdminController.authenticate_local_admins }
+        before_action :authenticate_admin, unless: :admin_signed_in?
+      end
+
+      class << self
+        attr_accessor :authenticate_local_admins
+      end
+
+      protected
+
+      def authenticate_local_admin
+        return if admin_signed_in? || !Rails.env.development?
+
+        session[:admin_user_id] =
+          Admin::User.where(email: %W[#{ENV['USER']}@katalyst.com.au admin@katalyst.com.au]).first&.id
+      end
+
+      def authenticate_admin
+        redirect_to new_admin_session_path, status: :temporary_redirect
+      end
+    end
+  end
+end

data/app/helpers/katalyst/content/editor/errors.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Katalyst
+  module Content
+    module Editor
+      class Errors < Base
+        def build(**options)
+          turbo_frame_tag dom_id(container, :errors) do
+            form_builder.govuk_error_summary(**options)
+          end
+        end
+
+        private
+
+        def form_builder
+          Koi::FormBuilder.new(container.model_name.param_key, container, self, {})
+        end
+      end
+    end
+  end
+end

data/app/helpers/katalyst/navigation/editor/errors.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Katalyst
+  module Navigation
+    module Editor
+      class Errors < Base
+        def build(**options)
+          turbo_frame_tag dom_id(menu, :errors) do
+            form_builder.govuk_error_summary(**options)
+          end
+        end
+
+        private
+
+        def form_builder
+          Koi::FormBuilder.new(menu.model_name.param_key, menu, self, {})
+        end
+      end
+    end
+  end
+end

data/app/helpers/koi/application_helper.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Koi
+  module ApplicationHelper
+    include Katalyst::Tables::Frontend
+  end
+end

data/app/helpers/koi/date_helper.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+# rubocop:disable Naming/MethodName
+module Koi
+  module DateHelper
+    # @deprecated
+    def date_format(date, format)
+      date.strftime format.gsub(/yyyy/, "%Y")
+                      .gsub(/yy/,    "%y")
+                      .gsub(/Month/, "%B")
+                      .gsub(/M/,     "%b")
+                      .gsub(/mm/,    "%m")
+                      .gsub(/m/,     "%-m")
+                      .gsub(/Day/,   "%A")
+                      .gsub(/D/,     "%a")
+                      .gsub(/dd/,    "%d")
+                      .gsub(/d/,     "%-d")
+    end
+
+    # @deprecated
+    def date_Month_d_yyyy(date)
+      date.strftime "%B %-d, %Y"
+    end
+
+    # @deprecated
+    def date_d_Month_yyyy(date)
+      date.strftime "%-d %B %Y"
+    end
+
+    # @deprecated
+    def date_d_M_yy(date)
+      date.strftime "%-d %b %y"
+    end
+  end
+end
+# rubocop:enable Naming/MethodName

data/app/helpers/koi/definition_list_helper.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+module Koi
+  module DefinitionListHelper
+    def definition_list(**options, &)
+      DefinitionListBuilder.new(self, options).render(&)
+    end
+  end
+
+  class DefinitionListBuilder
+    delegate_missing_to :@context
+
+    def initialize(context, options = {})
+      @context = context
+      @options = options
+    end
+
+    def render(&block)
+      tag.dl class: @options.delete(:class) do
+        concat(capture { yield self }) if block
+      end
+    end
+
+    def items_with(model:, attributes:, **options)
+      capture do
+        attributes.each do |attribute|
+          concat item(model, attribute, **options)
+        end
+      end
+    end
+
+    def item(object, attribute, **options, &)
+      Definition.new(@context, object, attribute, **@options, **options).render(&)
+    end
+
+    class Definition
+      attr_reader :object, :attribute, :options
+
+      delegate_missing_to :@context
+
+      def initialize(context, object, attribute, options = {})
+        @context   = context
+        @object    = object
+        @attribute = attribute
+        @options   = options
+      end
+
+      def render(&)
+        return unless render?
+
+        term_tag + definition_tag(&)
+      end
+
+      private
+
+      def render?
+        !(options.fetch(:skip_blank, true) && attribute_value.blank? && attribute_value != false)
+      end
+
+      def term_tag
+        tag.dt(label)
+      end
+
+      def definition_tag(&block)
+        if block
+          tag.dd { yield attribute_value }
+        else
+          case attribute_value
+          when Array
+            tag.dd(attribute_value.join(", "))
+          when ActiveStorage::Attached::One
+            tag.dd(attribute_value.attached? ? link_to(attribute_value.filename, url_for(attribute_value)) : "")
+          when Date, Time, DateTime
+            tag.dd(l(attribute_value, format: :display))
+          when TrueClass, FalseClass
+            tag.dd(attribute_value ? "Yes" : "No")
+          else
+            tag.dd(attribute_value.to_s)
+          end
+        end
+      end
+
+      def label
+        options.dig(:label, :text) || object.class.human_attribute_name(attribute)
+      end
+
+      def attribute_value
+        @attribute_value ||= object.public_send(attribute)
+      end
+    end
+  end
+end

data/app/helpers/koi/index_actions_helper.rb

@@ -0,0 +1,99 @@
+# frozen_string_literal: true
+
+module Koi
+  module IndexActionsHelper
+    def koi_index_actions(search: false, create: false, &block)
+      IndexActionsBuilder.new(self, search:, create:).render(&block)
+    end
+  end
+
+  class IndexActionsBuilder
+    delegate_missing_to :@context
+
+    def initialize(context, search:, create:)
+      @context = context
+      @search  = search
+      @create  = create
+    end
+
+    def search?
+      !!@search
+    end
+
+    def create?
+      !!@create
+    end
+
+    def render(&)
+      tag.nav class: "index-actions", data: { controller: "index-actions", action: actions } do
+        form_with(**search_options,
+                  data: { controller:   "search",
+                          turbo_stream: "",
+                          action:       <<~ACTIONS,
+                            input->index-actions#update
+                            change->index-actions#update
+                            submit->index-actions#submit
+                          ACTIONS
+                  }) do |form|
+          concat(links(form, &))
+          concat(sort_input(form))
+          concat(search(form)) if create? || search?
+        end
+      end
+    end
+
+    def search(form)
+      tag.div class: "actions-group" do
+        concat(search_button(form)) if search?
+        concat(create_button(form)) if create?
+        concat(search_input(form)) if search?
+      end
+    end
+
+    def sort_input(form)
+      form.hidden_field(:sort, value: params[:sort], data: { index_actions_target: "sort" })
+    end
+
+    # Hidden button to trigger search, avoids triggering create instead.
+    def search_button(form)
+      form.submit("Search", hidden: "")
+    end
+
+    def create_button(_form)
+      tag.button(t("koi.labels.new", default: "New"),
+                 type:       :submit,
+                 formaction: @create == true ? url_for(action: :new) : new_polymorphic_path(@create),
+                 class:      "button--primary",
+                 data:       { index_actions_target: "create" })
+    end
+
+    def search_input(form)
+      form.search_field(:search,
+                        placeholder: t("koi.labels.search", default: "Search"),
+                        value:       params[:search],
+                        data:        { index_actions_target: "search" })
+    end
+
+    def links(form, &)
+      tag.div(class: "actions-group") do
+        yield(form) if block_given?
+      end
+    end
+
+    def actions
+      [
+        ("shortcut:cancel@document->index-actions#clear" if search?),
+        ("shortcut:create@document->index-actions#create" if create?),
+        ("shortcut:search@document->index-actions#search" if search?),
+        "shortcut:page-prev@document->index-actions#prevPage",
+        "shortcut:page-next@document->index-actions#nextPage",
+      ].compact.join(" ")
+    end
+
+    def search_options
+      options = { url: request.path, method: :get, scope: "" }
+      options.merge!(@search) if @search.is_a?(Hash)
+      options
+    end
+  end
+end

data/app/jobs/koi/application_job.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Koi
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/koi/application_mailer.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module Koi
+  class ApplicationMailer < ActionMailer::Base
+    default from: "support@katalyst.com.au"
+    layout "mailer"
+  end
+end

data/app/models/admin/credential.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Admin
+  class Credential < ApplicationRecord
+    self.table_name = :admin_credentials
+
+    belongs_to :admin, class_name: "Admin::User", inverse_of: :credentials
+
+    validates :external_id, :public_key, :nickname, :sign_count, presence: true
+    validates :external_id, uniqueness: true
+    validates :sign_count,
+              numericality: { only_integer: true, greater_than_or_equal_to: 0 }
+  end
+end

data/app/models/admin/user.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Admin
+  class User < ApplicationRecord
+    include Koi::Model::Archivable
+
+    def self.model_name
+      ActiveModel::Name.new(self, nil, "Admin")
+    end
+
+    has_secure_password :password
+
+    has_many :credentials, inverse_of: :admin, class_name: "Admin::Credential", dependent: :destroy
+
+    validates :name, :email, presence: true
+    validates :email, uniqueness: true, format: { with: URI::MailTo::EMAIL_REGEXP }
+
+    scope :alphabetical, -> { order(name: :asc) }
+
+    if "PgSearch::Model".safe_constantize
+      include PgSearch::Model
+
+      pg_search_scope :admin_search, against: %i[email name], using: { tsearch: { prefix: true } }
+    else
+      scope :admin_search, ->(query) do
+        where("email LIKE :query OR name LIKE :query", query: "%#{query}%")
+      end
+    end
+
+    # TODO(sfn) remove once Rails 7.1 is released
+    # https://edgeapi.rubyonrails.org/classes/ActiveRecord/SecurePassword/ClassMethods.html#method-i-authenticate_by
+    # rubocop:disable Metrics/PerceivedComplexity
+    def self.authenticate_by(attributes)
+      passwords, identifiers = attributes.to_h.partition do |name, _value|
+        !has_attribute?(name) && has_attribute?("#{name}_digest")
+      end.map(&:to_h)
+
+      raise ArgumentError, "One or more password arguments are required" if passwords.empty?
+      raise ArgumentError, "One or more finder arguments are required" if identifiers.empty?
+
+      if (record = find_by(identifiers))
+        record if passwords.count { |name, value| record.public_send(:"authenticate_#{name}", value) } == passwords.size
+      else
+        new(passwords)
+        nil
+      end
+    end
+
+    # rubocop:enable Metrics/PerceivedComplexity
+  end
+end

data/app/models/application_record.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class ApplicationRecord < ActiveRecord::Base
+  self.abstract_class = true
+end

data/app/models/concerns/koi/model/archivable.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module Koi
+  module Model
+    module Archivable
+      extend ActiveSupport::Concern
+
+      included do
+        scope :not_archived, -> { where(archived_at: nil) }
+        scope :archived, -> { unscope(where: :archived_at).where.not(archived_at: nil) }
+        scope :with_archived, -> { unscope(where: :archived_at) }
+
+        default_scope { not_archived }
+
+        alias_method :archived?, :archived
+      end
+
+      # Returns true iff the record has been archived.
+      def archived
+        archived_at.present?
+      end
+
+      # Update archived status based on given boolean value.
+      def archived=(archived)
+        if ActiveRecord::Type::Boolean.new.cast(archived)
+          archive
+        else
+          restore
+        end
+      end
+
+      # Mark a record as archived. It will no longer appear in default queries.
+      def archive
+        self.archived_at = Time.current
+      end
+
+      # Archive a record immediately, without validation.
+      def archive!
+        archive
+        save!(validate: false)
+      end
+
+      # Mark a record as no longer archived. It will appear in default queries.
+      def restore
+        self.archived_at = nil
+      end
+
+      # Restore a record immediately, without validation.
+      def restore!
+        restore
+        save!(validate: false)
+      end
+    end
+  end
+end

data/app/models/url_rewrite.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+class UrlRewrite < ApplicationRecord
+  validates :from, :to, presence: true
+  validates :from, format: { with: %r{\A/.*\z}, message: "should start with /" }
+
+  scope :active, -> { where(active: true) }
+  scope :alphabetical, -> { order(from: :asc) }
+
+  def to_s
+    "#{from} -> #{to}"
+  end
+
+  scope :admin_search, ->(query) do
+    where(arel_table[:from].matches("%#{query}%").or(arel_table[:to].matches("%#{query}%")))
+  end
+
+  def self.redirect_path_for(path)
+    active.find_by(from: path).try(:to)
+  end
+
+  def title
+    from.delete_prefix("/")
+  end
+end

data/app/views/admin/admin_users/_admin.html+row.erb

@@ -0,0 +1,4 @@
+<%= row.cell :name do |cell| %>
+  <%= link_to cell.value, admin_admin_user_path(admin) %>
+<% end %>
+<%= row.cell :email %>