RubyGems - lotusrb - Versions diffs - 0.3.2 → 0.4.0 - Mend

lotusrb 0.3.2 → 0.4.0

Files changed (85) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +20 -0
data/FEATURES.md +17 -0
data/README.md +16 -355
data/lib/lotus.rb +0 -1
data/lib/lotus/action/csrf_protection.rb +167 -0
data/lib/lotus/application.rb +3 -1
data/lib/lotus/cli.rb +14 -13
data/lib/lotus/commands/console.rb +1 -1
data/lib/lotus/commands/db.rb +102 -0
data/lib/lotus/commands/db/abstract.rb +15 -0
data/lib/lotus/commands/db/apply.rb +14 -0
data/lib/lotus/commands/db/console.rb +1 -5
data/lib/lotus/commands/db/create.rb +14 -0
data/lib/lotus/commands/db/drop.rb +14 -0
data/lib/lotus/commands/db/migrate.rb +19 -0
data/lib/lotus/commands/db/prepare.rb +14 -0
data/lib/lotus/commands/db/version.rb +14 -0
data/lib/lotus/commands/generate.rb +20 -20
data/lib/lotus/commands/new.rb +1 -0
data/lib/lotus/commands/routes.rb +1 -2
data/lib/lotus/configuration.rb +29 -0
data/lib/lotus/container.rb +19 -3
data/lib/lotus/environment.rb +62 -9
data/lib/lotus/frameworks.rb +1 -0
data/lib/lotus/generators/action.rb +46 -10
data/lib/lotus/generators/action/action_spec.minitest.tt +1 -1
data/lib/lotus/generators/action/action_spec.rspec.tt +1 -1
data/lib/lotus/generators/action/view_spec.minitest.tt +2 -1
data/lib/lotus/generators/action/view_spec.rspec.tt +2 -1
data/lib/lotus/generators/app.rb +39 -0
data/lib/lotus/generators/app/.gitkeep +1 -0
data/lib/lotus/generators/application/app.rb +184 -0
data/lib/lotus/generators/application/app/.env.development.tt +3 -0
data/lib/lotus/generators/application/app/.env.test.tt +3 -0
data/lib/lotus/generators/application/{container/config → app}/.env.tt +0 -0
data/lib/lotus/generators/application/app/.gitkeep +1 -0
data/lib/lotus/generators/application/app/Gemfile.tt +35 -0
data/lib/lotus/generators/application/app/Rakefile.minitest.tt +10 -0
data/lib/lotus/generators/application/app/Rakefile.rspec.tt +5 -0
data/lib/lotus/generators/application/app/apps/.gitkeep.tt +1 -0
data/lib/lotus/generators/application/app/capybara.rb.rspec.tt +8 -0
data/lib/lotus/generators/application/app/config.ru.tt +3 -0
data/lib/lotus/generators/application/app/config/application.rb.tt +227 -0
data/lib/lotus/generators/application/app/config/environment.rb.tt +5 -0
data/lib/lotus/generators/application/app/config/routes.rb.tt +2 -0
data/lib/lotus/generators/application/app/db/.gitkeep +1 -0
data/lib/lotus/generators/application/app/features_helper.rb.minitest.tt +11 -0
data/lib/lotus/generators/application/app/features_helper.rb.rspec.tt +12 -0
data/lib/lotus/generators/application/app/gitignore.tt +2 -0
data/lib/lotus/generators/application/app/lib/app_name.rb.tt +47 -0
data/lib/lotus/generators/application/app/lib/chirp/entities/.gitkeep +1 -0
data/lib/lotus/generators/application/app/lib/chirp/repositories/.gitkeep +1 -0
data/lib/lotus/generators/application/app/lib/config/mapping.rb.tt +7 -0
data/lib/lotus/generators/application/app/lotusrc.tt +3 -0
data/lib/lotus/generators/application/app/rspec.rspec.tt +2 -0
data/lib/lotus/generators/application/app/schema.sql.tt +0 -0
data/lib/lotus/generators/application/app/spec_helper.rb.minitest.tt +7 -0
data/lib/lotus/generators/application/app/spec_helper.rb.rspec.tt +100 -0
data/lib/lotus/generators/application/app/templates/application.html.erb.tt +9 -0
data/lib/lotus/generators/application/app/views/application_layout.rb.tt +7 -0
data/lib/lotus/generators/application/container.rb +37 -13
data/lib/lotus/generators/application/container/{config/.env.development.tt → .env.development.tt} +0 -0
data/lib/lotus/generators/application/container/{config/.env.test.tt → .env.test.tt} +0 -0
data/lib/lotus/generators/application/container/.env.tt +1 -0
data/lib/lotus/generators/application/container/lib/app_name.rb.tt +9 -0
data/lib/lotus/generators/application/container/schema.sql.tt +0 -0
data/lib/lotus/generators/migration.rb +58 -0
data/lib/lotus/generators/migration/migration.rb.tt +4 -0
data/lib/lotus/generators/model.rb +10 -7
data/lib/lotus/generators/slice.rb +4 -12
data/lib/lotus/generators/slice/application.rb.tt +3 -19
data/lib/lotus/generators/slice/config/routes.rb.tt +1 -7
data/lib/lotus/loader.rb +15 -1
data/lib/lotus/lotusrc.rb +8 -3
data/lib/lotus/templates/{welcome.html → welcome.html.erb} +4 -3
data/lib/lotus/version.rb +1 -1
data/lib/lotus/welcome.rb +20 -1
data/lotusrb.gemspec +5 -5
metadata +67 -18
data/lib/lotus/generators/slice/action.rb.tt +0 -8
data/lib/lotus/generators/slice/config/mapping.rb.tt +0 -13
data/lib/lotus/generators/slice/templates/template.html.erb.tt +0 -2
data/lib/lotus/generators/slice/view.rb.tt +0 -5
data/lib/lotus/logger.rb +0 -141

data/lib/lotus.rb CHANGED Viewed

@@ -1,7 +1,6 @@
 require 'lotus/version'
 require 'lotus/application'
 require 'lotus/container'
-require 'lotus/logger'
 require 'lotus/environment'
 # A complete web framework for Ruby

data/lib/lotus/action/csrf_protection.rb ADDED Viewed

@@ -0,0 +1,167 @@
+require 'securerandom'
+module Lotus
+  module Action
+    # Invalid CSRF Token
+    #
+    # @since 0.4.0
+    class InvalidCSRFTokenError < ::StandardError
+    end
+    # CSRF Protection
+    #
+    # This security mechanism is enabled automatically if sessions are turned on.
+    #
+    # It stores a "challenge" token in session. For each "state changing request"
+    # (eg. <tt>POST</tt>, <tt>PATCH</tt> etc..), we should send a special param:
+    # <tt>_csrf_token</tt>.
+    #
+    # If the param matches with the challenge token, the flow can continue.
+    # Otherwise the application detects an attack attempt, it reset the session
+    # and <tt>Lotus::Action::InvalidCSRFTokenError</tt> is raised.
+    #
+    # We can specify a custom handling strategy, by overriding <tt>#handle_invalid_csrf_token</tt>.
+    #
+    # Form helper (<tt>#form_for</tt>) automatically sets a hidden field with the
+    # correct token. A special view method (<tt>#csrf_token</tt>) is available in
+    # case the form markup is manually crafted.
+    #
+    # We can disable this check on action basis, by overriding <tt>#verify_csrf_token?</tt>.
+    #
+    # @since 0.4.0
+    #
+    # @see https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29
+    # @see https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
+    #
+    # @example Custom Handling
+    #   module Web::Controllers::Books
+    #     class Create
+    #       include Web::Action
+    #
+    #       def call(params)
+    #         # ...
+    #       end
+    #
+    #       private
+    #
+    #       def handle_invalid_csrf_token
+    #         Web::Logger.warn "CSRF attack: expected #{ session[:_csrf_token] }, was #{ params[:_csrf_token] }"
+    #         # manual handling
+    #       end
+    #     end
+    #   end
+    #
+    # @example Bypass Security Check
+    #   module Web::Controllers::Books
+    #     class Create
+    #       include Web::Action
+    #
+    #       def call(params)
+    #         # ...
+    #       end
+    #
+    #       private
+    #
+    #       def verify_csrf_token?
+    #         false
+    #       end
+    #     end
+    #   end
+    module CSRFProtection
+      # Session and params key for CSRF token.
+      #
+      # This key is shared with <tt>lotus-controller</tt> and <tt>lotus-helpers</tt>
+      #
+      # @since 0.4.0
+      # @api private
+      CSRF_TOKEN = :_csrf_token
+      # Idempotent HTTP methods
+      #
+      # By default, the check isn't performed if the request method is included
+      # in this list.
+      #
+      # @since 0.4.0
+      # @api private
+      IDEMPOTENT_HTTP_METHODS = Hash[
+        'GET'     => true,
+        'HEAD'    => true,
+        'TRACE'   => true,
+        'OPTIONS' => true
+      ].freeze
+      # @since 0.4.0
+      # @api private
+      def self.included(action)
+        action.class_eval do
+          before :set_csrf_token, :verify_csrf_token
+        end unless Lotus.env?(:test)
+      end
+      private
+      # Set CSRF Token in session
+      #
+      # @since 0.4.0
+      # @api private
+      def set_csrf_token
+        session[CSRF_TOKEN] ||= generate_csrf_token
+      end
+      # Verify if CSRF token from params, matches the one stored in session.
+      # If not, it raises an error.
+      #
+      # Don't override this method.
+      #
+      # To bypass the security check, please override <tt>#verify_csrf_token?</tt>.
+      # For custom handling of an attack, please override <tt>#handle_invalid_csrf_token</tt>.
+      #
+      # @since 0.4.0
+      # @api private
+      def verify_csrf_token
+        handle_invalid_csrf_token if invalid_csrf_token?
+      end
+      # Verify if CSRF token from params, matches the one stored in session.
+      #
+      # Don't override this method.
+      #
+      # @since 0.4.0
+      # @api private
+      def invalid_csrf_token?
+        verify_csrf_token? &&
+          session[CSRF_TOKEN] != params[CSRF_TOKEN]
+      end
+      # Generates a random CSRF Token
+      #
+      # @since 0.4.0
+      # @api private
+      def generate_csrf_token
+        SecureRandom.hex(32)
+      end
+      # Decide if perform the check or not.
+      #
+      # Override and return <tt>false</tt> if you want to bypass security check.
+      #
+      # @since 0.4.0
+      def verify_csrf_token?
+        !IDEMPOTENT_HTTP_METHODS[request_method]
+      end
+      # Handle CSRF attack.
+      #
+      # The default policy resets the session and raises an exception.
+      #
+      # Override this method, for custom handling.
+      #
+      # @raise [Lotus::Action::InvalidCSRFTokenError]
+      #
+      # @since 0.4.0
+      def handle_invalid_csrf_token
+        session.clear
+        raise InvalidCSRFTokenError.new
+      end
+    end
+  end
+end

data/lib/lotus/application.rb CHANGED Viewed

@@ -2,6 +2,7 @@ require 'lotus/utils/class_attribute'
 require 'lotus/frameworks'
 require 'lotus/configuration'
 require 'lotus/loader'
+require 'lotus/logger'
 require 'lotus/rendering_policy'
 require 'lotus/middleware'
@@ -105,7 +106,8 @@ module Lotus
     # @return [Lotus::Application] a new instance of the application
     #
     # @since 0.1.0
-    def initialize
+    def initialize(options = {})
+      self.class.configuration.path_prefix options[:path_prefix]
       self.class.load!(self)
     end

data/lib/lotus/cli.rb CHANGED Viewed

@@ -61,14 +61,14 @@ module Lotus
     end
     desc 'new', 'generates a new application'
-    method_option :database,       aliases: '-d', desc: 'application database',     type: :string,  default: 'filesystem'
-    method_option :architecture,   aliases: '-a', desc: 'application architecture', type: :string,  default: 'container'
-    method_option :application,                   desc: 'application name',         type: :string,  default: 'web'
-    method_option :application_base_url,          desc: 'application base url',     type: :string,  default: '/'
-    method_option :path,                          desc: 'path',                     type: :string
-    method_option :test,                          desc: 'application test framework (rspec/minitest)', type: :string,  default: 'minitest'
-    method_option :lotus_head,                    desc: 'use Lotus HEAD',           type: :boolean, default: false
-    method_option :help,           aliases: '-h', desc: 'displays the usage method'
+    method_option :database,             aliases: '-d',             desc: 'application database',     type: :string,  default: 'filesystem'
+    method_option :architecture,         aliases: ['-a', '--arch'], desc: 'application architecture', type: :string,  default: 'container'
+    method_option :application,                                     desc: 'application name',         type: :string,  default: 'web'
+    method_option :application_base_url,                            desc: 'application base url',     type: :string,  default: '/'
+    method_option :path,                                            desc: 'path',                     type: :string
+    method_option :test,                                            desc: 'application test framework (rspec/minitest)', type: :string,  default: 'minitest'
+    method_option :lotus_head,                                      desc: 'use Lotus HEAD',           type: :boolean, default: false
+    method_option :help,                 aliases: '-h',             desc: 'displays the usage method'
     def new(name = nil)
       if options[:help] || name.nil?
@@ -79,11 +79,12 @@ module Lotus
       end
     end
-    desc 'generate', 'generates a new action'
-    method_option :application_base_url, desc: 'application base url',     type: :string
-    method_option :path,                desc: 'applications path',                                         type: :string,  default: 'apps'
-    method_option :skip_view,           desc: 'skip the creation of view and templates (only for action)', type: :boolean, default: false
-    method_option :help, aliases: '-h', desc: 'displays the usage method'
+    desc 'generate', 'generates action, model or migration'
+    method_option :application_base_url, desc: 'application base url',                                      type: :string
+    method_option :path,                 desc: 'applications path',                                         type: :string
+    method_option :url,                  desc: 'relative URL for action',                                   type: :string
+    method_option :skip_view,            desc: 'skip the creation of view and templates (only for action)', type: :boolean, default: false
+    method_option :help, aliases: '-h',  desc: 'displays the usage method'
     # @since 0.3.0
     # @api private

data/lib/lotus/commands/console.rb CHANGED Viewed

@@ -24,7 +24,7 @@ module Lotus
       def start
         # Clear out ARGV so Pry/IRB don't attempt to parse the rest
         ARGV.shift until ARGV.empty?
-        require @environment.env_config.to_s
+        @environment.require_application_environment
         # Add convenience methods to the main:Object binding
         TOPLEVEL_BINDING.eval('self').send(:include, Methods)

data/lib/lotus/commands/db.rb CHANGED Viewed

@@ -17,11 +17,113 @@ module Lotus
         end
       end
+      desc 'db create', 'create database'
+      desc 'create', 'create database for current environment'
+      method_option :environment, desc: 'path to environment configuration (config/environment.rb)'
+      def create
+        if options[:help]
+          invoke :help, ['create']
+        else
+          assert_allowed_environment!
+          require 'lotus/commands/db/create'
+          Lotus::Commands::DB::Create.new(environment).start
+        end
+      end
+      desc 'db drop', 'drop database'
+      desc 'drop', 'drop database for current environment'
+      method_option :environment, desc: 'path to environment configuration (config/environment.rb)'
+      def drop
+        if options[:help]
+          invoke :help, ['drop']
+        else
+          assert_allowed_environment!
+          require 'lotus/commands/db/drop'
+          Lotus::Commands::DB::Drop.new(environment).start
+        end
+      end
+      desc 'db migrate', 'migrate database'
+      desc 'migrate', 'migrate database for current environment'
+      method_option :environment, desc: 'path to environment configuration (config/environment.rb)'
+      def migrate(version = nil)
+        if options[:help]
+          invoke :help, ['migrate']
+        else
+          require 'lotus/commands/db/migrate'
+          Lotus::Commands::DB::Migrate.new(environment, version).start
+        end
+      end
+      desc 'db apply', 'apply database changes'
+      desc 'apply', 'migrate, dump schema, delete migrations (experimental)'
+      method_option :environment, desc: 'path to environment configuration (config/environment.rb)'
+      def apply
+        if options[:help]
+          invoke :help, ['apply']
+        else
+          assert_development_environment!
+          require 'lotus/commands/db/apply'
+          Lotus::Commands::DB::Apply.new(environment).start
+        end
+      end
+      desc 'db prepare', 'prepare database'
+      desc 'prepare', 'create and migrate database'
+      method_option :environment, desc: 'path to environment configuration (config/environment.rb)'
+      def prepare
+        if options[:help]
+          invoke :help, ['prepare']
+        else
+          assert_allowed_environment!
+          require 'lotus/commands/db/prepare'
+          Lotus::Commands::DB::Prepare.new(environment).start
+        end
+      end
+      desc 'db version', 'database version'
+      desc 'version', 'current database version'
+      method_option :environment, desc: 'path to environment configuration (config/environment.rb)'
+      def version
+        if options[:help]
+          invoke :help, ['version']
+        else
+          require 'lotus/commands/db/version'
+          Lotus::Commands::DB::Version.new(environment).start
+        end
+      end
       private
       def environment
         Lotus::Environment.new(options)
       end
+      def assert_allowed_environment!
+        if environment.environment?(:production)
+          puts "Can't run this command in production mode"
+          exit 1
+        end
+      end
+      def assert_development_environment!
+        unless environment.environment?(:development)
+          puts "This command can be ran only in development mode"
+          exit 1
+        end
+      end
     end
   end
 end

data/lib/lotus/commands/db/abstract.rb ADDED Viewed

@@ -0,0 +1,15 @@
+module Lotus
+  module Commands
+    class DB
+      class Abstract
+        def initialize(environment)
+          environment.require_application_environment
+        end
+        def start
+          raise NotImplementedError
+        end
+      end
+    end
+  end
+end

data/lib/lotus/commands/db/apply.rb ADDED Viewed

@@ -0,0 +1,14 @@
+require 'lotus/commands/db/abstract'
+module Lotus
+  module Commands
+    class DB
+      class Apply < Abstract
+        def start
+          require 'lotus/model/migrator'
+          Lotus::Model::Migrator.apply
+        end
+      end
+    end
+  end
+end

data/lib/lotus/commands/db/console.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module Lotus
           @name        = name
           @environment = environment
           @env_options = environment.to_options
-          load_config
+          @environment.require_application_environment
         end
         def start
@@ -44,10 +44,6 @@ module Lotus
         def connection_string
           adapter_class.new(mapper, adapter_config.uri).connection_string
         end
-        def load_config
-          require @env_options[:env_config]
-        end
       end
     end
   end

data/lib/lotus/commands/db/create.rb ADDED Viewed

@@ -0,0 +1,14 @@
+require 'lotus/commands/db/abstract'
+module Lotus
+  module Commands
+    class DB
+      class Create < Abstract
+        def start
+          require 'lotus/model/migrator'
+          Lotus::Model::Migrator.create
+        end
+      end
+    end
+  end
+end

data/lib/lotus/commands/db/drop.rb ADDED Viewed

@@ -0,0 +1,14 @@
+require 'lotus/commands/db/abstract'
+module Lotus
+  module Commands
+    class DB
+      class Drop < Abstract
+        def start
+          require 'lotus/model/migrator'
+          Lotus::Model::Migrator.drop
+        end
+      end
+    end
+  end
+end

data/lib/lotus/commands/db/migrate.rb ADDED Viewed

@@ -0,0 +1,19 @@
+require 'lotus/commands/db/abstract'
+module Lotus
+  module Commands
+    class DB
+      class Migrate < Abstract
+        def initialize(environment, version)
+          super(environment)
+          @version = version
+        end
+        def start
+          require 'lotus/model/migrator'
+          Lotus::Model::Migrator.migrate(version: @version)
+        end
+      end
+    end
+  end
+end