RubyGems - maquina-generators - Versions diffs - 0.1.0 → 0.2.0 - Mend

maquina-generators 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 217f011212f8bd0de1e98fe87fe41afeb48d2171eba4431cb82b219a69239a08
-  data.tar.gz: 927e664fc585adbe4a7d1e3f441a2fa49fb2514fe6ac239e742e240bf913ece3
+  metadata.gz: ce5b50ab1d409ff8e66103ffd248866536fb97868694f514fc63e622a091d3e9
+  data.tar.gz: 991f0a0f392196b14285b68ec027cf120f4b610f172c6772e095343ff032bf1d
 SHA512:
-  metadata.gz: 01b0e678645dca5f7a0a080a9b70d463d0d8da194a3f2fe9ad09d77fa6c0bc673863f4ac525000db990d441508560bee5b2ce3858cb68b61d59432d5bbefcdc8
-  data.tar.gz: b6277238ae34b753a3056b6f559ffd5bd4324e8e605568d624a79b1dca6b4a70e54a3c22cce5f4405de1848e837a540f12d6b022d6d2e746d0025d5afa3daba6
+  metadata.gz: 0f151ba3435ab5cb9be0cf0ddbe8d864b18d3f59f2c403e08a9653998fbe95b384947d315f99bc155d5337603d931b839d1408aa2b227eb41562490e07082d87
+  data.tar.gz: 1caf6b0eb21b9eefb9ada1806e6af396fd435224edce1bf7dd1a1899a7243164b1baa599eebb28d91c2d142e26e19bcbe66da8db2032abea937804698ca46c26

data/README.md CHANGED Viewed

@@ -69,11 +69,13 @@ All generated code lives in your app -- edit it directly:
 - **BackstageController:** Inherits from `ActionController::Base` (bypasses app's ApplicationController concerns)
 - **Initializer:** Credentials-first auth with ENV variable fallback, database connection config
 - **Route:** Mounts `SolidErrors::Engine` under a configurable prefix
+- **Custom views:** Optionally copies custom Tailwind-styled views to override the gem defaults
 #### Usage
 ```bash
 rails g maquina:solid_errors --prefix /admin
+rails g maquina:solid_errors --prefix /admin --copy-views   # Include custom views
 ```
 The generator automatically runs `bundle install` and `solid_errors:install`. After running, execute `bin/rails db:migrate`.
@@ -82,6 +84,7 @@ The generator automatically runs `bundle install` and `solid_errors:install`. Af
 ```bash
 rails g maquina:solid_errors --prefix /admin                          # Default env vars
+rails g maquina:solid_errors --prefix /admin --copy-views             # With custom views
 rails g maquina:solid_errors --prefix /backstage \
   --user-env-var ADMIN_USER --password-env-var ADMIN_PASSWORD         # Custom env vars
 ```
@@ -130,6 +133,33 @@ Credentials are resolved in order:
 ---
+### Rack Attack -- Request Protection
+**Rack Attack** installs the [rack-attack](https://github.com/rack/rack-attack) gem with default security rules to block common vulnerability scans and throttle abusive requests.
+#### What it generates
+- **Initializer:** `config/initializers/rack_attack.rb` with blocklists, safelists, and throttles
+#### Usage
+```bash
+rails g maquina:rack_attack
+```
+The generator automatically runs `bundle install`.
+#### Default Protections
+- **Blocklists:** PHP files (`*.php`), WordPress paths (`wp-admin`, `wp-login`, etc.), sensitive files (`.env`, `.git`, `/etc/passwd`, etc.), scanner targets (`phpmyadmin`, `cgi-bin`, etc.)
+- **Safelists:** Localhost (`127.0.0.1`, `::1`)
+- **Throttles:** 300 requests/5min per IP (general), 5 login attempts/20s per IP
+- **Responses:** 403 Forbidden for blocklisted, 429 Too Many Requests for throttled
+Customize rules in `config/initializers/rack_attack.rb`.
+---
 ## Adding New Generators
 Create a new folder under `lib/generators/maquina/`:

data/lib/generators/maquina/rack_attack/USAGE ADDED Viewed

@@ -0,0 +1,15 @@
+Description:
+  Installs Rack::Attack with default security rules to block common
+  vulnerability scans and throttle abusive requests.
+  Default protections:
+    - Blocks PHP file requests (*.php)
+    - Blocks WordPress paths (wp-admin, wp-login, wp-content, etc.)
+    - Blocks sensitive file access (.env, .git, /etc/passwd, etc.)
+    - Blocks common scanner targets (phpmyadmin, cgi-bin, etc.)
+    - Safelists localhost
+    - Throttles general requests (300/5min per IP)
+    - Throttles login attempts (5/20s per IP)
+Examples:
+  rails g maquina:rack_attack

data/lib/generators/maquina/rack_attack/rack_attack_generator.rb ADDED Viewed

@@ -0,0 +1,53 @@
+require "rails/generators"
+module Maquina
+  module Generators
+    class RackAttackGenerator < Rails::Generators::Base
+      source_root File.expand_path("templates", __dir__)
+      # 1. Initializer
+      def create_initializer
+        template "config/initializers/rack_attack.rb.tt",
+          "config/initializers/rack_attack.rb"
+      end
+      # 2. Add gem to Gemfile
+      def add_gem
+        gemfile_path = File.join(destination_root, "Gemfile")
+        if File.exist?(gemfile_path)
+          content = File.read(gemfile_path)
+          unless content.include?('gem "rack-attack"')
+            append_to_file "Gemfile", "\ngem \"rack-attack\"\n"
+          end
+        end
+      end
+      # 3. Bundle install
+      def run_bundle_install
+        return unless rails_app?
+        run "bundle install", capture: true
+      end
+      # 4. Post-install message
+      def show_post_install
+        say ""
+        say "Rack::Attack has been installed!", :green
+        say ""
+        say "Default protections enabled:", :yellow
+        say "  - Blocklist: PHP files, WordPress paths, sensitive files, scanner targets"
+        say "  - Safelist: localhost (127.0.0.1, ::1)"
+        say "  - Throttle: 300 req/5min per IP, 5 login attempts/20s per IP"
+        say ""
+        say "Customize rules in config/initializers/rack_attack.rb"
+        say ""
+      end
+      private
+      def rails_app?
+        File.exist?(File.join(destination_root, "bin/rails"))
+      end
+    end
+  end
+end

data/lib/generators/maquina/rack_attack/templates/config/initializers/rack_attack.rb.tt ADDED Viewed

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+# Rack::Attack configuration
+# https://github.com/rack/rack-attack
+# Safelist localhost
+Rack::Attack.safelist("allow-localhost") do |req|
+  req.ip == "127.0.0.1" || req.ip == "::1"
+end
+# ---------------------------------------------------------------------------
+# Blocklists — common vulnerability scanner paths
+# ---------------------------------------------------------------------------
+# Block PHP file requests
+Rack::Attack.blocklist("block-php") do |req|
+  req.path.match?(/\.php\d?$/i)
+end
+# Block WordPress paths
+WORDPRESS_PATHS = %w[
+  /wp-admin
+  /wp-login
+  /wp-content
+  /wp-includes
+  /xmlrpc.php
+  /wp-config
+  /wp-cron
+].freeze
+Rack::Attack.blocklist("block-wordpress") do |req|
+  WORDPRESS_PATHS.any? { |path| req.path.downcase.start_with?(path) }
+end
+# Block sensitive file access
+SENSITIVE_PATTERNS = %w[
+  /.env
+  /.git
+  /.htaccess
+  /.htpasswd
+  /.aws
+  /.ssh
+  /.svn
+].freeze
+Rack::Attack.blocklist("block-sensitive-files") do |req|
+  path = req.path.downcase
+  SENSITIVE_PATTERNS.any? { |pattern| path.start_with?(pattern) } ||
+    path.include?("/etc/passwd") ||
+    path.include?("/etc/shadow")
+end
+# Block common scanner targets
+SCANNER_PATHS = %w[
+  /cgi-bin
+  /phpmyadmin
+  /pma
+  /myadmin
+  /phpinfo
+  /mysqladmin
+  /admin/config.php
+  /solr/
+  /actuator
+  /telescope/requests
+  /debug
+  /_ignition
+  /vendor/phpunit
+].freeze
+Rack::Attack.blocklist("block-scanner-targets") do |req|
+  SCANNER_PATHS.any? { |path| req.path.downcase.start_with?(path) }
+end
+# ---------------------------------------------------------------------------
+# Throttles
+# ---------------------------------------------------------------------------
+# General rate limit: 300 requests per 5 minutes per IP
+Rack::Attack.throttle("req/ip", limit: 300, period: 5.minutes) do |req|
+  req.ip unless req.path.start_with?("/assets")
+end
+# Login throttle: 5 attempts per 20 seconds per IP
+Rack::Attack.throttle("login/ip", limit: 5, period: 20.seconds) do |req|
+  req.ip if req.path == "/session" && req.post?
+end
+# ---------------------------------------------------------------------------
+# Custom responses
+# ---------------------------------------------------------------------------
+# Return 403 Forbidden for blocklisted requests
+Rack::Attack.blocklisted_responder = lambda do |_request|
+  [403, {"content-type" => "text/plain"}, ["Forbidden\n"]]
+end

data/lib/generators/maquina/solid_errors/solid_errors_generator.rb CHANGED Viewed

@@ -11,6 +11,8 @@ module Maquina
         desc: "Environment variable for HTTP auth username"
       class_option :password_env_var, type: :string, default: "SOLID_ERRORS_PASSWORD",
         desc: "Environment variable for HTTP auth password"
+      class_option :copy_views, type: :boolean, default: false,
+        desc: "Copy custom Solid Errors views to the host app"
       # 1. BackstageController
       def create_backstage_controller
@@ -44,21 +46,30 @@ module Maquina
         route "mount SolidErrors::Engine, at: \"#{mount_path}\""
       end
-      # 5. Bundle install
+      # 5. Custom views
+      def copy_views
+        return unless options[:copy_views]
+        view_files.each do |view|
+          copy_file view, view
+        end
+      end
+      # 6. Bundle install
       def run_bundle_install
         return unless rails_app?
         run "bundle install", capture: true
       end
-      # 6. Run solid_errors:install
+      # 7. Run solid_errors:install
       def run_gem_install
         return unless rails_app?
         run "bin/rails generate solid_errors:install", capture: true
       end
-      # 7. Post-install message
+      # 8. Post-install message
       def show_post_install
         say ""
         say "Solid Errors has been installed!", :green
@@ -80,6 +91,13 @@ module Maquina
       def rails_app?
         File.exist?(File.join(destination_root, "bin/rails"))
       end
+      def view_files
+        views_dir = File.join(self.class.source_root, "app/views/solid_errors")
+        Dir.glob("**/*.erb", base: views_dir).map do |file|
+          File.join("app/views/solid_errors", file)
+        end
+      end
     end
   end
 end

data/lib/generators/maquina/solid_errors/templates/app/views/solid_errors/errors/_actions.html.erb ADDED Viewed

@@ -0,0 +1,39 @@
+<%# locals: (error:) %>
+<%= render "components/card" do %>
+  <div class="p-6 pb-2">
+    <h3 class="text-lg font-medium">Actions</h3>
+  </div>
+  <div class="p-6 pt-0 space-y-3">
+    <%= link_to solid_errors.root_path, class: "button w-full justify-center" do %>
+      <svg
+        xmlns="http://www.w3.org/2000/svg"
+        width="16"
+        height="16"
+        viewBox="0 0 24 24"
+        fill="none"
+        stroke="currentColor"
+        stroke-width="2"
+        stroke-linecap="round"
+        stroke-linejoin="round"
+        class="lucide"
+      >
+        <path d="m12 19-7-7 7-7" />
+        <path d="M19 12H5" />
+      </svg>
+      <span>Back to Errors</span>
+    <% end %>
+    <% if error.resolved? %>
+      <%= render "solid_errors/errors/delete_button",
+      error: error,
+      class: "w-full justify-center" %>
+    <% else %>
+      <%= render "solid_errors/errors/resolve_button",
+      error: error,
+      class: "w-full justify-center" %>
+    <% end %>
+  </div>
+<% end %>

data/lib/generators/maquina/solid_errors/templates/app/views/solid_errors/errors/_delete_button.html.erb ADDED Viewed

@@ -0,0 +1,24 @@
+<%# locals: (error:) %>
+<%= button_to solid_errors.error_path(error),
+    method: :delete,
+    class: "button button-danger w-full justify-center inline-flex items-center gap-2 py-2 px-4 transition-all hover:scale-[1.02] active:scale-95",
+    data: { turbo_confirm: "Are you sure you want to delete this error?" } do %>
+  <svg
+    xmlns="http://www.w3.org/2000/svg"
+    width="16"
+    height="16"
+    viewBox="0 0 24 24"
+    fill="none"
+    stroke="currentColor"
+    stroke-width="2"
+    stroke-linecap="round"
+    stroke-linejoin="round"
+    class="lucide"
+  >
+    <path d="M3 6h18" />
+    <path d="M19 6v14c0 1-1 2-2 2H7c-1 0-2-1-2-2V6" />
+    <path d="M8 6V4c0-1 1-2 2-2h4c1 0 2 1 2 2v2" />
+  </svg>
+  <span>Delete Error</span>
+<% end %>

data/lib/generators/maquina/solid_errors/templates/app/views/solid_errors/errors/_error_card.html.erb ADDED Viewed

@@ -0,0 +1,106 @@
+<%# locals: (error:) %>
+<%= render "components/card", css_classes: "hover:shadow-md transition-shadow" do %>
+  <div class="p-6">
+    <div class="flex items-start justify-between gap-4">
+      <div class="flex-1 min-w-0">
+        <!-- Severity & Status -->
+        <div class="flex items-center gap-2 mb-2">
+          <%= render "components/severity_badge", severity: error.severity %>
+          <%= render "components/error_status_badge", resolved: error.resolved? %>
+        </div>
+        <!-- Error Title -->
+        <%= link_to solid_errors.error_path(error),
+            class: "text-lg font-semibold text-foreground hover:text-primary transition-colors" do %>
+          <code class="break-words"><%= error.exception_class %></code>
+        <% end %>
+        <div class="mt-1 text-sm text-muted-foreground">
+          from <em><code><%= error.source %></code></em>
+        </div>
+        <!-- Message with overflow handling -->
+        <pre
+          class="
+            mt-3 text-sm text-foreground whitespace-pre-wrap font-mono bg-muted/50 p-3
+            rounded-md overflow-auto max-h-32 break-words
+          "
+        ><%= error.message %></pre>
+      </div>
+      <!-- Action Button -->
+      <div class="flex-shrink-0">
+        <% if error.resolved? %>
+          <%= button_to solid_errors.error_path(error),
+              method: :delete,
+              form: { data: { turbo: false } },
+              data: { turbo_confirm: "Are you sure you want to delete this error?" },
+              class: "button button-danger inline-flex items-center gap-2 py-2 px-4 transition-all hover:scale-[1.02] active:scale-95" do %>
+            <svg
+              xmlns="http://www.w3.org/2000/svg"
+              width="16"
+              height="16"
+              viewBox="0 0 24 24"
+              fill="none"
+              stroke="currentColor"
+              stroke-width="2"
+              stroke-linecap="round"
+              stroke-linejoin="round"
+              class="lucide"
+            >
+              <path d="M3 6h18" />
+              <path d="M19 6v14c0 1-1 2-2 2H7c-1 0-2-1-2-2V6" />
+              <path d="M8 6V4c0-1 1-2 2-2h4c1 0 2 1 2 2v2" />
+            </svg>
+            <span>Delete</span>
+          <% end %>
+        <% else %>
+          <%= button_to solid_errors.error_path(error),
+              method: :patch,
+              form: { data: { turbo: false } },
+              params: { error: { resolved_at: Time.now } },
+              class: "button button-primary inline-flex items-center gap-2 py-2 px-4 transition-all hover:scale-[1.02] active:scale-95" do %>
+            <svg
+              xmlns="http://www.w3.org/2000/svg"
+              width="16"
+              height="16"
+              viewBox="0 0 24 24"
+              fill="none"
+              stroke="currentColor"
+              stroke-width="2"
+              stroke-linecap="round"
+              stroke-linejoin="round"
+              class="lucide"
+            >
+              <circle cx="12" cy="12" r="10" />
+              <path d="m9 12 2 2 4-4" />
+            </svg>
+            <span>Resolve</span>
+          <% end %>
+        <% end %>
+      </div>
+    </div>
+    <!-- Footer Stats -->
+    <div
+      class="
+        mt-4 flex items-center gap-6 text-sm text-muted-foreground border-t
+        border-border pt-4
+      "
+    >
+      <span>
+        <strong class="text-foreground"><%= error.occurrences_count %></strong>
+        occurrences
+      </span>
+      <span>
+        Last seen
+        <strong class="text-foreground"><%= time_ago_in_words(error.recent_occurrence) %></strong>
+        ago
+      </span>
+    </div>
+  </div>
+<% end %>

data/lib/generators/maquina/solid_errors/templates/app/views/solid_errors/errors/_resolve_button.html.erb ADDED Viewed

@@ -0,0 +1,23 @@
+<%# locals: (error:) %>
+<%= button_to solid_errors.error_path(error),
+    method: :patch,
+    params: { error: { resolved_at: Time.now } },
+    class: "button button-primary w-full justify-center inline-flex items-center gap-2 py-2 px-4 transition-all hover:scale-[1.02] active:scale-95" do %>
+  <svg
+    xmlns="http://www.w3.org/2000/svg"
+    width="16"
+    height="16"
+    viewBox="0 0 24 24"
+    fill="none"
+    stroke="currentColor"
+    stroke-width="2"
+    stroke-linecap="round"
+    stroke-linejoin="round"
+    class="lucide"
+  >
+    <circle cx="12" cy="12" r="10" />
+    <path d="m9 12 2 2 4-4" />
+  </svg>
+  <span>Resolve Error</span>
+<% end %>

data/lib/generators/maquina/solid_errors/templates/app/views/solid_errors/errors/index.html.erb ADDED Viewed

@@ -0,0 +1,74 @@
+<div class="container mx-auto px-4 py-8">
+  <!-- Header with tabs -->
+  <div class="mb-6 border-b border-border">
+    <div class="flex items-center justify-between mb-4">
+      <h1 class="text-2xl font-bold text-foreground">Errors</h1>
+      <!-- Delete All Resolved Button - Only on Resolved tab -->
+      <% if error_scope.resolved? %>
+        <% resolved_count = SolidErrors::Error.resolved.count %>
+        <% if resolved_count > 0 %>
+          <%= button_to main_app.solid_errors_resolved_errors_path,
+              method: :delete,
+              form: { data: { turbo: false } },
+              data: {
+                turbo_confirm: "This will queue deletion of all #{resolved_count} resolved error#{resolved_count == 1 ? '' : 's'}. The process will run in the background. Are you sure?"
+              },
+              class: "button button-danger inline-flex items-center gap-2 py-2 px-4 text-sm transition-all hover:scale-[1.02] active:scale-95" do %>
+            <svg
+              xmlns="http://www.w3.org/2000/svg"
+              width="16"
+              height="16"
+              viewBox="0 0 24 24"
+              fill="none"
+              stroke="currentColor"
+              stroke-width="2"
+              stroke-linecap="round"
+              stroke-linejoin="round"
+              class="lucide"
+            >
+              <path d="M3 6h18" />
+              <path d="M19 6v14c0 1-1 2-2 2H7c-1 0-2-1-2-2V6" />
+              <path d="M8 6V4c0-1 1-2 2-2h4c1 0 2 1 2 2v2" />
+              <line
+                x1="10"
+                x2="10"
+                y1="11"
+                y2="17"
+              />
+              <line
+                x1="14"
+                x2="14"
+                y1="11"
+                y2="17"
+              />
+            </svg>
+            <span>Delete All Resolved</span>
+          <% end %>
+        <% end %>
+      <% end %>
+    </div>
+    <!-- Tab Navigation -->
+    <nav class="-mb-px flex space-x-8" aria-label="Tabs">
+      <%= link_to solid_errors.root_path(scope: :unresolved),
+          class: "inline-flex items-center border-b-2 px-1 py-4 text-sm font-medium #{ error_scope.unresolved? ? 'border-primary text-primary' : 'border-transparent text-muted-foreground hover:border-border hover:text-foreground' }" do %>
+        <span>⏳ Unresolved</span>
+      <% end %>
+      <%= link_to solid_errors.root_path(scope: :resolved),
+          class: "inline-flex items-center border-b-2 px-1 py-4 text-sm font-medium #{ error_scope.resolved? ? 'border-primary text-primary' : 'border-transparent text-muted-foreground hover:border-border hover:text-foreground' }" do %>
+        <span>✅ Resolved</span>
+      <% end %>
+    </nav>
+  </div>
+  <!-- Error Grid -->
+  <div class="grid grid-cols-1 gap-4">
+    <%= render partial: "solid_errors/errors/error_card", collection: @errors, as: :error %>
+  </div>
+</div>

data/lib/generators/maquina/solid_errors/templates/app/views/solid_errors/errors/show/_actions.html.erb ADDED Viewed

@@ -0,0 +1,60 @@
+<%# locals: (error:) %>
+<%= render "components/card" do %>
+  <div class="p-6 pb-2">
+    <h3 class="text-lg font-medium text-foreground">Actions</h3>
+  </div>
+  <div class="p-6 pt-0 space-y-3">
+    <!-- Clean Old Occurrences Button - FIRST (only if more than 10) -->
+    <% if error.occurrences.count > 10 %>
+      <%= button_to main_app.solid_errors_error_occurrences_path(error),
+          method: :delete,
+          form: { data: { turbo: false } },
+          data: {
+            turbo_confirm: "This will delete #{error.occurrences.count - 10} old occurrence#{'s' if error.occurrences.count - 10 != 1}, keeping only the latest 10. Are you sure?"
+          },
+          class: "button w-full justify-center inline-flex items-center gap-2 py-2 px-4 bg-yellow-100 text-yellow-800 hover:bg-yellow-200 border-yellow-300 transition-all hover:scale-[1.02] active:scale-95" do %>
+        <svg
+          xmlns="http://www.w3.org/2000/svg"
+          width="16"
+          height="16"
+          viewBox="0 0 24 24"
+          fill="none"
+          stroke="currentColor"
+          stroke-width="2"
+          stroke-linecap="round"
+          stroke-linejoin="round"
+          class="lucide"
+        >
+          <path d="M3 6h18" />
+          <path d="M19 6v14c0 1-1 2-2 2H7c-1 0-2-1-2-2V6" />
+          <path d="M8 6V4c0-1 1-2 2-2h4c1 0 2 1 2 2v2" />
+          <line
+            x1="10"
+            x2="10"
+            y1="11"
+            y2="17"
+          />
+          <line
+            x1="14"
+            x2="14"
+            y1="11"
+            y2="17"
+          />
+        </svg>
+        <span>Clean Old Occurrences</span>
+      <% end %>
+    <% end %>
+    <!-- Resolve/Delete Button - SECOND -->
+    <% if error.resolved? %>
+      <%= render "solid_errors/errors/delete_button", error: error %>
+    <% else %>
+      <%= render "solid_errors/errors/resolve_button", error: error %>
+    <% end %>
+  </div>
+<% end %>