maquina 0.1.0

data/app/controllers/concerns/maquina/resourceful.rb

@@ -0,0 +1,180 @@
+# frozen_string_literal: true
+
+module Maquina
+  module Resourceful
+    extend ActiveSupport::Concern
+
+    class ResourceResponse
+      def response(&block)
+        @block = block
+      end
+
+      def code
+        @block
+      end
+    end
+
+    included do
+      class_attribute :resource_class, instance_writer: false
+      class_attribute :find_by_param, instance_writer: false
+      class_attribute :list_attributes, instance_writer: false
+      class_attribute :form_attributes, instance_writer: false
+      class_attribute :show_attributes, instance_writer: false
+      class_attribute :policy_class, instance_writer: false
+
+      attr_reader :resource, :collection
+
+      protected
+
+      # Route proxies
+
+      def base_singular_path_name
+        @base_path_name ||= begin
+          namespace_path = ""
+          "#{namespace_path}#{resource_class.model_name.singular_route_key}_path"
+        end
+      end
+
+      def base_plural_path_name
+        @base_plural_path_name ||= begin
+          namespace_path = ""
+          "#{namespace_path}#{resource_class.model_name.route_key}_path"
+        end
+      end
+
+      def new_resource_path(options = {})
+        Rails.application.routes.url_helpers.send("new_#{base_singular_path_name}", **options)
+      end
+
+      def edit_resource_path(resource, options = {})
+        Rails.application.routes.url_helpers.send("edit_#{base_singular_path_name}", resource, **options)
+      end
+
+      def resource_path(resource)
+        Rails.application.routes.url_helpers.send(base_singular_path_name, resource)
+      end
+
+      def collection_path(params = {})
+        Rails.application.routes.url_helpers.send(base_plural_path_name, **params)
+      end
+
+      def submit_path(params = {})
+      end
+
+      # Controller secure params
+      def resource_secure_params
+        method_name = :secure_params
+        method_action_name = "#{action_name}_#{method_name}".to_sym
+
+        if respond_to?(method_action_name)
+          send(method_action_name)
+        elsif respond_to?(method_name)
+          send(method_name)
+        else
+          params.require(resource_class.model_name.element.to_sym).permit(form_attributes.flat_map { |field| field.keys })
+        end
+      end
+
+      def set_flash_message(status)
+        key = (%w[created accepted].include?(status.to_s) || (status == :no_content && action_name == "destroy")) ? :notice : :alert
+        message_hash = t(
+          "flash.#{controller_name}.#{action_name}.#{key}",
+          default: t("flash.#{action_name}.#{key}")
+        )
+
+        flash[key] = message_hash if !%w[create update].include?(action_name) || (%w[create update].include?(action_name) && %w[created accepted].include?(status.to_s))
+        flash.now[key] = message_hash if %w[create update].include?(action_name) && status == :unprocessable_entity
+      end
+
+      def dual_action_response(object, &block)
+        has_errors = object&.errors&.any?
+        responded = false
+
+        case block.try(:arity)
+        when 2
+          responded = true
+
+          success = ResourceResponse.new
+          failure = ResourceResponse.new
+          block.call success, failure
+
+          if has_errors
+            failure.code.call
+          else
+            success.code.call
+          end
+        when 1
+          if !has_errors
+            responded = true
+
+            success = ResourceResponse.new
+            block.call success
+
+            success.code.call
+          end
+        end
+
+        if !responded
+          respond_to do |format|
+            if has_errors
+              format.html { render object.persisted? ? :edit : :new }
+              format.turbo_stream
+              format.json { render json: {errors: object.errors.map { |error| {error.attribute => error.message} }} }
+            else
+              format.html { redirect_to collection_path, status: :see_other }
+              format.json { render json: {data: Array(object), links: build_json_links(object)} }
+            end
+          end
+        end
+      end
+
+      def build_json_links(object)
+        [
+          {
+            rel: :self,
+            uri: resource_path(object)
+          }
+        ]
+      end
+
+      helper_method :resource_class, :policy_class, :resource, :list_attributes, :form_attributes, :collection,
+        :collection_path, :resource_path, :new_resource_path, :edit_resource_path, :submit_path
+    end
+
+    class_methods do
+      def resourceful(resource_class: nil, find_by_param: :id, only: [], except: [], list_attributes: [], form_attributes: [], show_attributes: [], policy_class: nil)
+        self.resource_class = resource_class || controller_path.classify.safe_constantize
+        self.find_by_param = find_by_param || :id
+        self.list_attributes = Array(list_attributes).compact
+        self.form_attributes = Array(form_attributes).compact
+        self.show_attributes = Array(show_attributes).compact
+        self.policy_class = policy_class
+
+        valid_rest_actions = {
+          index: Maquina::Index,
+          new: Maquina::New,
+          create: Maquina::Create,
+          edit: Maquina::Edit,
+          update: Maquina::Update,
+          show: Maquina::Show,
+          destroy: Maquina::Destroy
+        }.freeze
+
+        sanitized_only = Array(only).compact
+        sanitized_except = Array(except).compact
+        rest_actions_keys = valid_rest_actions.keys
+
+        calculated_only = sanitized_only.empty? ? rest_actions_keys : rest_actions_keys & sanitized_only
+
+        (calculated_only - sanitized_except).each do |action|
+          rest_action = valid_rest_actions[action]
+          if rest_action.present?
+            include rest_action
+          else
+            Rails.logger.error "[#{self.class} :: Action #{action} is undefined]"
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/concerns/maquina/show.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Maquina
+  module Show
+    extend ActiveSupport::Concern
+
+    included do
+      def show(&block)
+        @resource ||= begin
+          scope = resource_class
+          # TODO: Implement filtering by organization
+          # scope = scope.where(organization)
+          # TODO: Implement policy authorization (ActionPolicy)
+          scope = yield(scope) if block.present?
+
+          scope.find_by!(find_by_param => params[:id])
+        end
+
+        respond_to do |format|
+          format.html
+          format.json { render json: @resource }
+        end
+      end
+      alias_method :show!, :show
+    end
+  end
+end

data/app/controllers/concerns/maquina/update.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Maquina
+  module Update
+    extend ActiveSupport::Concern
+
+    included do
+      def update(&block)
+        @resource ||= begin
+          scope = resource_class
+          # scope = scope.where(organization)
+          # TODO: Implement filtering by organization
+          resource = scope.find_by!(find_by_param => params[:id])
+
+          authorize! resource, with: policy_class if policy_class.present?
+
+          resource
+        end
+
+        saved = @resource.update(resource_secure_params)
+
+        status = saved ? :accepted : :unprocessable_entity
+        response.status = status
+        set_flash_message(status)
+
+        dual_action_response(@resource, &block)
+      end
+      alias_method :update!, :update
+    end
+  end
+end

data/app/controllers/maquina/accept_invitations_controller.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Maquina
+  class AcceptInvitationsController < ApplicationController
+    layout "maquina/sessions"
+
+    before_action :load_invitation
+
+    def new
+    end
+
+    def update
+    end
+
+    private
+
+    def load_invitation
+      invitation_token = params[:token] || params.dig(:invitation, :invitation_token)
+
+      if invitation_token.present?
+        invitation_token = CGI.unescape(invitation_token)
+        @invitation = Maquina::Invitation.where(accepted_at: nil).find_signed(invitation_token, purpose: :invitation)
+      end
+
+      @invitation ||= Maquina::Invitation.new
+    end
+  end
+end

data/app/controllers/maquina/application_controller.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Maquina
+  class ApplicationController < ActionController::Base
+    include Maquina::Resourceful
+    include Maquina::Authenticate
+
+    helper Maquina::NavbarMenuHelper
+    helper Maquina::ViewsHelper
+
+    rescue_from ActionPolicy::Unauthorized, with: :not_authorized
+
+    private
+
+    def not_authorized
+      redirect_to unauthorized_path
+    end
+  end
+end

data/app/controllers/maquina/dashboard_controller.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Maquina
+  class DashboardController < ApplicationController
+    before_action :authenticate!
+
+    def index
+    end
+
+    protected
+
+    def collection_path
+      nil
+    end
+  end
+end

data/app/controllers/maquina/invitations_controller.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Maquina
+  class InvitationsController < ApplicationController
+    before_action :authenticate!
+
+    layout false
+
+    resourceful(
+      resource_class: Maquina::Invitation,
+      form_attributes: [{email: {type: :input, control_html: {class: "sm:col-span-6"}, input_html: {class: "block w-full min-w-0 flex-1 input"}}}],
+      policy_class: Maquina::InvitationPolicy,
+      only: [:new, :create]
+    )
+
+    def create
+      authorize! with: policy_class if policy_class.present?
+
+      email = params.dig(:invitation, :email)&.strip
+      # management = Maquina::Current.management?
+
+      @resource = Maquina::Invitation.order(created_at: :desc).find_or_initialize_by(email: email)
+      if @resource.new_record?
+        @resource.save
+      elsif @resource.accepted?
+        @resource = Maquina::Invitation.new(email: email)
+        @resource.errors.add(:email, :invalid)
+      end
+
+      create! do |success|
+        success.response do
+          url = maquina.new_accept_invitations_url(token: CGI.escape(@resource.signed_id(purpose: :invitation, expires_in: 3.days)))
+          Maquina::UserNotificationsMailer.with(email: @resource.email, inviteer: Maquina::Current.user.email, url: url).invitation_email.deliver_later
+
+          flash[:notice] = {title: t("flash.#{@resource.model_name.i18n_key}.create.notice.title"), description: t("flash.#{@resource.model_name.i18n_key}.create.notice.description", email: email)}
+          redirect_to collection_path
+        end
+      end
+    end
+
+    private
+
+    def submit_path(params = {})
+      invitations_path(**params)
+    end
+
+    def collection_path
+      users_path
+    end
+  end
+end

data/app/controllers/maquina/plans_controller.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module Maquina
+  class PlansController < ApplicationController
+    # include Maquina::Resourceful # Include this module if your ApplicationController does not include it.
+    # include Maquina::Authenticate          # Include this module if your ApplicationController does not include it.
+    before_action :authenticate!
+
+    # resource_class: Model Name
+    # form_attributes: List of attributes for edit with type
+    # list_attributes: List of attributes to display in index action
+    # show_attributes: List of attributes to display in show action
+    # policy_class: ActionPolicy class to check action authorization. Update this policy file.
+    resourceful(
+      resource_class: Maquina::Plan,
+      form_attributes: [{name: {type: :input, control_html: {class: "sm:col-span-6"}, input_html: {class: "block w-full min-w-0 flex-1 input"}}},
+        {trial: {type: :input, control_html: {class: "sm:col-span-2"}, input_html: {class: "block w-full min-w-0 flex-1 input"}}},
+        {price: {type: :input, control_html: {class: "sm:col-span-2"}, input_html: {class: "block w-full min-w-0 flex-1 input"}}},
+        {free: {type: :checkbox, control_html: {class: "sm:col-span-6 relative flex items-start"}, input_html: {class: "check"}}},
+        {active: {type: :checkbox, control_html: {class: "sm:col-span-6 relative flex items-start"}, input_html: {class: "check"}}}],
+      list_attributes: [:name, :trial, :price, :free, :active],
+      show_attributes: [:name, :trial, :price, :free, :active],
+      policy_class: Maquina::PlanPolicy,
+      except: [:show, :destroy]
+    )
+
+    def create
+      create! do |success|
+        success.response { redirect_to edit_plan_path(resource), status: :see_other }
+      end
+    end
+
+    private
+
+    def new_resource_path(options = {})
+      new_plan_path(**options)
+    end
+
+    def edit_resource_path(resource, options = {})
+      edit_plan_path(resource, **options)
+    end
+
+    def resource_path(resource)
+      plan_path(resource)
+    end
+
+    def collection_path
+      plans_path
+    end
+
+    # Only allow a list of trusted parameters through.
+    def secure_params
+      params.require(:maquina_plan).permit(:name, :trial, :price, :free, :active)
+    end
+  end
+end

data/app/controllers/maquina/sessions_controller.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module Maquina
+  class SessionsController < ApplicationController
+    layout "maquina/sessions"
+
+    def new
+      @return_to = params[:return_to]
+      @return_to = nil if @return_to == "/" || @return_to == "%2F"
+    end
+
+    def create
+      user = Maquina::User.authenticate_by(email: params.dig(:email), password: params.dig(:password))
+
+      @return_to = params.dig(:return_to)
+      result = create_session(user, @return_to)
+      return redirect_to(result, status: :see_other, format: :html) if result.present?
+
+      response.status = :unprocessable_entity
+      flash.now.alert = t("flash.sessions.create.alert")
+
+      respond_to do |format|
+        format.html { render :new }
+        format.turbo_stream
+      end
+    end
+
+    def destroy
+      session["--active_session"] = nil
+      Maquina::Current.reset
+
+      flash.notice = t("flash.sessions.destroy.notice")
+      redirect_to main_app.root_path
+    end
+
+    private
+
+    def calculate_redirect_path(active_session)
+      return maquina.new_multifactor_path if active_session.user.multifactor?
+      return active_session.return_url if active_session.return_url.present?
+
+      active_session.user.management? ? maquina.root_path : main_app.root_path
+    end
+
+    def create_session(user, return_to)
+      return nil if user.blank?
+
+      active_session = ActiveSession.create(user: user, user_agent: request.user_agent, remote_addr: request.remote_ip, return_url: return_to)
+      return nil if !active_session.persisted?
+
+      session["--active_session"] = active_session.id
+      flash.notice = t("flash.sessions.create.notice")
+      calculate_redirect_path(active_session)
+    end
+  end
+end

data/app/controllers/maquina/unauthorized_controller.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Maquina
+  class UnauthorizedController < ApplicationController
+    def show
+      render :"401", status: :unauthorized
+    end
+  end
+end

data/app/controllers/maquina/users_controller.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Maquina
+  class UsersController < ApplicationController
+    before_action :authenticate!
+
+    resourceful(
+      resource_class: User,
+      list_attributes: [:email, :blocked_at, :created_at],
+      policy_class: UserPolicy,
+      only: [:index]
+    )
+
+    private
+
+    def new_resource_path
+      new_invitation_path
+    end
+
+    def collection_path
+      users_path
+    end
+  end
+end

data/app/helpers/maquina/application_helper.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Maquina
+  module ApplicationHelper
+    def maquina_importmap_tags(entry_point = "application", shim: true)
+      safe_join [
+        javascript_inline_importmap_tag(Maquina.configuration.importmap.to_json(resolver: self)),
+        javascript_importmap_module_preload_tags(Maquina.configuration.importmap),
+        (javascript_importmap_shim_nonce_configuration_tag if shim),
+        (javascript_importmap_shim_tag if shim),
+        javascript_import_module_tag(entry_point)
+      ].compact, "\n"
+    end
+
+    def class_to_form_frame(klass)
+      "#{klass.to_s.underscore.tr("/", "_")}_form"
+    end
+  end
+end

data/app/helpers/maquina/navbar_menu_helper.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Maquina
+  module NavbarMenuHelper
+    def menu_options
+      options = {}
+      options[:plans] = maquina.plans_path if Maquina::Current.signed_in? && allowed_to?(:plans?, with: Maquina::NavigationPolicy)
+      options[:users] = maquina.users_path if Maquina::Current.signed_in? && allowed_to?(:users?, with: Maquina::NavigationPolicy)
+
+      options
+    end
+
+    def active_menu_option?(path)
+      request.path == path
+    end
+
+    def profile_menu_options
+      if Maquina::Current.signed_in?
+        {
+          signout: {method: :delete, path: sessions_path}
+        }
+      else
+        {
+          signin: new_sessions_path
+        }
+      end
+    end
+  end
+end

data/app/helpers/maquina/views_helper.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Maquina
+  module ViewsHelper
+    def brand_icon
+      asset_path("maquina/maquina.svg")
+    end
+  end
+end

data/app/jobs/maquina/application_job.rb

@@ -0,0 +1,4 @@
+module Maquina
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/maquina/application_mailer.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module Maquina
+  class ApplicationMailer < ActionMailer::Base
+    default from: I18n.t("mailers.default_from")
+    layout "maquina/mailer"
+  end
+end

data/app/mailers/maquina/user_notifications_mailer.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Maquina
+  class UserNotificationsMailer < ApplicationMailer
+    def invitation_email
+      @email = params[:email]
+      @url = params[:url]
+      @inviteer = params[:inviteer]
+      @org = params[:org] || I18n.t("application_name")
+
+      subject = I18n.t("mailers.invitation_email.subject", org: @org)
+
+      mail(to: @email, subject: subject)
+    end
+  end
+end

data/app/models/concerns/maquina/authenticate_by.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Maquina
+  module AuthenticateBy
+    extend ActiveSupport::Concern
+    included do
+      add_authenticate_by
+    end
+
+    class_methods do
+      def add_authenticate_by
+        version = Gem::Version.new(Rails::VERSION::STRING)
+        return if version.to_s.to_f >= 7.1
+
+        Rails.logger.warn "[#{self}] Adding class method authenticate_by"
+        self.class.define_method(:authenticate_by) do |attributes|
+          passwords, identifiers = attributes.to_h.partition do |name, value|
+            !has_attribute?(name) && has_attribute?("#{name}_digest")
+          end.map(&:to_h)
+
+          raise ArgumentError, "One or more password arguments are required" if passwords.empty?
+          raise ArgumentError, "One or more finder arguments are required" if identifiers.empty?
+          if (record = find_by(identifiers))
+            record if passwords.count { |name, value| record.public_send(:"authenticate_#{name}", value) } == passwords.size
+          else
+            new(passwords)
+            nil
+          end
+        end
+      end
+    end
+  end
+end

data/app/models/concerns/maquina/blockeable.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Maquina
+  module Blockeable
+    extend ActiveSupport::Concern
+
+    included do
+      if has_attribute?(:blocked_at) && has_attribute?(:temporary_blocked_at)
+        define_method(:blocked?) do
+          temporary_blocked_until = nil
+          if Maquina.configuration.temporary_block.present? && temporary_blocked_at.present?
+            temporary_blocked_until = temporary_blocked_at.since(Maquina.configuration.temporary_block)
+          end
+
+          blocked_at.present? || (temporary_blocked_until.present? && temporary_blocked_until > Time.zone.now)
+        end
+
+        scope :unblocked, -> { where(blocked_at: nil).where("(coalesce(temporary_blocked_at + interval '? minutes', now())) <= now()", Maquina.configuration.temporary_block&.in_minutes&.to_i || 0) }
+      elsif has_attribute(:blocked_at)
+        define_method(:blocked?) do
+          blocked_at.present?
+        end
+
+        scope :unblocked, -> { where(blocked_at: nil) }
+      end
+    end
+  end
+end