markdownr 0.7.2 → 0.8.1

data/lib/markdown_server/csv_browser/config_loader.rb

@@ -0,0 +1,231 @@
+# frozen_string_literal: true
+
+require "csv"
+require "yaml"
+require "json_schemer"
+
+module MarkdownServer
+  module CsvBrowser
+    # Loads database definitions from YAML files.
+    # Each YAML file defines one database with its tables, schemas, and views.
+    # CSV paths are resolved relative to the YAML file's directory.
+    class ConfigLoader
+      Database = Struct.new(:key, :title, :tables, :yaml_path, :group_by_directory, :show_record_counts, keyword_init: true)
+      Table = Struct.new(:key, :title, :csv_path, :columns, :required, :schema, :views, :color, :addons, keyword_init: true)
+      Column = Struct.new(:key, :title, :type, :constraints, :references, keyword_init: true)
+      View = Struct.new(:key, :title, :columns, keyword_init: true)
+
+      def initialize(yaml_paths, root_dir)
+        @yaml_paths = yaml_paths
+        @root_dir = root_dir
+        @databases = yaml_paths.filter_map { |path| load_database(path) }
+      end
+
+      attr_reader :databases
+
+      def reload!
+        config_path = File.join(@root_dir, ".markdownr.yml")
+        if File.exist?(config_path)
+          yaml = YAML.safe_load(File.read(config_path), permitted_classes: [Symbol], aliases: true) rescue nil
+          paths = yaml&.dig("csv_databases") || yaml&.dig("plugins", "csv_browser", "databases")
+          @yaml_paths = paths if paths.is_a?(Array) && !paths.empty?
+        end
+        @databases = @yaml_paths.filter_map { |path| load_database(path) }
+      end
+
+      def database(key)
+        @databases.find { |db| db.key == key }
+      end
+
+      # Returns Database if real_path matches a configured YAML database file
+      def find_database_by_yaml_path(real_path)
+        @databases.find { |db| db.yaml_path == real_path }
+      end
+
+      # Builds FK lookup maps for a table's columns that have references.
+      # Returns { "column_key" => { id_value => display_value, ... }, ... }
+      def resolve_references(database, table)
+        lookups = {}
+        table.columns.each do |col|
+          next unless col.references
+          ref_table = database.tables.find { |t| t.key == col.references[:table] }
+          next unless ref_table
+          next unless File.exist?(ref_table.csv_path)
+
+          map = {}
+          CSV.foreach(ref_table.csv_path, headers: true) do |row|
+            key_val = row[col.references[:column]]
+            display_val = row[col.references[:display]]
+            map[key_val] = display_val if key_val && display_val
+          end
+          lookups[col.key] = map
+        end
+        lookups
+      end
+
+      # Finds other tables in the database that have FK columns pointing at this table.
+      # Returns [{ table: "enrollments", label: "Enrollments", column: "class_id", references_column: "id" }, ...]
+      def resolve_reverse_references(database, table)
+        reverse = []
+        database.tables.each do |other_table|
+          next if other_table.key == table.key
+          other_table.columns.each do |col|
+            next unless col.references && col.references[:table] == table.key
+            entry = {
+              table: other_table.key,
+              title: other_table.title,
+              column: col.key,
+              references_column: col.references[:column]
+            }
+            entry[:color] = other_table.color if other_table.color
+            reverse << entry
+          end
+        end
+        reverse
+      end
+
+      # Returns [database, table] if real_path matches a table's CSV file, or nil
+      def find_table_by_csv_path(real_path)
+        @databases.each do |db|
+          db.tables.each do |table|
+            return [db, table] if table.csv_path == real_path
+          end
+        end
+        nil
+      end
+
+      # Returns CSV file paths under root_dir that aren't claimed by any database table.
+      # Each entry is { path: "/abs/path.csv", relative: "sub/dir/file.csv" }.
+      def unmapped_csv_files
+        referenced = Set.new
+        @databases.each do |db|
+          db.tables.each { |t| referenced << t.csv_path }
+        end
+
+        root = File.realpath(@root_dir)
+        Dir.glob(File.join(root, "**", "*.csv")).filter_map do |path|
+          real = File.realpath(path)
+          next if referenced.include?(real)
+          relative = real.delete_prefix("#{root}/")
+          { path: real, relative: relative }
+        end.sort_by { |e| e[:relative] }
+      end
+
+      private
+
+      def load_database(relative_path)
+        path = File.expand_path(relative_path, @root_dir)
+        $stdout.write "[csv-browser] Loading #{relative_path}..."
+        $stdout.flush
+
+        unless File.exist?(path)
+          puts "\n\n  \e[33mnot found: #{path}\e[0m\n\n"
+          return nil
+        end
+
+        yaml_dir = File.dirname(path)
+        config = YAML.safe_load(File.read(path), permitted_classes: [Symbol], aliases: true)
+        db_key = File.basename(path, ".*")
+
+        tables = (config["tables"] || {}).filter_map do |table_key, table_def|
+          build_table(table_key, table_def, yaml_dir)
+        end
+
+        group = config.fetch("group_by_directory", true)
+        counts = config.fetch("show_record_counts", true)
+        db = Database.new(key: db_key, title: config["title"] || config["label"] || db_key.capitalize,
+                          tables: tables, yaml_path: File.realpath(path),
+                          group_by_directory: group, show_record_counts: counts)
+        puts " ok (#{tables.length} tables)"
+        db
+      rescue => e
+        puts "\n\n  \e[31merror: #{e.message}\e[0m\n\n"
+        nil
+      end
+
+      def build_table(key, definition, yaml_dir)
+        properties = definition["properties"] || {}
+        required = definition["required"] || []
+
+        columns = properties.map do |col_key, col_def|
+          ref = col_def["references"]
+          Column.new(
+            key: col_key,
+            title: col_def["title"] || col_key.capitalize,
+            type: col_def["type"] || "string",
+            constraints: col_def.except("type", "title", "references"),
+            references: ref ? { table: ref["table"], column: ref["column"], display: ref["display"] } : nil
+          )
+        end
+
+        views = (definition["views"] || { "all" => { "title" => "All" } }).map do |view_key, view_def|
+          View.new(
+            key: view_key,
+            title: view_def["title"] || view_def["label"] || view_key.capitalize,
+            columns: view_def["columns"]
+          )
+        end
+
+        schema = build_json_schema(key, properties, required, definition)
+
+        default_title = key.tr("_", " ").split.map(&:capitalize).join(" ")
+        csv_path = File.expand_path(definition["csv"], yaml_dir)
+
+        unless File.exist?(csv_path)
+          warn "[csv-browser] Skipping table '#{key}': CSV not found at #{csv_path}"
+          return nil
+        end
+
+        Table.new(
+          key: key,
+          title: definition["title"] || default_title,
+          csv_path: File.realpath(csv_path),
+          columns: columns,
+          required: required,
+          schema: schema,
+          views: views,
+          color: definition["color"],
+          addons: definition["addons"] || []
+        )
+      end
+
+      def build_json_schema(table_key, properties, required, definition = {})
+        json_props = properties.transform_values do |col_def|
+          prop = {}
+          case col_def["type"]
+          when "integer"
+            prop["type"] = "integer"
+          when "number"
+            prop["type"] = "number"
+          else
+            prop["type"] = "string"
+          end
+          prop["title"] = col_def["title"] if col_def["title"]
+          prop["enum"] = col_def["enum"] if col_def["enum"]
+          prop["pattern"] = col_def["pattern"] if col_def["pattern"]
+          prop["format"] = col_def["format"] if col_def["format"]
+          prop["minimum"] = col_def["minimum"] if col_def["minimum"]
+          prop["maximum"] = col_def["maximum"] if col_def["maximum"]
+          prop["minLength"] = col_def["minLength"] if col_def["minLength"]
+          prop["maxLength"] = col_def["maxLength"] if col_def["maxLength"]
+          prop
+        end
+
+        schema = {
+          "$schema" => "https://json-schema.org/draft/2020-12/schema",
+          "title" => table_key,
+          "type" => "object",
+          "properties" => json_props,
+          "required" => required
+        }
+
+        schema["if"] = definition["if"] if definition["if"]
+        schema["then"] = definition["then"] if definition["then"]
+        schema["else"] = definition["else"] if definition["else"]
+        schema["allOf"] = definition["allOf"] if definition["allOf"]
+
+        JSONSchemer.schema(schema)
+      end
+    end
+  end
+end

data/lib/markdown_server/csv_browser/row_context.rb

@@ -0,0 +1,146 @@
+# frozen_string_literal: true
+
+require "csv"
+
+module MarkdownServer
+  module CsvBrowser
+    # Context object passed to add-on action blocks. Exposes the active
+    # row/table/options/input/state and provides table read/write primitives
+    # that all flow through TableReader (so validation and CSV writes behave
+    # exactly like the row-editor path).
+    #
+    # A RowContext represents one HTTP invocation. For a multi-round prompt,
+    # a fresh RowContext is created per POST; state is what carries data
+    # across rounds (round-tripping through the client).
+    class RowContext
+      attr_reader :database, :table, :row_index, :row, :options, :input, :state
+
+      def initialize(database:, table:, row_index:, row:, options: {}, input: nil, state: nil)
+        @database = database
+        @table = table
+        @row_index = row_index
+        @row = row || {}
+        @options = options || {}
+        @input = symbolize_keys(input)
+        @state = StateHash.wrap(state)
+      end
+
+      # List rows from any table in this database.
+      # Returns an array of plain hashes keyed by column name (strings).
+      def read_table(table_name, where: {})
+        t = resolve_table(table_name)
+        return [] unless t && File.exist?(t.csv_path)
+
+        rows = []
+        CSV.foreach(t.csv_path, headers: true) do |row|
+          h = row.to_h
+          next unless where.empty? || where.all? { |k, v| h[k.to_s].to_s == v.to_s }
+
+          rows << h
+        end
+        rows
+      end
+
+      def insert_row(table_name, values, at: nil)
+        reader = TableReader.new(resolve_table!(table_name))
+        reader.insert_row(stringify_values(values), at: at)
+      end
+
+      def update_row(table_name, row_index, changes)
+        reader = TableReader.new(resolve_table!(table_name))
+        reader.update_row(row_index, stringify_values(changes))
+      end
+
+      def delete_row(table_name, row_index)
+        reader = TableReader.new(resolve_table!(table_name))
+        reader.delete_row(row_index)
+      end
+
+      # Return-value helpers — each produces the shape the HTTP layer will
+      # serialize back to the client.
+      def prompt(title:, fields:, state: {})
+        { kind: "prompt", title: title, fields: fields, state: stringify_state(state) }
+      end
+
+      def done(reload: true)
+        { kind: "done", reload: reload }
+      end
+
+      def error(message, fields: nil)
+        h = { kind: "error", message: message }
+        h[:fields] = fields if fields
+        h
+      end
+
+      private
+
+      def resolve_table(table_name)
+        return table_name if table_name.is_a?(ConfigLoader::Table)
+
+        key = table_name.to_s
+        @database.tables.find { |t| t.key == key }
+      end
+
+      def resolve_table!(table_name)
+        t = resolve_table(table_name)
+        raise ArgumentError, "unknown table: #{table_name.inspect}" unless t
+
+        t
+      end
+
+      def stringify_values(values)
+        values.each_with_object({}) { |(k, v), h| h[k.to_s] = v.nil? ? nil : v.to_s }
+      end
+
+      def stringify_state(state)
+        return {} if state.nil?
+
+        state.each_with_object({}) { |(k, v), h| h[k.to_s] = v }
+      end
+
+      def symbolize_keys(h)
+        return nil if h.nil?
+        return h unless h.is_a?(Hash)
+
+        h.each_with_object({}) { |(k, v), out| out[k.to_sym] = v }
+      end
+
+      # Hash wrapper that allows symbol OR string key access, so handlers can
+      # write `ctx.state[:step]` regardless of JSON round-trip. Values are
+      # plain JSON-serializable objects (the round-trip strips Ruby symbols —
+      # use strings for step identifiers).
+      class StateHash
+        def self.wrap(h)
+          return new({}) if h.nil?
+          return h if h.is_a?(StateHash)
+
+          new(h)
+        end
+
+        def initialize(h)
+          @h = h.is_a?(Hash) ? h : {}
+        end
+
+        def [](key)
+          @h[key] || @h[key.to_s] || @h[key.to_sym]
+        end
+
+        def []=(key, value)
+          @h[key.to_s] = value
+        end
+
+        def key?(key)
+          @h.key?(key) || @h.key?(key.to_s) || @h.key?(key.to_sym)
+        end
+
+        def to_h
+          @h.dup
+        end
+
+        def empty?
+          @h.empty?
+        end
+      end
+    end
+  end
+end

data/lib/markdown_server/csv_browser/table_reader.rb

@@ -0,0 +1,259 @@
+# frozen_string_literal: true
+
+require "csv"
+
+module MarkdownServer
+  module CsvBrowser
+    # Reads CSV files and applies view filtering (column subsets).
+    # Coerces values to match schema types (integer, number, string).
+    class TableReader
+      def initialize(table)
+        @table = table
+      end
+
+      # Returns { columns: [{key, title, type}], rows: [[idx, val, ...]] }
+      # for the given view. Each row's first element is its original file index.
+      def read(view_key = nil)
+        view = find_view(view_key)
+        all_data = read_csv
+        apply_view(all_data, view)
+      end
+
+      # Validates changed cells against the table schema.
+      # changes is a hash of { col_key => new_string_value }.
+      # Returns { valid: true } or { valid: false, errors: [...] }.
+      def validate_cells(row_index, changes)
+        rows = read_csv_raw
+        if row_index < 0 || row_index >= rows.length
+          return { valid: false, errors: [{ "message" => "Row not found", "fields" => [] }] }
+        end
+
+        row = rows[row_index]
+        merged = row.to_h.merge(changes)
+
+        # Coerce to schema types for validation (skip blank optional fields
+        # so json_schemer doesn't reject nil as non-string)
+        coerced = {}
+        @table.columns.each do |col|
+          val = coerce_for_validation(merged[col.key], col.type)
+          coerced[col.key] = val unless val.nil?
+        end
+
+        errors = @table.schema.validate(coerced).map { |e| format_error(e) }
+
+        errors.empty? ? { valid: true } : { valid: false, errors: errors }
+      end
+
+      # Validates all rows against the table schema.
+      # Returns { row_index => [error_strings, ...], ... } for failing rows only.
+      def validate_all
+        rows = read_csv_raw
+        errors_by_row = {}
+
+        rows.each_with_index do |row, idx|
+          coerced = {}
+          @table.columns.each do |col|
+            val = coerce_for_validation(row[col.key], col.type)
+            coerced[col.key] = val unless val.nil?
+          end
+
+          errors = @table.schema.validate(coerced).map { |e| format_error(e) }
+
+          errors_by_row[idx] = errors unless errors.empty?
+        end
+
+        errors_by_row
+      end
+
+      # Deletes a row from the CSV file.
+      # Returns { deleted: true } or { deleted: false, error: "..." }.
+      def delete_row(row_index)
+        rows = read_csv_raw
+        return { deleted: false, error: "Row not found" } if row_index < 0 || row_index >= rows.length
+
+        rows.delete_at(row_index)
+        write_csv(rows)
+        { deleted: true }
+      end
+
+      # Inserts a new row. `values` is { col_key => string_value }.
+      # When `at` is nil the row is appended; otherwise it's inserted at that index.
+      # Returns { valid: true, new_index: i } or { valid: false, errors: [...] }.
+      def insert_row(values, at: nil)
+        string_values = values.each_with_object({}) { |(k, v), h| h[k.to_s] = v.nil? ? nil : v.to_s }
+
+        coerced = {}
+        @table.columns.each do |col|
+          val = coerce_for_validation(string_values[col.key], col.type)
+          coerced[col.key] = val unless val.nil?
+        end
+        errors = @table.schema.validate(coerced).map { |e| format_error(e) }
+        return { valid: false, errors: errors } unless errors.empty?
+
+        rows = read_csv_raw
+        headers = @table.columns.map(&:key)
+        new_row = CSV::Row.new(headers, headers.map { |h| string_values[h] })
+
+        if at.nil? || at >= rows.length
+          rows << new_row
+          new_index = rows.length - 1
+        else
+          at = 0 if at < 0
+          rows.insert(at, new_row)
+          new_index = at
+        end
+
+        write_csv(rows)
+        { valid: true, new_index: new_index }
+      end
+
+      # Duplicates a row by inserting an identical copy immediately after it.
+      # Returns { duplicated: true, new_index: row_index + 1 } or
+      # { duplicated: false, error: "..." }.
+      def duplicate_row(row_index)
+        rows = read_csv_raw
+        return { duplicated: false, error: "Row not found" } if row_index < 0 || row_index >= rows.length
+
+        source = rows[row_index]
+        copy = CSV::Row.new(source.headers, source.fields)
+        rows.insert(row_index + 1, copy)
+        write_csv(rows)
+        { duplicated: true, new_index: row_index + 1 }
+      end
+
+      # Updates a row in the CSV file. changes is { col_key => new_string_value }.
+      # Returns { valid: true } or { valid: false, errors: [...] }.
+      def update_row(row_index, changes)
+        result = validate_cells(row_index, changes)
+        return result unless result[:valid]
+
+        rows = read_csv_raw
+        row = rows[row_index]
+        changes.each { |k, v| row[k] = v }
+
+        write_csv(rows)
+        { valid: true }
+      end
+
+      private
+
+      def find_view(view_key)
+        if view_key
+          @table.views.find { |v| v.key == view_key } || @table.views.first
+        else
+          @table.views.first
+        end
+      end
+
+      # Returns array of arrays: [[coerced_val, ...], ...] in column order
+      def read_csv
+        return [] unless File.exist?(@table.csv_path)
+
+        rows = []
+        CSV.foreach(@table.csv_path, headers: true) do |row|
+          rows << @table.columns.map do |col|
+            coerce(row[col.key], col.type)
+          end
+        end
+        rows
+      end
+
+      # Returns array of CSV::Row objects (preserves original string values)
+      def read_csv_raw
+        return [] unless File.exist?(@table.csv_path)
+
+        rows = []
+        CSV.foreach(@table.csv_path, headers: true) do |row|
+          rows << row
+        end
+        rows
+      end
+
+      def write_csv(csv_rows)
+        headers = @table.columns.map(&:key)
+        CSV.open(@table.csv_path, "w") do |csv|
+          csv << headers
+          csv_rows.each do |row|
+            csv << headers.map { |h| row[h] }
+          end
+        end
+      end
+
+      def apply_view(rows, view)
+        visible_columns = if view&.columns
+          @table.columns.select { |c| view.columns.include?(c.key) }
+        else
+          @table.columns
+        end
+
+        col_indices = visible_columns.map { |vc| @table.columns.index(vc) }
+
+        # Prepend original row index to each row
+        filtered_rows = rows.each_with_index.map do |row, idx|
+          [idx] + col_indices.map { |i| row[i] }
+        end
+
+        {
+          columns: visible_columns.map { |c|
+            col = { key: c.key, title: c.title, type: c.type }
+            col[:references] = c.references if c.references
+            col[:constraints] = c.constraints if c.constraints && !c.constraints.empty?
+            col
+          },
+          rows: filtered_rows
+        }
+      end
+
+      # Formats a json_schemer error into a hash with message and affected fields.
+      # Returns { "message" => String, "fields" => [String] }
+      def format_error(error)
+        field = error["data_pointer"].sub(%r{^/}, "")
+        col = @table.columns.find { |c| c.key == field } unless field.empty?
+        label = col ? col.title : field
+        fields = field.empty? ? [] : [field]
+
+        case error["type"]
+        when "required"
+          keys = error.dig("details", "missing_keys") || []
+          titles = keys.map { |k| (@table.columns.find { |c| c.key == k }&.title) || k }
+          { "message" => "missing required: #{titles.join(", ")}", "fields" => keys }
+        when "enum"
+          { "message" => "#{label}: not a valid option", "fields" => fields }
+        when "pattern"
+          { "message" => "#{label}: does not match expected format", "fields" => fields }
+        when "integer", "number"
+          { "message" => "#{label}: must be a #{error["type"]}", "fields" => fields }
+        else
+          msg = col ? "#{label}: #{error["type"]}" : error["error"]
+          { "message" => msg, "fields" => fields }
+        end
+      end
+
+      def coerce(value, type)
+        return nil if value.nil? || value.strip.empty?
+
+        case type
+        when "integer"
+          Integer(value) rescue value
+        when "number"
+          Float(value) rescue value
+        else
+          value
+        end
+      end
+
+      def coerce_for_validation(value, type)
+        return nil if value.nil? || value.to_s.strip.empty?
+
+        case type
+        when "integer"
+          Integer(value) rescue value
+        when "number"
+          Float(value) rescue value
+        else
+          value.to_s
+        end
+      end
+    end
+  end
+end

data/lib/markdown_server/helpers/admin_helpers.rb

@@ -1,3 +1,5 @@
+require "ipaddr"
+
 module MarkdownServer
   module Helpers
     module AdminHelpers
@@ -19,13 +21,23 @@ module MarkdownServer
         end
       end
 
+      def admin_only_mode?
+        return true if settings.admin_only
+        setup_config["admin_only"] == true
+      end
+
+      def admin_only_public_route?(path)
+        path == "/admin/login" || path == "/admin/logout" || path == "/robots.txt"
+      end
+
       def admin?
+        return true if settings.admin_all
         return true if session[:admin]
 
         adm = setup_config["admin"]
         return false unless adm.is_a?(Hash)
 
-        return true if adm["ip"].to_s.strip == client_ip
+        return true if ip_allowed?(adm["ip"], client_ip)
 
         if adm["user"] && adm["pw"]
           auth = request.env["HTTP_AUTHORIZATION"].to_s
@@ -37,6 +49,18 @@ module MarkdownServer
 
         false
       end
+
+      private
+
+      def ip_allowed?(allowed, ip)
+        return false unless allowed && ip
+
+        entries = allowed.is_a?(Array) ? allowed : [allowed]
+        client = IPAddr.new(ip.to_s.strip)
+        entries.any? { |entry| IPAddr.new(entry.to_s.strip).include?(client) }
+      rescue IPAddr::InvalidAddressError
+        false
+      end
     end
   end
 end

data/lib/markdown_server/helpers/formatting_helpers.rb

@@ -49,7 +49,9 @@ module MarkdownServer
       end
 
       def inline_directory_html(dir_path, relative_dir)
-        entries = Dir.entries(dir_path).reject { |e| e.start_with?(".") || EXCLUDED.include?(e) }
+        entries = Dir.entries(dir_path).select do |e|
+          e != "." && e != ".." && entry_admitted?(dir_path, relative_dir, e)
+        end
         items = entries.map do |name|
           stat = File.stat(File.join(dir_path, name)) rescue next
           is_dir = stat.directory?