multi-tenant-support 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 655b0d26a6134f7799d3b6ac10502394769daba381e07f3908abac34550e8ca3
+  data.tar.gz: b5f4e15877e645c88292cb3f60d36b034e22e1954fa21a0e034376459e87ca32
+SHA512:
+  metadata.gz: 2242678363445f00ee88f4b84391dfce78dcf1c90110c420accbf2c4d2040de63c013975cba676dd6d831b6739f6d56545881bc2de1852254dfdd62533db8863
+  data.tar.gz: 14909240808be01f96b59c936b98b32dcfb78c1a333164995d0bd1bed1464bde92bc6f34eb4e1ff10ac8be8a58cf5cc76b804a5a48a0655a7f59df7bdcd4322f

data/MIT-LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2021 Hopper Gee
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,325 @@
+# MultiTenantSupport
+
+[![Test](https://github.com/hoppergee/multi-tenant-support/actions/workflows/main.yaml/badge.svg?branch=main)](https://github.com/hoppergee/multi-tenant-support/actions/workflows/main.yaml)
+
+![](https://raw.githubusercontent.com/hoppergee/multi-tenant-support/main/hero.png)
+
+Build a highly secure, multi-tenant rails app without data leak.
+
+Keep your data secure with multi-tenant-support. Prevent most ActiveRecord CRUD methods to action across tenant, ensuring no one can accidentally or intentionally access other tenants' data. This can be crucial for applications handling sensitive information like financial information, intellectual property, and so forth.
+
+- Prevent most ActiveRecord CRUD methods from acting across tenants.
+- Support Row-level Multitenancy
+- Build on ActiveSupport::CurrentAttributes offered by rails
+- Auto set current tenant through subdomain and domain in controller
+- Support ActiveJob and Sidekiq
+
+## Installation
+
+1. Add this line to your application's Gemfile:
+
+    ```ruby
+    gem 'multi-tenant-support'
+    ```
+
+2. And then execute:
+
+    ```
+    bundle install
+    ```
+
+3. Add domain and subdomain to your tenant account table (Skip if your rails app already did this)
+
+    ```
+    rails generate multi_tenant_support:migration YOUR_TENANT_ACCOUNT_TABLE_OR_MODEL_NAME
+
+    # Say your tenant account table is "accounts"
+    rails generate multi_tenant_support:migration accounts
+
+    # You can also run it with the tenant account model name
+    # rails generate multi_tenant_support:migration Account
+
+    rails db:migrate
+    ```
+
+4. Create an initializer
+
+    ```
+    rails generate multi_tenant_support:initializer
+    ```
+
+5. Set `tenant_account_class_name` to your tenant account model name in `multi_tenant_support.rb`
+
+    ```ruby
+    - config.tenant_account_class_name = 'REPLACE_ME'
+    + config.tenant_account_class_name = 'Account'
+    ```
+
+6. Set `host` to your app's domain in `multi_tenant_support.rb`
+
+    ```ruby
+    - config.host = 'REPLACE.ME'
+    + config.host = 'your-app-domain.com'
+    ```
+
+7. Setup for ActiveJob or Sidekiq
+
+    If you are using ActiveJob
+
+    ```ruby
+    - # require 'multi_tenant_support/active_job'
+    + require 'multi_tenant_support/active_job'
+    ```
+
+    If you are using sidekiq without ActiveJob
+
+    ```ruby
+    - # require 'multi_tenant_support/sidekiq'
+    + require 'multi_tenant_support/sidekiq'
+    ```
+
+8. Add `belongs_to_tenant` to all models which you want to scope under tenant
+
+    ```ruby
+    class User < ApplicationRecord
+      belongs_to_tenant :account
+    end
+    ```
+
+## Usage
+
+#### Get current 
+
+Get current tenant through:
+
+```ruby
+MultiTenantSupport.current_tenant
+```
+
+#### Switch tenant
+
+You can switch to another tenant temporary through:
+
+```ruby
+MultiTenantSupport.under_tenant amazon do
+  # Do things under amazon account
+end
+```
+
+#### Disallow read across tenant by default
+
+This gem disallow read across tenant by default. You can check current state through:
+
+```ruby
+MultiTenantSupport.disallow_read_across_tenant?
+```
+
+#### Allow read across tenant for super admin
+
+You can turn on the permission to read records across tenant through: 
+
+```ruby
+MultiTenantSupport.allow_read_across_tenant
+
+# Or
+MultiTenantSupport.allow_read_across_tenant do
+  # ...
+end
+```
+
+You can put it in a before action in SuperAdmin's controllers
+
+#### Disallow modify records tenant
+
+This gem disallow modify record across tenant no matter you are super admin or not.
+
+If `MultiTenantSupport.current_tenant` exist, you can only modify those records under this tenant, otherwise, you will get some errors like:
+
+- `MultiTenantSupport::MissingTenantError`
+- `MultiTenantSupport::ImmutableTenantError`
+- `MultiTenantSupport::NilTenantError`
+- `MultiTenantSupport::InvalidTenantAccess`
+- `ActiveRecord::RecordNotFound`
+
+If `MultiTenantSupport.current_tenant` is missing, you cannot modify or create any tenanted records.
+
+#### Set current tenant acccount in controller by default
+
+This gem has set a before action `set_current_tenant_account` on ActionController. It search tenant by subdomain or domain. Do remember to `skip_before_action :set_current_tenant_account` in super admin controllers.
+
+Feel free to override it, if the finder behaviour is not what you want.
+
+#### upsert_all
+
+Currently, we don't have a good way to protect this method. So please use `upser_all` carefully.
+
+#### Unscoped
+
+This gem has override `unscoped` to prevent the default tenant scope be scoped out. But if you really want to scope out the default tenant scope, you can use `unscope_tenant`.
+
+## Code Example
+
+#### Database Schema
+
+```ruby
+create_table "accounts", force: :cascade do |t|
+  t.bigint "domain"
+  t.bigint "subdomain"
+end
+
+create_table "users", force: :cascade do |t|
+  t.bigint "account_id"
+end
+```
+
+#### Initializer
+
+```ruby
+# config/initializers/multi_tenant_support.rb
+
+MultiTenantSupport.configure do
+  model do |config|
+    config.tenant_account_class_name = 'Account'
+    config.tenant_account_primary_key = :id
+  end
+
+  controller do |config|
+    config.current_tenant_method_name = :current_tenant_account
+  end
+
+  app do |config|
+    config.excluded_subdomains = ['www']
+    config.host = 'example.com'
+  end
+end
+```
+
+#### Model
+
+```ruby
+class Account < AppplicationRecord
+  has_many :users
+end
+
+class User < ApplicationRecord
+  belongs_to_tenant :account
+end
+```
+
+#### Controler
+
+```ruby
+class UsersController < ApplicationController
+  def show
+    @user = User.find(params[:id]) # This result is already scope under current_tenant_account
+    @you_can_get_account = current_tenant_account
+  end
+end
+```
+
+## ActiveRecord proteced methods
+
+<table>
+  <thead>
+    <tr>
+      <th colspan="8">ActiveRecord proteced methods</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>count</td>
+      <td>🔒</td>
+      <td>save</td>
+      <td>🔒</td>
+      <td>account=</td>
+      <td>🔒</td>
+      <td>upsert</td>
+      <td>🔒</td>
+    </tr>
+    <tr>
+      <td>first</td>
+      <td>🔒</td>
+      <td>save!</td>
+      <td>🔒</td>
+      <td>account_id=</td>
+      <td>🔒</td>
+      <td>destroy</td>
+      <td>🔒</td>
+    </tr>
+    <tr>
+      <td>last</td>
+      <td>🔒</td>
+      <td>create</td>
+      <td>🔒</td>
+      <td>update</td>
+      <td>🔒</td>
+      <td>destroy!</td>
+      <td>🔒</td>
+    </tr>
+    <tr>
+      <td>where</td>
+      <td>🔒</td>
+      <td>create!</td>
+      <td>🔒</td>
+      <td>update_all</td>
+      <td>🔒</td>
+      <td>destroy_all</td>
+      <td>🔒</td>
+    </tr>
+    <tr>
+      <td>find_by</td>
+      <td>🔒</td>
+      <td>insert</td>
+      <td>🔒</td>
+      <td>update_attribute</td>
+      <td>🔒</td>
+      <td>destroy_by</td>
+      <td>🔒</td>
+    </tr>
+    <tr>
+      <td>reload</td>
+      <td>🔒</td>
+      <td>insert!</td>
+      <td>🔒</td>
+      <td>update_columns</td>
+      <td>🔒</td>
+      <td>delete_all</td>
+      <td>🔒</td>
+    </tr>
+    <tr>
+      <td>new</td>
+      <td>🔒</td>
+      <td>insert_all</td>
+      <td>🔒</td>
+      <td>update_column</td>
+      <td>🔒</td>
+      <td>delete_by</td>
+      <td>🔒</td>
+    </tr>
+    <tr>
+      <td>build</td>
+      <td>🔒</td>
+      <td>insert_all!</td>
+      <td>🔒</td>
+      <td>upsert_all</td>
+      <td>⚠️ (Partial)</td>
+      <td>unscoped</td>
+      <td>🔒</td>
+    </tr>
+  </tbody>
+</table>
+
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/hoppergee/multi_tenant_support.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,13 @@
+require "bundler/setup"
+
+require "bundler/gem_tasks"
+
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/lib/generators/multi_tenant_support/initializer_generator.rb

@@ -0,0 +1,15 @@
+require "rails/generators"
+
+module MultiTenantSupport
+  module Generators
+    class InitializerGenerator < Rails::Generators::Base
+      source_root File.expand_path('templates', __dir__)
+
+      desc "Create an initializer for multi-tenant-support"
+
+      def copy_initializer_file
+        copy_file "initializer.rb.tt", "config/initializers/multi_tenant_support.rb"
+      end
+    end
+  end
+end

data/lib/generators/multi_tenant_support/migration_generator.rb

@@ -0,0 +1,21 @@
+require "rails/generators/active_record"
+
+module MultiTenantSupport
+  module Generators
+    class MigrationGenerator < Rails::Generators::NamedBase
+      include ActiveRecord::Generators::Migration
+      source_root File.expand_path('templates', __dir__)
+
+      desc "Create a migration for multi-tenant-support"
+
+      def copy_migration_file
+        migration_template "migration.rb.tt", "db/migrate/add_domain_and_subdomain_to_#{table_name}.rb"
+        puts "\nPlease run this migration:\n\n    rails db:migrate"
+      end
+
+      def migration_version
+        "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+      end
+    end
+  end
+end

data/lib/generators/multi_tenant_support/templates/initializer.rb.tt

@@ -0,0 +1,21 @@
+MultiTenantSupport.configure do
+  model do |config|
+    config.tenant_account_class_name = 'REPLACE_ME'
+    config.tenant_account_primary_key = :id
+  end
+
+  controller do |config|
+    config.current_tenant_method_name = :current_tenant_account
+  end
+
+  app do |config|
+    config.excluded_subdomains = ['www']
+    config.host = 'REPLACE.ME'
+  end
+end
+
+# Uncomment if you are using sidekiq without ActiveJob
+# require 'multi_tenant_support/sidekiq'
+
+# Uncomment if you are using ActiveJob
+# require 'multi_tenant_support/active_job'

data/lib/generators/multi_tenant_support/templates/migration.rb.tt

@@ -0,0 +1,6 @@
+class <%= migration_class_name %> < ActiveRecord::Migration<%= migration_version %>
+  def change
+    add_column :<%= table_name %>, :domain, :string
+    add_column :<%= table_name %>, :subdomain, :string
+  end
+end

data/lib/generators/override/active_record/migration/templates/create_table_migration.rb.tt

@@ -0,0 +1,30 @@
+class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :<%= table_name %><%= primary_key_type %> do |t|
+<% tenant_account_class_name = MultiTenantSupport.model.tenant_account_class_name -%>
+<% if tenant_account_class_name -%>
+      t.belongs_to :<%= tenant_account_class_name.underscore %>, null: false
+<% end -%>
+<% attributes.each do |attribute| -%>
+<% if attribute.password_digest? -%>
+      t.string :password_digest<%= attribute.inject_options %>
+<% elsif attribute.token? -%>
+      t.string :<%= attribute.name %><%= attribute.inject_options %>
+<% elsif attribute.reference? -%>
+      t.<%= attribute.type %> :<%= attribute.name %><%= attribute.inject_options %><%= foreign_key_type %>
+<% elsif !attribute.virtual? -%>
+      t.<%= attribute.type %> :<%= attribute.name %><%= attribute.inject_options %>
+<% end -%>
+<% end -%>
+<% if options[:timestamps] %>
+      t.timestamps
+<% end -%>
+    end
+<% attributes.select(&:token?).each do |attribute| -%>
+    add_index :<%= table_name %>, :<%= attribute.index_name %><%= attribute.inject_index_options %>, unique: true
+<% end -%>
+<% attributes_with_index.each do |attribute| -%>
+    add_index :<%= table_name %>, :<%= attribute.index_name %><%= attribute.inject_index_options %>
+<% end -%>
+  end
+end

data/lib/generators/override/active_record/model/model.rb.tt

@@ -0,0 +1,26 @@
+<% module_namespacing do -%>
+class <%= class_name %> < <%= parent_class_name.classify %>
+<% tenant_account = MultiTenantSupport.model.tenant_account_class_name&.underscore -%>
+  belongs_to_tenant :<%= tenant_account %>
+<% attributes.select(&:reference?).each do |attribute| -%>
+<% if attribute.name != tenant_account -%>
+  belongs_to :<%= attribute.name %><%= ", polymorphic: true" if attribute.polymorphic? %>
+<% end -%>
+<% end -%>
+<% attributes.select(&:rich_text?).each do |attribute| -%>
+  has_rich_text :<%= attribute.name %>
+<% end -%>
+<% attributes.select(&:attachment?).each do |attribute| -%>
+  has_one_attached :<%= attribute.name %>
+<% end -%>
+<% attributes.select(&:attachments?).each do |attribute| -%>
+  has_many_attached :<%= attribute.name %>
+<% end -%>
+<% attributes.select(&:token?).each do |attribute| -%>
+  has_secure_token<% if attribute.name != "token" %> :<%= attribute.name %><% end %>
+<% end -%>
+<% if attributes.any?(&:password_digest?) -%>
+  has_secure_password
+<% end -%>
+end
+<% end -%>

data/lib/multi_tenant_support/active_job.rb

@@ -0,0 +1,48 @@
+module MultiTenantSupport
+  module ActiveJob
+    extend ActiveSupport::Concern
+
+    included do
+      attr_accessor :current_tenant
+    end
+
+    def perform_now
+      MultiTenantSupport.under_tenant(current_tenant) do
+        super
+      end
+    end
+
+    def serialize
+      if MultiTenantSupport.current_tenant
+        super.merge({
+          "multi_tenant_support" => {
+            "id" => MultiTenantSupport.current_tenant.id,
+            "class" => MultiTenantSupport.current_tenant.class.name
+          }
+        })
+      else
+        super
+      end
+    end
+
+    def deserialize(job_data)
+      self.current_tenant = find_current_tenant(job_data)
+      MultiTenantSupport.under_tenant(current_tenant) do
+        super
+      end
+    end
+
+    private
+
+    def find_current_tenant(data)
+      return unless data.has_key?("multi_tenant_support")
+
+      tenant_klass = data["multi_tenant_support"]["class"].constantize
+      tenant_id = data["multi_tenant_support"]["id"]
+
+      tenant_klass.find tenant_id
+    end
+  end
+end
+
+ActiveJob::Base.include(MultiTenantSupport::ActiveJob)

data/lib/multi_tenant_support/concern/controller_concern.rb

@@ -0,0 +1,30 @@
+module MultiTenantSupport
+  module ControllerConcern
+    extend ActiveSupport::Concern
+
+    included do
+      helper_method MultiTenantSupport.current_tenant_account_method
+
+      before_action :set_current_tenant_account
+
+      private
+
+      define_method(MultiTenantSupport.current_tenant_account_method) do
+        instance_variable_get("@#{MultiTenantSupport.current_tenant_account_method}")
+      end
+
+      def set_current_tenant_account
+        tenant_account = MultiTenantSupport::FindTenantAccount.call(
+          subdomains: request.subdomains,
+          domain: request.domain
+        )
+        MultiTenantSupport::Current.tenant_account = tenant_account
+        instance_variable_set("@#{MultiTenantSupport.current_tenant_account_method}", tenant_account)
+      end
+    end
+  end
+end
+
+ActiveSupport.on_load(:action_controller) do |base|
+  base.include MultiTenantSupport::ControllerConcern
+end

data/lib/multi_tenant_support/concern/model_concern.rb

@@ -0,0 +1,192 @@
+module MultiTenantSupport
+  module ModelConcern
+    extend ActiveSupport::Concern
+
+    class_methods do
+
+      def belongs_to_tenant(name, **options)
+        options[:foreign_key] ||= MultiTenantSupport.model.default_foreign_key
+        belongs_to name.to_sym, **options
+
+        set_default_scope_under_current_tenant(options[:foreign_key])
+        set_tenant_account_readonly(name, options[:foreign_key])
+
+        MultiTenantSupport.model.tenanted_models << self.name
+      end
+
+      private
+
+      def set_default_scope_under_current_tenant(foreign_key)
+        default_scope lambda {
+          if MultiTenantSupport.disallow_read_across_tenant? || MultiTenantSupport.current_tenant
+            scope_under_current_tenant
+          else
+            where(nil)
+          end
+        }
+
+        scope :scope_under_current_tenant, lambda {
+          raise MissingTenantError unless MultiTenantSupport.current_tenant
+
+          tenant_account_primary_key = MultiTenantSupport.model.tenant_account_primary_key
+          tenant_account_id = MultiTenantSupport.current_tenant.send(tenant_account_primary_key)
+          where(foreign_key => tenant_account_id)
+        }
+
+        scope :unscope_tenant, -> { unscope(where: foreign_key) }
+
+        override_unscoped = Module.new {
+          define_method :unscoped do |&block|
+            if MultiTenantSupport.disallow_read_across_tenant? || MultiTenantSupport.current_tenant
+              block ? relation.scope_under_current_tenant.scoping { block.call } : relation.scope_under_current_tenant
+            else
+              super(&block)
+            end
+          end
+        }
+        extend override_unscoped
+
+        override_insert_all = Module.new {
+          define_method :insert_all do |attributes, **arguments|
+            raise MissingTenantError unless MultiTenantSupport.current_tenant
+
+            super(attributes, **arguments)
+          end
+
+          define_method :insert_all! do |attributes, **arguments|
+            raise MissingTenantError unless MultiTenantSupport.current_tenant
+
+            super(attributes, **arguments)
+          end
+        }
+        extend override_insert_all
+
+        override_upsert_all = Module.new {
+          define_method :upsert_all do |attributes, **arguments|
+            warn "[WARNING] You are using upsert_all(or upsert) which may update records across tenants"
+
+            super(attributes, **arguments)
+          end
+        }
+        extend override_upsert_all
+
+        after_initialize do |object|
+          if MultiTenantSupport.disallow_read_across_tenant? || object.new_record?
+            raise MissingTenantError unless MultiTenantSupport.current_tenant
+            raise InvalidTenantAccess if object.send(foreign_key) != MultiTenantSupport.current_tenant_id
+          end
+        end
+
+        before_save do |object|
+          raise MissingTenantError unless MultiTenantSupport.current_tenant
+          raise NilTenantError if object.send(foreign_key).nil?
+          raise InvalidTenantAccess if object.send(foreign_key) != MultiTenantSupport.current_tenant_id
+        end
+
+        override_update_columns_module = Module.new {
+          define_method :update_columns do |attributes|
+            raise MissingTenantError unless MultiTenantSupport.current_tenant
+            raise NilTenantError if send(foreign_key).nil?
+            raise InvalidTenantAccess if send(foreign_key) != MultiTenantSupport.current_tenant_id
+
+            super(attributes)
+          end
+
+          define_method :update_column do |name, value|
+            raise MissingTenantError unless MultiTenantSupport.current_tenant
+            raise NilTenantError if send(foreign_key).nil?
+            raise InvalidTenantAccess if send(foreign_key) != MultiTenantSupport.current_tenant_id
+
+            super(name, value)
+          end
+        }
+
+        include override_update_columns_module
+
+        override_delete = Module.new {
+          define_method :delete do
+            raise MissingTenantError unless MultiTenantSupport.current_tenant
+            raise InvalidTenantAccess if send(foreign_key) != MultiTenantSupport.current_tenant_id
+
+            super()
+          end
+        }
+        include override_delete
+
+        override_delete_by = Module.new {
+          define_method :delete_by do |*args|
+            raise MissingTenantError unless MultiTenantSupport.current_tenant
+
+            super(*args)
+          end
+        }
+        extend override_delete_by
+
+        before_destroy do |object|
+          raise MissingTenantError unless MultiTenantSupport.current_tenant
+          raise InvalidTenantAccess if object.send(foreign_key) != MultiTenantSupport.current_tenant_id
+        end
+      end
+
+      def set_tenant_account_readonly(tenant_name, foreign_key)
+        readonly_tenant_module = Module.new {
+
+          define_method "#{tenant_name}=" do |tenant|
+            raise NilTenantError if tenant.nil?
+            raise MissingTenantError unless MultiTenantSupport.current_tenant
+
+            if new_record? && tenant == MultiTenantSupport.current_tenant
+              super tenant
+            else
+              raise ImmutableTenantError
+            end
+          end
+
+          define_method "#{foreign_key}=" do |key|
+            raise NilTenantError if key.nil?
+            raise MissingTenantError unless MultiTenantSupport.current_tenant
+
+            if new_record? && key == MultiTenantSupport.current_tenant_id
+              super key
+            else
+              raise ImmutableTenantError
+            end
+          end
+
+        }
+
+        include readonly_tenant_module
+
+        attr_readonly foreign_key
+      end
+
+    end
+
+  end
+end
+
+ActiveSupport.on_load(:active_record) do |base|
+  base.include MultiTenantSupport::ModelConcern
+
+  override_delete_all = Module.new {
+    define_method :delete_all do
+      current_tenant_exist = MultiTenantSupport.current_tenant
+      is_global_model = !MultiTenantSupport.model.tenanted_models.include?(klass.name)
+      raise MultiTenantSupport::MissingTenantError unless current_tenant_exist || is_global_model
+
+      super()
+    end
+  }
+  ActiveRecord::Relation.prepend override_delete_all
+
+  override_update_all = Module.new {
+    define_method :update_all do |updates|
+      current_tenant_exist = MultiTenantSupport.current_tenant
+      is_global_model = !MultiTenantSupport.model.tenanted_models.include?(klass.name)
+      raise MultiTenantSupport::MissingTenantError unless current_tenant_exist || is_global_model
+
+      super(updates)
+    end
+  }
+  ActiveRecord::Relation.prepend override_update_all
+end

data/lib/multi_tenant_support/config/app.rb

@@ -0,0 +1,26 @@
+module MultiTenantSupport
+
+  module Config
+    class App
+      attr_writer :excluded_subdomains,
+                  :host
+
+      def excluded_subdomains
+        @excluded_subdomains ||= []
+      end
+
+      def host
+        @host || raise("host is missing")
+      end
+    end
+  end
+
+  module_function
+  def app
+    @app ||= Config::App.new
+    return @app unless block_given?
+
+    yield @app
+  end
+
+end

data/lib/multi_tenant_support/config/controller.rb

@@ -0,0 +1,26 @@
+module MultiTenantSupport
+
+  module Config
+    class Controller
+      attr_writer :current_tenant_account_method
+
+      def current_tenant_account_method
+        @current_tenant_account_method ||= :current_tenant_account
+      end
+
+    end
+  end
+
+  module_function
+  def controller
+    @controller ||= Config::Controller.new
+    return @controller unless block_given?
+
+    yield @controller
+  end
+
+  def current_tenant_account_method
+    controller.current_tenant_account_method
+  end
+
+end

data/lib/multi_tenant_support/config/model.rb

@@ -0,0 +1,36 @@
+module MultiTenantSupport
+  module Config
+
+    class Model
+      attr_writer :tenant_account_class_name,
+                  :tenant_account_primary_key,
+                  :default_foreign_key,
+                  :tenanted_models
+
+      def tenant_account_class_name
+        @tenant_account_class_name || raise("tenant_account_class_name is missing")
+      end
+
+      def tenant_account_primary_key
+        @tenant_account_primary_key ||= :id
+      end
+
+      def default_foreign_key
+        @default_foreign_key ||= "#{tenant_account_class_name.underscore}_id".to_sym
+      end
+
+      def tenanted_models
+        @tenanted_models ||= []
+      end
+    end
+
+  end
+
+  module_function
+  def model
+    @model ||= Config::Model.new
+    return @model unless block_given?
+
+    yield @model
+  end
+end

data/lib/multi_tenant_support/current.rb

@@ -0,0 +1,8 @@
+require 'active_support'
+
+module MultiTenantSupport
+  class Current < ActiveSupport::CurrentAttributes
+    attribute :tenant_account,
+              :allow_read_across_tenant
+  end
+end

data/lib/multi_tenant_support/errors.rb

@@ -0,0 +1,16 @@
+module MultiTenantSupport
+  class Error < StandardError
+  end
+
+  class MissingTenantError < Error
+  end
+
+  class ImmutableTenantError < Error
+  end
+
+  class NilTenantError < Error
+  end
+
+  class InvalidTenantAccess < Error
+  end
+end

data/lib/multi_tenant_support/find_tenant_account.rb

@@ -0,0 +1,31 @@
+module MultiTenantSupport
+  class FindTenantAccount
+    class << self
+
+      def call(subdomains:, domain:)
+        subdomain = subdomains.select do |subdomain|
+          excluded_subdomains.none? do |excluded_subdomain|
+            excluded_subdomain.to_s.downcase == subdomain.to_s.downcase
+          end
+        end.last.presence
+
+        subdomain ? find_by(subdomain: subdomain) : find_by(domain: domain)
+      end
+
+      private
+
+      def find_by(params)
+        tenant_account_class.find_by(params)
+      end
+
+      def tenant_account_class
+        MultiTenantSupport.model.tenant_account_class_name.constantize
+      end
+
+      def excluded_subdomains
+        MultiTenantSupport.app.excluded_subdomains
+      end
+
+    end
+  end
+end

data/lib/multi_tenant_support/railtie.rb

@@ -0,0 +1,13 @@
+module MultiTenantSupport
+  class Railtie < ::Rails::Railtie
+
+    initializer :add_generator_templates do
+      override_templates = File.expand_path("../generators/override", __dir__)
+      config.app_generators.templates.unshift(override_templates)
+
+      active_record_templates = File.expand_path("../generators/override/active_record", __dir__)
+      config.app_generators.templates.unshift(active_record_templates)
+    end
+
+  end
+end

data/lib/multi_tenant_support/sidekiq.rb

@@ -0,0 +1,60 @@
+module MultiTenantSupport
+  module Sidekiq
+
+    class Client
+      def call(worker_class, msg, queue, redis_pool)
+        if MultiTenantSupport.current_tenant.present?
+          msg["multi_tenant_support"] ||= {
+            "class" => MultiTenantSupport.current_tenant.class.name,
+            "id" => MultiTenantSupport.current_tenant.id
+          }
+        end
+
+        yield
+      end
+    end
+
+    class Server
+      def call(worker_instance, msg, queue)
+        if msg.has_key?("multi_tenant_support")
+          tenant_klass = msg["multi_tenant_support"]["class"].constantize
+          tenant_id = msg["multi_tenant_support"]["id"]
+          
+          tenant_account = nil
+          MultiTenantSupport.allow_read_across_tenant do
+            tenant_account = tenant_klass.find tenant_id
+          end
+
+          MultiTenantSupport.under_tenant tenant_account do
+            yield
+          end
+        else
+          yield
+        end
+      end
+    end
+
+  end
+end
+
+Sidekiq.configure_client do |config|
+  config.client_middleware do |chain|
+    chain.add MultiTenantSupport::Sidekiq::Client
+  end
+end
+
+Sidekiq.configure_server do |config|
+  config.client_middleware do |chain|
+    chain.add MultiTenantSupport::Sidekiq::Client
+  end
+
+  config.server_middleware do |chain|
+    if defined?(Sidekiq::Middleware::Server::RetryJobs)
+      chain.insert_before Sidekiq::Middleware::Server::RetryJobs, MultiTenantSupport::Sidekiq::Server
+    elsif defined?(Sidekiq::Batch::Server)
+      chain.insert_before Sidekiq::Batch::Server, MultiTenantSupport::Sidekiq::Server
+    else
+      chain.add MultiTenantSupport::Sidekiq::Server
+    end
+  end
+end

data/lib/multi_tenant_support/version.rb

@@ -0,0 +1,3 @@
+module MultiTenantSupport
+  VERSION = '1.0.0'
+end

data/lib/multi_tenant_support.rb

@@ -0,0 +1,60 @@
+require "multi_tenant_support/version"
+require 'multi_tenant_support/railtie'
+require "multi_tenant_support/errors"
+require "multi_tenant_support/config/app"
+require "multi_tenant_support/config/controller"
+require "multi_tenant_support/config/model"
+require "multi_tenant_support/current"
+require "multi_tenant_support/find_tenant_account"
+require "multi_tenant_support/concern/controller_concern"
+require "multi_tenant_support/concern/model_concern"
+
+module MultiTenantSupport
+
+  module_function
+
+  def configure(&block)
+    instance_eval(&block)
+  end
+
+  def current_tenant
+    Current.tenant_account
+  end
+
+  def current_tenant_id
+    Current.tenant_account&.send(model.tenant_account_primary_key)
+  end
+
+  def under_tenant(tenant_account, &block)
+    raise ArgumentError, "block is missing" if block.nil?
+
+    Current.set(tenant_account: tenant_account) do
+      yield
+    end
+  end
+
+  def disallow_read_across_tenant?
+    !Current.allow_read_across_tenant
+  end
+
+  def disallow_read_across_tenant
+    if block_given?
+      Current.set(allow_read_across_tenant: false) do
+        yield
+      end
+    else
+      Current.allow_read_across_tenant = false
+    end
+  end
+
+  def allow_read_across_tenant
+    if block_given?
+      Current.set(allow_read_across_tenant: true) do
+        yield
+      end
+    else
+      Current.allow_read_across_tenant = true
+    end
+  end
+
+end

data/lib/tasks/multi_tenant_support_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :multi_tenant_support do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,83 @@
+--- !ruby/object:Gem::Specification
+name: multi-tenant-support
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Hopper Gee
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2021-10-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.0'
+description: Build a highly secure, multi-tenant rails app without data leak.
+email:
+- hopper.gee@hey.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- lib/generators/multi_tenant_support/initializer_generator.rb
+- lib/generators/multi_tenant_support/migration_generator.rb
+- lib/generators/multi_tenant_support/templates/initializer.rb.tt
+- lib/generators/multi_tenant_support/templates/migration.rb.tt
+- lib/generators/override/active_record/migration/templates/create_table_migration.rb.tt
+- lib/generators/override/active_record/model/model.rb.tt
+- lib/multi_tenant_support.rb
+- lib/multi_tenant_support/active_job.rb
+- lib/multi_tenant_support/concern/controller_concern.rb
+- lib/multi_tenant_support/concern/model_concern.rb
+- lib/multi_tenant_support/config/app.rb
+- lib/multi_tenant_support/config/controller.rb
+- lib/multi_tenant_support/config/model.rb
+- lib/multi_tenant_support/current.rb
+- lib/multi_tenant_support/errors.rb
+- lib/multi_tenant_support/find_tenant_account.rb
+- lib/multi_tenant_support/railtie.rb
+- lib/multi_tenant_support/sidekiq.rb
+- lib/multi_tenant_support/version.rb
+- lib/tasks/multi_tenant_support_tasks.rake
+homepage: https://github.com/hoppergee/multi-tenant-support
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/hoppergee/multi-tenant-support
+  source_code_uri: https://github.com/hoppergee/multi-tenant-support
+  changelog_uri: https://github.com/hoppergee/multi-tenant-support/blob/main/CHANGELOG.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.6'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.15
+signing_key:
+specification_version: 4
+summary: Build a highly secure, multi-tenant rails app without data leak.
+test_files: []