munificent-admin 1.0.1

data/app/controllers/munificent/admin/otp_controller.rb

@@ -0,0 +1,57 @@
+require "rotp"
+require "rqrcode"
+
+module Munificent
+  module Admin
+    class OTPController < ApplicationController
+      skip_authorization_check
+      skip_before_action :enforce_2sv
+
+      before_action :require_setup, only: %i[input]
+      before_action :prevent_double_setup, only: %i[setup]
+      before_action :require_otp_issuer
+
+      def input; end
+
+      def setup
+        session[:otp_secret] = ROTP::Base32.random
+        totp = ROTP::TOTP.new(session[:otp_secret], issuer: ENV.fetch("OTP_ISSUER", nil))
+        @otp_url = totp.provisioning_uri(current_user.email_address)
+        @qr_code = RQRCode::QRCode.new(@otp_url).as_svg(standalone: false, module_size: 5)
+      end
+
+      def verify
+        otp_secret = current_user.otp_secret || session[:otp_secret]
+        raise "Missing OTP secret" if otp_secret.blank?
+
+        totp = ROTP::TOTP.new(otp_secret, issuer: ENV.fetch("OTP_ISSUER", nil), after: current_user.last_otp_at)
+
+        if totp.verify(params[:otp_code], drift_behind: 3)
+          current_user.otp_secret ||= session[:otp_secret]
+          current_user.update(last_otp_at: (session[:last_otp_at] = Time.zone.now))
+          session[:otp_secret] = nil
+
+          redirect_to root_path
+        elsif current_user.has_2sv?
+          redirect_to otp_input_path
+        else
+          redirect_to otp_setup_path
+        end
+      end
+
+    private
+
+      def require_setup
+        redirect_to otp_setup_path unless current_user&.has_2sv?
+      end
+
+      def prevent_double_setup
+        redirect_to otp_input_path if current_user&.has_2sv?
+      end
+
+      def require_otp_issuer
+        raise "Missing OTP issuer" if ENV["OTP_ISSUER"].blank?
+      end
+    end
+  end
+end

data/app/controllers/munificent/admin/user_sessions_controller.rb

@@ -0,0 +1,44 @@
+module Munificent
+  module Admin
+    class UserSessionsController < ApplicationController
+      skip_authorization_check
+
+      skip_before_action :require_login, only: %i[new create]
+      skip_before_action :enforce_2sv
+
+      def new
+        @user_session = UserSession.new
+      end
+
+      def create
+        @user_session = UserSession.new(user_session_params.to_h)
+
+        if @user_session.save
+          redirect_to root_path
+        else
+          flash[:alert] = @user_session.errors.full_messages.join(", ")
+          redirect_to new_user_session_path
+        end
+      end
+
+      def destroy
+        current_user_session.destroy
+
+        redirect_to new_user_session_path
+      end
+
+    private
+
+      def user_session_params
+        params.require(:user_session).permit(
+          *%i[
+            email_address
+            password
+            password_confirmation
+            remember_me
+          ],
+        )
+      end
+    end
+  end
+end

data/app/controllers/munificent/admin/users_controller.rb

@@ -0,0 +1,77 @@
+module Munificent
+  module Admin
+    class UsersController < ApplicationController
+      load_and_authorize_resource class: "Munificent::Admin::User"
+
+      def index
+        authorize!(:read, :user_accounts)
+      end
+
+      def show; end
+      def new; end
+      def edit; end
+
+      def create
+        if @user.save
+          flash[:notice] = "User created"
+          redirect_to edit_user_path(@user)
+        else
+          flash[:alert] = @user.errors.full_messages.join(", ")
+          redirect_to new_user_path
+        end
+      end
+
+      def update
+        model = :user
+        if params[model][:password].blank?
+          %w[password password_confirmation].each { |p| params[model].delete(p) }
+        end
+
+        @user.assign_attributes(user_params)
+
+        if @user.save
+          flash[:notice] = "User saved"
+        else
+          flash[:alert] = @user.errors.full_messages.join(", ")
+        end
+
+        redirect_to edit_user_path(@user)
+      end
+
+      def destroy
+        @user.destroy
+        redirect_to users_path
+      end
+
+    private
+
+      def user_params
+        params.require(:user).permit(
+          *%i[
+            active
+            approved
+            confirmed
+            data_entry
+            email_address
+            full_access
+            manages_users
+            name
+            password
+            password_confirmation
+            support
+          ],
+        )
+      end
+
+      def resource
+        @user
+      end
+      helper_method :resource
+
+      def presenter
+        @presenter ||= Munificent::Admin::ApplicationPresenter.present(@user)
+      end
+      helper_method :presenter
+    end
+  end
+end

data/app/form_builders/munificent/admin/form_builder.rb

@@ -0,0 +1,112 @@
+module Munificent
+  module Admin
+    class FormBuilder < ActionView::Helpers::FormBuilder
+      include ActionView::Helpers::TagHelper
+      include ActionView::Context
+
+      TEXT_FIELDS = %i[
+        email_field
+        number_field
+        password_field
+        text_area
+        text_field
+      ].freeze
+
+      UNFLOATABLE_TYPES = %i[
+        select
+      ].freeze
+
+      def field(type, name, label: name.to_s.humanize, **opts)
+        field_tag = case type
+        when *TEXT_FIELDS
+          public_send(type, name, class: "form-control", placeholder: (label unless table_mode?))
+        when :select
+          select(name, opts[:source], select_field_opts(opts), select_html_opts(opts))
+        else
+          send(type, name, class: "form-control")
+        end
+
+        wrap(
+          label(name, label, class: "form-label"),
+          field_tag,
+          field_name: name,
+          float: UNFLOATABLE_TYPES.exclude?(type),
+        )
+      end
+
+      def check_box(name, label: name.to_s.humanize, **opts)
+        check_block = tag.div(class: "form-check") {
+          super(name, class: "form-check-input", **check_box_opts(opts)) +
+            label(name, label, class: "form-check-label")
+        }
+
+        wrap(check_block, field_name: name)
+      end
+
+      def table(css_class: nil, &block)
+        @table_mode = true
+        contents = @template.capture(&block)
+        @table_mode = false
+
+        css_class = (%w[table table-bordered] + Array(css_class)).compact.join(" ")
+        tag.table(contents, class: css_class)
+      end
+
+      def money(name, default_currency: nil)
+        field(:select, "#{name}_currency",
+          label: "Currency",
+          source: Munificent::Currency.present_all,
+          selected: (object.public_send("#{name}_currency").presence || default_currency),
+        ) + field(:text_field, "human_#{name}", label: name.to_s.humanize)
+      end
+
+    private
+
+      def wrap(*args, field_name: nil, float: true)
+        row_class = ["field-#{field_name}"]
+
+        args.reverse! if float
+
+        if table_mode?
+          tag.tr(class: row_class.compact.join(" ")) do
+            args.compact.map { |arg| tag.td(arg) }.reverse.reduce(:+)
+          end
+        else
+          row_class << "mb-3"
+          row_class += %w[form-floating mb-3] if float
+
+          tag.div(class: row_class.compact.join(" ")) do
+            args.compact.reduce(:+)
+          end
+        end
+      end
+
+      def table_mode?
+        !!@table_mode
+      end
+
+      def select_field_opts(opts)
+        { include_blank: opts[:optional] }.tap do |field_opts|
+          field_opts[:selected] = opts[:selected] if opts[:selected]
+        end
+      end
+
+      def select_html_opts(opts)
+        { class: "form-select" }.tap do |html_opts|
+          if opts[:multiple]
+            html_opts.merge!(
+              multiple: true,
+              aria: { label: "multiple select" },
+            )
+          end
+        end
+      end
+
+      def check_box_opts(opts)
+        {}.tap do |field_opts|
+          field_opts[:checked] = opts[:checked] unless opts[:checked].nil?
+        end
+      end
+    end
+  end
+end

data/app/helpers/munificent/admin/application_helper.rb

@@ -0,0 +1,6 @@
+module Munificent
+  module Admin
+    module ApplicationHelper
+    end
+  end
+end

data/app/helpers/munificent/admin/form_helper.rb

@@ -0,0 +1,9 @@
+module Munificent
+  module Admin
+    module FormHelper
+      def form_for(*args, **kwargs, &)
+        super(*args, builder: Munificent::Admin::FormBuilder, **kwargs, &)
+      end
+    end
+  end
+end

data/app/helpers/munificent/admin/layout_helper.rb

@@ -0,0 +1,11 @@
+module Munificent
+  module Admin
+    module LayoutHelper
+      def nav_link(*args, **kwargs)
+        link_to_unless_current(*args, **kwargs) do |text|
+          content_tag(:span, text)
+        end
+      end
+    end
+  end
+end

data/app/helpers/munificent/admin/state_machine_helper.rb

@@ -0,0 +1,49 @@
+module Munificent
+  module Admin
+    module StateMachineHelper
+    module_function
+
+      def aasm_buttons(resource, tag_name: "li")
+        resource.aasm.permitted_transitions.each do |transition|
+          event = transition.fetch(:event).to_s
+
+          content_for(:aasm_buttons) do
+            tag.public_send(tag_name) do
+              button_to(
+                event.humanize,
+                send("#{event}_#{resource.class.name.split('::').last.underscore}_path", resource),
+                method: :post,
+                data: { confirm: "Are you sure?" },
+              )
+            end
+          end
+        end
+
+        content_for(:aasm_buttons).presence
+      end
+
+      def define_routes(router, resource_class)
+        router.send(:member) do
+          resource_class.aasm.events.each do |event|
+            router.send(:post, event.to_s)
+          end
+        end
+      end
+
+      def define_actions(controller, resource_class)
+        singular_name = resource_class.name.split("::").last.underscore
+
+        resource_class.aasm.events.each do |event|
+          controller.define_method(event.name) do
+            resource.public_send("#{event.name}!")
+            redirect_to(send("#{singular_name}_path", resource),
+              notice: "#{event.name.to_s.humanize} was successful",
+            )
+          end
+        end
+
+        nil
+      end
+    end
+  end
+end

data/app/mailers/munificent/admin/application_mailer.rb

@@ -0,0 +1,8 @@
+module Munificent
+  module Admin
+    class ApplicationMailer < ActionMailer::Base
+      default from: -> { ENV.fetch("FROM_EMAIL_ADDRESS", nil) }
+      layout "mailer"
+    end
+  end
+end

data/app/mailers/munificent/admin/panic_mailer.rb

@@ -0,0 +1,19 @@
+module Munificent
+  module Admin
+    class PanicMailer < ApplicationMailer
+      # Subject can be set in your I18n file at config/locales/en.yml
+      # with the following lookup:
+      #
+      #   en.panic_mailer.missing_key.subject
+      #
+      def missing_key(donator, game)
+        return if User.none?
+
+        @donator = donator
+        @game = game
+
+        mail to: User.pluck(:email_address)
+      end
+    end
+  end
+end

data/app/models/concerns/authenticable.rb

@@ -0,0 +1,9 @@
+module Authenticable
+  extend ActiveSupport::Concern
+
+  included do
+    acts_as_authentic do |config|
+      config.crypto_provider = ::Authlogic::CryptoProviders::SCrypt
+    end
+  end
+end

data/app/models/munificent/admin/application_record.rb

@@ -0,0 +1,7 @@
+module Munificent
+  module Admin
+    class ApplicationRecord < ActiveRecord::Base
+      self.abstract_class = true
+    end
+  end
+end

data/app/models/munificent/admin/user.rb

@@ -0,0 +1,54 @@
+module Munificent
+  module Admin
+    class User < Munificent::ApplicationRecord
+      include Authenticable
+
+      attr_accessor :password_confirmation
+      attr_writer :require_password
+
+      def require_password?
+        !!@require_password
+      end
+
+      validates :password,
+        presence: true,
+        confirmation: true,
+        length: { minimum: 10 },
+        if: :require_password?
+      validates :email_address, presence: true
+
+      def has_2sv?
+        otp_secret.present?
+      end
+
+      def permissions
+        if full_access?
+          ["full access"]
+        else
+          [].tap do |perms|
+            perms << "data entry" if data_entry?
+            perms << "manages users" if manages_users?
+            perms << "support" if support?
+          end
+        end
+      end
+
+      def states
+        [].tap do |states|
+          states << "active" if active?
+          states << "approved" if approved?
+          states << "confirmed" if confirmed?
+        end
+      end
+
+      # We may use these later, but for now default them to `true`.
+      def active? = true
+      def approved? = true
+      def confirmed? = true
+
+      def to_s
+        name.presence || email_address
+      end
+    end
+  end
+end

data/app/models/munificent/admin/user_session.rb

@@ -0,0 +1,19 @@
+module Munificent
+  module Admin
+    class UserSession < Authlogic::Session::Base
+      login_field :email_address
+      record_selection_method :find_by_email_address
+
+      # This is a fairly restrictive configuration
+      # because this is an admin application.
+      consecutive_failed_logins_limit 5
+      encrypt_cookie true
+      generalize_credentials_error_messages true
+      httponly true
+      logout_on_timeout true
+      remember_me_for 20.hours
+      same_site "Strict"
+      single_access_allowed_request_types []
+    end
+  end
+end

data/app/presenters/munificent/admin/application_presenter.rb

@@ -0,0 +1,29 @@
+module Munificent
+  module Admin
+    class ApplicationPresenter < ActionView::Base
+      def self.delegate(array, to: :record)
+        super(*array, to:)
+      end
+
+      def self.present(record)
+        presenter_class_for(record).new(record)
+      end
+
+      def self.presenter_class_for(record)
+        "#{record.class.name}Presenter".constantize
+      rescue NameError
+        raise ArgumentError, "No presenter available for record type `#{record.class.name}`"
+      end
+
+      attr_reader :record
+
+      def initialize(record) # rubocop:disable Lint/MissingSuper
+        @record = record
+      end
+
+      def name
+        record
+      end
+    end
+  end
+end

data/app/presenters/munificent/admin/user_presenter.rb

@@ -0,0 +1,24 @@
+module Munificent
+  module Admin
+    class UserPresenter < ApplicationPresenter
+      delegate(
+        %i[
+          id
+          email_address
+          current_login_at
+          login_count
+          permissions
+          states
+        ],
+      )
+
+      def permissions
+        record.permissions.to_sentence.capitalize
+      end
+
+      def states
+        record.states.to_sentence.capitalize
+      end
+    end
+  end
+end

data/app/presenters/munificent/bundle_presenter.rb

@@ -0,0 +1,27 @@
+module Munificent
+  class BundlePresenter < Admin::ApplicationPresenter
+    delegate(
+      %i[
+        id
+        fundraiser
+      ],
+    )
+
+    delegate(
+      %i[
+        ends_at
+        starts_at
+      ], to: :"record.highest_tier",
+    )
+
+    def price
+      record.highest_tier&.human_price(symbol: true)
+    end
+
+    def state
+      tag.span(class: "badge text-bg-#{record.live? ? 'success' : 'secondary'}") do
+        record.state.humanize
+      end
+    end
+  end
+end

data/app/presenters/munificent/bundle_tier_presenter.rb

@@ -0,0 +1,20 @@
+module Munificent
+  class BundleTierPresenter < Admin::ApplicationPresenter
+    delegate(
+      %i[
+        id
+        ends_at
+        fundraiser
+        starts_at
+      ],
+    )
+
+    def price
+      record.human_price(symbol: true)
+    end
+
+    def games
+      record.bundle_tier_games.map(&:game).map(&:name).join(", ")
+    end
+  end
+end

data/app/presenters/munificent/charity_presenter.rb

@@ -0,0 +1,14 @@
+module Munificent
+  class CharityPresenter < Admin::ApplicationPresenter
+    delegate(
+      %i[
+        id
+        description
+      ],
+    )
+
+    def fundraisers
+      record.fundraisers.map(&:name).join(", ")
+    end
+  end
+end

data/app/presenters/munificent/donation_presenter.rb

@@ -0,0 +1,39 @@
+module Munificent
+  class DonationPresenter < Admin::ApplicationPresenter
+    delegate(
+      %i[
+        id
+        amount
+        created_at
+        curated_streamer
+        donated_by
+        donator_name
+        fundraiser
+        message
+      ],
+    )
+
+    def state
+      tag.span(class: "badge text-bg-#{badge_type}") do
+        record.state.humanize
+      end
+    end
+
+  private
+
+    def badge_type
+      case record.state
+      when "pending"
+        "secondary"
+      when "paid"
+        "info"
+      when "cancelled"
+        "danger"
+      when "fulfilled"
+        "success"
+      else
+        "light"
+      end
+    end
+  end
+end

data/app/presenters/munificent/donator_bundle_presenter.rb

@@ -0,0 +1,12 @@
+module Munificent
+  class DonatorBundlePresenter < Admin::ApplicationPresenter
+    delegate(
+      %i[
+        id
+        bundle
+        created_at
+        donator
+      ],
+    )
+  end
+end

data/app/presenters/munificent/donator_presenter.rb

@@ -0,0 +1,12 @@
+module Munificent
+  class DonatorPresenter < Admin::ApplicationPresenter
+    delegate(
+      %i[
+        id
+        chosen_name
+        created_at
+        email_address
+      ],
+    )
+  end
+end