RubyGems - munificent-admin - Versions diffs - 1.0.1 - Mend

munificent-admin 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (99) hide show

data/app/controllers/munificent/admin/otp_controller.rb ADDED Viewed

@@ -0,0 +1,57 @@
+require "rotp"
+require "rqrcode"
+module Munificent
+  module Admin
+    class OTPController < ApplicationController
+      skip_authorization_check
+      skip_before_action :enforce_2sv
+      before_action :require_setup, only: %i[input]
+      before_action :prevent_double_setup, only: %i[setup]
+      before_action :require_otp_issuer
+      def input; end
+      def setup
+        session[:otp_secret] = ROTP::Base32.random
+        totp = ROTP::TOTP.new(session[:otp_secret], issuer: ENV.fetch("OTP_ISSUER", nil))
+        @otp_url = totp.provisioning_uri(current_user.email_address)
+        @qr_code = RQRCode::QRCode.new(@otp_url).as_svg(standalone: false, module_size: 5)
+      end
+      def verify
+        otp_secret = current_user.otp_secret || session[:otp_secret]
+        raise "Missing OTP secret" if otp_secret.blank?
+        totp = ROTP::TOTP.new(otp_secret, issuer: ENV.fetch("OTP_ISSUER", nil), after: current_user.last_otp_at)
+        if totp.verify(params[:otp_code], drift_behind: 3)
+          current_user.otp_secret ||= session[:otp_secret]
+          current_user.update(last_otp_at: (session[:last_otp_at] = Time.zone.now))
+          session[:otp_secret] = nil
+          redirect_to root_path
+        elsif current_user.has_2sv?
+          redirect_to otp_input_path
+        else
+          redirect_to otp_setup_path
+        end
+      end
+    private
+      def require_setup
+        redirect_to otp_setup_path unless current_user&.has_2sv?
+      end
+      def prevent_double_setup
+        redirect_to otp_input_path if current_user&.has_2sv?
+      end
+      def require_otp_issuer
+        raise "Missing OTP issuer" if ENV["OTP_ISSUER"].blank?
+      end
+    end
+  end
+end

data/app/controllers/munificent/admin/user_sessions_controller.rb ADDED Viewed

@@ -0,0 +1,44 @@
+module Munificent
+  module Admin
+    class UserSessionsController < ApplicationController
+      skip_authorization_check
+      skip_before_action :require_login, only: %i[new create]
+      skip_before_action :enforce_2sv
+      def new
+        @user_session = UserSession.new
+      end
+      def create
+        @user_session = UserSession.new(user_session_params.to_h)
+        if @user_session.save
+          redirect_to root_path
+        else
+          flash[:alert] = @user_session.errors.full_messages.join(", ")
+          redirect_to new_user_session_path
+        end
+      end
+      def destroy
+        current_user_session.destroy
+        redirect_to new_user_session_path
+      end
+    private
+      def user_session_params
+        params.require(:user_session).permit(
+          *%i[
+            email_address
+            password
+            password_confirmation
+            remember_me
+          ],
+        )
+      end
+    end
+  end
+end

data/app/controllers/munificent/admin/users_controller.rb ADDED Viewed

@@ -0,0 +1,77 @@
+module Munificent
+  module Admin
+    class UsersController < ApplicationController
+      load_and_authorize_resource class: "Munificent::Admin::User"
+      def index
+        authorize!(:read, :user_accounts)
+      end
+      def show; end
+      def new; end
+      def edit; end
+      def create
+        if @user.save
+          flash[:notice] = "User created"
+          redirect_to edit_user_path(@user)
+        else
+          flash[:alert] = @user.errors.full_messages.join(", ")
+          redirect_to new_user_path
+        end
+      end
+      def update
+        model = :user
+        if params[model][:password].blank?
+          %w[password password_confirmation].each { |p| params[model].delete(p) }
+        end
+        @user.assign_attributes(user_params)
+        if @user.save
+          flash[:notice] = "User saved"
+        else
+          flash[:alert] = @user.errors.full_messages.join(", ")
+        end
+        redirect_to edit_user_path(@user)
+      end
+      def destroy
+        @user.destroy
+        redirect_to users_path
+      end
+    private
+      def user_params
+        params.require(:user).permit(
+          *%i[
+            active
+            approved
+            confirmed
+            data_entry
+            email_address
+            full_access
+            manages_users
+            name
+            password
+            password_confirmation
+            support
+          ],
+        )
+      end
+      def resource
+        @user
+      end
+      helper_method :resource
+      def presenter
+        @presenter ||= Munificent::Admin::ApplicationPresenter.present(@user)
+      end
+      helper_method :presenter
+    end
+  end
+end

data/app/form_builders/munificent/admin/form_builder.rb ADDED Viewed

@@ -0,0 +1,112 @@
+module Munificent
+  module Admin
+    class FormBuilder < ActionView::Helpers::FormBuilder
+      include ActionView::Helpers::TagHelper
+      include ActionView::Context
+      TEXT_FIELDS = %i[
+        email_field
+        number_field
+        password_field
+        text_area
+        text_field
+      ].freeze
+      UNFLOATABLE_TYPES = %i[
+        select
+      ].freeze
+      def field(type, name, label: name.to_s.humanize, **opts)
+        field_tag = case type
+        when *TEXT_FIELDS
+          public_send(type, name, class: "form-control", placeholder: (label unless table_mode?))
+        when :select
+          select(name, opts[:source], select_field_opts(opts), select_html_opts(opts))
+        else
+          send(type, name, class: "form-control")
+        end
+        wrap(
+          label(name, label, class: "form-label"),
+          field_tag,
+          field_name: name,
+          float: UNFLOATABLE_TYPES.exclude?(type),
+        )
+      end
+      def check_box(name, label: name.to_s.humanize, **opts)
+        check_block = tag.div(class: "form-check") {
+          super(name, class: "form-check-input", **check_box_opts(opts)) +
+            label(name, label, class: "form-check-label")
+        }
+        wrap(check_block, field_name: name)
+      end
+      def table(css_class: nil, &block)
+        @table_mode = true
+        contents = @template.capture(&block)
+        @table_mode = false
+        css_class = (%w[table table-bordered] + Array(css_class)).compact.join(" ")
+        tag.table(contents, class: css_class)
+      end
+      def money(name, default_currency: nil)
+        field(:select, "#{name}_currency",
+          label: "Currency",
+          source: Munificent::Currency.present_all,
+          selected: (object.public_send("#{name}_currency").presence || default_currency),
+        ) + field(:text_field, "human_#{name}", label: name.to_s.humanize)
+      end
+    private
+      def wrap(*args, field_name: nil, float: true)
+        row_class = ["field-#{field_name}"]
+        args.reverse! if float
+        if table_mode?
+          tag.tr(class: row_class.compact.join(" ")) do
+            args.compact.map { |arg| tag.td(arg) }.reverse.reduce(:+)
+          end
+        else
+          row_class << "mb-3"
+          row_class += %w[form-floating mb-3] if float
+          tag.div(class: row_class.compact.join(" ")) do
+            args.compact.reduce(:+)
+          end
+        end
+      end
+      def table_mode?
+        !!@table_mode
+      end
+      def select_field_opts(opts)
+        { include_blank: opts[:optional] }.tap do |field_opts|
+          field_opts[:selected] = opts[:selected] if opts[:selected]
+        end
+      end
+      def select_html_opts(opts)
+        { class: "form-select" }.tap do |html_opts|
+          if opts[:multiple]
+            html_opts.merge!(
+              multiple: true,
+              aria: { label: "multiple select" },
+            )
+          end
+        end
+      end
+      def check_box_opts(opts)
+        {}.tap do |field_opts|
+          field_opts[:checked] = opts[:checked] unless opts[:checked].nil?
+        end
+      end
+    end
+  end
+end

data/app/helpers/munificent/admin/application_helper.rb ADDED Viewed

@@ -0,0 +1,6 @@
+module Munificent
+  module Admin
+    module ApplicationHelper
+    end
+  end
+end

data/app/helpers/munificent/admin/form_helper.rb ADDED Viewed

@@ -0,0 +1,9 @@
+module Munificent
+  module Admin
+    module FormHelper
+      def form_for(*args, **kwargs, &)
+        super(*args, builder: Munificent::Admin::FormBuilder, **kwargs, &)
+      end
+    end
+  end
+end

data/app/helpers/munificent/admin/layout_helper.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module Munificent
+  module Admin
+    module LayoutHelper
+      def nav_link(*args, **kwargs)
+        link_to_unless_current(*args, **kwargs) do |text|
+          content_tag(:span, text)
+        end
+      end
+    end
+  end
+end

data/app/helpers/munificent/admin/state_machine_helper.rb ADDED Viewed

@@ -0,0 +1,49 @@
+module Munificent
+  module Admin
+    module StateMachineHelper
+    module_function
+      def aasm_buttons(resource, tag_name: "li")
+        resource.aasm.permitted_transitions.each do |transition|
+          event = transition.fetch(:event).to_s
+          content_for(:aasm_buttons) do
+            tag.public_send(tag_name) do
+              button_to(
+                event.humanize,
+                send("#{event}_#{resource.class.name.split('::').last.underscore}_path", resource),
+                method: :post,
+                data: { confirm: "Are you sure?" },
+              )
+            end
+          end
+        end
+        content_for(:aasm_buttons).presence
+      end
+      def define_routes(router, resource_class)
+        router.send(:member) do
+          resource_class.aasm.events.each do |event|
+            router.send(:post, event.to_s)
+          end
+        end
+      end
+      def define_actions(controller, resource_class)
+        singular_name = resource_class.name.split("::").last.underscore
+        resource_class.aasm.events.each do |event|
+          controller.define_method(event.name) do
+            resource.public_send("#{event.name}!")
+            redirect_to(send("#{singular_name}_path", resource),
+              notice: "#{event.name.to_s.humanize} was successful",
+            )
+          end
+        end
+        nil
+      end
+    end
+  end
+end

data/app/mailers/munificent/admin/application_mailer.rb ADDED Viewed

@@ -0,0 +1,8 @@
+module Munificent
+  module Admin
+    class ApplicationMailer < ActionMailer::Base
+      default from: -> { ENV.fetch("FROM_EMAIL_ADDRESS", nil) }
+      layout "mailer"
+    end
+  end
+end

data/app/mailers/munificent/admin/panic_mailer.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Munificent
+  module Admin
+    class PanicMailer < ApplicationMailer
+      # Subject can be set in your I18n file at config/locales/en.yml
+      # with the following lookup:
+      #
+      #   en.panic_mailer.missing_key.subject
+      #
+      def missing_key(donator, game)
+        return if User.none?
+        @donator = donator
+        @game = game
+        mail to: User.pluck(:email_address)
+      end
+    end
+  end
+end

data/app/models/concerns/authenticable.rb ADDED Viewed

@@ -0,0 +1,9 @@
+module Authenticable
+  extend ActiveSupport::Concern
+  included do
+    acts_as_authentic do |config|
+      config.crypto_provider = ::Authlogic::CryptoProviders::SCrypt
+    end
+  end
+end

data/app/models/munificent/admin/application_record.rb ADDED Viewed

@@ -0,0 +1,7 @@
+module Munificent
+  module Admin
+    class ApplicationRecord < ActiveRecord::Base
+      self.abstract_class = true
+    end
+  end
+end

data/app/models/munificent/admin/user.rb ADDED Viewed

@@ -0,0 +1,54 @@
+module Munificent
+  module Admin
+    class User < Munificent::ApplicationRecord
+      include Authenticable
+      attr_accessor :password_confirmation
+      attr_writer :require_password
+      def require_password?
+        !!@require_password
+      end
+      validates :password,
+        presence: true,
+        confirmation: true,
+        length: { minimum: 10 },
+        if: :require_password?
+      validates :email_address, presence: true
+      def has_2sv?
+        otp_secret.present?
+      end
+      def permissions
+        if full_access?
+          ["full access"]
+        else
+          [].tap do |perms|
+            perms << "data entry" if data_entry?
+            perms << "manages users" if manages_users?
+            perms << "support" if support?
+          end
+        end
+      end
+      def states
+        [].tap do |states|
+          states << "active" if active?
+          states << "approved" if approved?
+          states << "confirmed" if confirmed?
+        end
+      end
+      # We may use these later, but for now default them to `true`.
+      def active? = true
+      def approved? = true
+      def confirmed? = true
+      def to_s
+        name.presence || email_address
+      end
+    end
+  end
+end

data/app/models/munificent/admin/user_session.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Munificent
+  module Admin
+    class UserSession < Authlogic::Session::Base
+      login_field :email_address
+      record_selection_method :find_by_email_address
+      # This is a fairly restrictive configuration
+      # because this is an admin application.
+      consecutive_failed_logins_limit 5
+      encrypt_cookie true
+      generalize_credentials_error_messages true
+      httponly true
+      logout_on_timeout true
+      remember_me_for 20.hours
+      same_site "Strict"
+      single_access_allowed_request_types []
+    end
+  end
+end

data/app/presenters/munificent/admin/application_presenter.rb ADDED Viewed

@@ -0,0 +1,29 @@
+module Munificent
+  module Admin
+    class ApplicationPresenter < ActionView::Base
+      def self.delegate(array, to: :record)
+        super(*array, to:)
+      end
+      def self.present(record)
+        presenter_class_for(record).new(record)
+      end
+      def self.presenter_class_for(record)
+        "#{record.class.name}Presenter".constantize
+      rescue NameError
+        raise ArgumentError, "No presenter available for record type `#{record.class.name}`"
+      end
+      attr_reader :record
+      def initialize(record) # rubocop:disable Lint/MissingSuper
+        @record = record
+      end
+      def name
+        record
+      end
+    end
+  end
+end

data/app/presenters/munificent/admin/user_presenter.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module Munificent
+  module Admin
+    class UserPresenter < ApplicationPresenter
+      delegate(
+        %i[
+          id
+          email_address
+          current_login_at
+          login_count
+          permissions
+          states
+        ],
+      )
+      def permissions
+        record.permissions.to_sentence.capitalize
+      end
+      def states
+        record.states.to_sentence.capitalize
+      end
+    end
+  end
+end

data/app/presenters/munificent/bundle_presenter.rb ADDED Viewed

@@ -0,0 +1,27 @@
+module Munificent
+  class BundlePresenter < Admin::ApplicationPresenter
+    delegate(
+      %i[
+        id
+        fundraiser
+      ],
+    )
+    delegate(
+      %i[
+        ends_at
+        starts_at
+      ], to: :"record.highest_tier",
+    )
+    def price
+      record.highest_tier&.human_price(symbol: true)
+    end
+    def state
+      tag.span(class: "badge text-bg-#{record.live? ? 'success' : 'secondary'}") do
+        record.state.humanize
+      end
+    end
+  end
+end

data/app/presenters/munificent/bundle_tier_presenter.rb ADDED Viewed

@@ -0,0 +1,20 @@
+module Munificent
+  class BundleTierPresenter < Admin::ApplicationPresenter
+    delegate(
+      %i[
+        id
+        ends_at
+        fundraiser
+        starts_at
+      ],
+    )
+    def price
+      record.human_price(symbol: true)
+    end
+    def games
+      record.bundle_tier_games.map(&:game).map(&:name).join(", ")
+    end
+  end
+end

data/app/presenters/munificent/charity_presenter.rb ADDED Viewed

@@ -0,0 +1,14 @@
+module Munificent
+  class CharityPresenter < Admin::ApplicationPresenter
+    delegate(
+      %i[
+        id
+        description
+      ],
+    )
+    def fundraisers
+      record.fundraisers.map(&:name).join(", ")
+    end
+  end
+end

data/app/presenters/munificent/donation_presenter.rb ADDED Viewed

@@ -0,0 +1,39 @@
+module Munificent
+  class DonationPresenter < Admin::ApplicationPresenter
+    delegate(
+      %i[
+        id
+        amount
+        created_at
+        curated_streamer
+        donated_by
+        donator_name
+        fundraiser
+        message
+      ],
+    )
+    def state
+      tag.span(class: "badge text-bg-#{badge_type}") do
+        record.state.humanize
+      end
+    end
+  private
+    def badge_type
+      case record.state
+      when "pending"
+        "secondary"
+      when "paid"
+        "info"
+      when "cancelled"
+        "danger"
+      when "fulfilled"
+        "success"
+      else
+        "light"
+      end
+    end
+  end
+end

data/app/presenters/munificent/donator_bundle_presenter.rb ADDED Viewed

@@ -0,0 +1,12 @@
+module Munificent
+  class DonatorBundlePresenter < Admin::ApplicationPresenter
+    delegate(
+      %i[
+        id
+        bundle
+        created_at
+        donator
+      ],
+    )
+  end
+end

data/app/presenters/munificent/donator_presenter.rb ADDED Viewed

@@ -0,0 +1,12 @@
+module Munificent
+  class DonatorPresenter < Admin::ApplicationPresenter
+    delegate(
+      %i[
+        id
+        chosen_name
+        created_at
+        email_address
+      ],
+    )
+  end
+end