oh_my_log 1.0.1

data/lib/oh_my_log/log.rb

@@ -0,0 +1,140 @@
+require "active_support/all"
+require_relative '../oh_my_log'
+
+module OhMyLog
+  module Log
+    #all the models effected by this
+    mattr_accessor :targets
+    #config for this log
+    mattr_accessor :configuration
+    #contains all the request done in a session
+    mattr_accessor :history
+    #last action done by the user
+    mattr_accessor :last_recorded
+
+    def self.configuration_rule
+      configuration.models.keys[0]
+    end
+
+    def self.configuration_models
+      Log.configuration.models.values
+    end
+
+    def self.configure
+      self.configuration ||= Configuration.new
+      self.targets = []
+      self.history = []
+      yield(configuration)
+      self.configuration.add_selector(Selector.universal_for) if self.configuration.selectors.empty?
+      self.configuration.process_path
+    end
+
+    def self.clear
+      self.history = []
+    end
+
+    def self.reset
+      self.clear
+      self.flush
+      self.configuration = nil
+      self.last_recorded = nil
+    end
+
+    def self.add_target(target)
+      #do not add duplicates
+      self.targets << target unless self.targets.include? target
+    end
+
+    #Is the action/controller passed in params allowed by the selectors
+    # TODO: add method as well in the selector
+    #
+
+    def self.permitted_range?(selector, status)
+      in_range = true
+      case selector.status_codes.keys[0]
+      when "ONLY"
+        in_range = false
+        selector.status_codes.values[0].each do |range|
+          range = (range.to_i..range.to_i) if range.class != Range
+          in_range = (range === status.to_i) unless in_range
+        end
+      when "EXCEPT"
+        selector.status_codes.values[0].each do |range|
+          in_range = false if (range === status.to_i)
+        end
+      when "ALL"
+        in_range = true
+      else
+        raise "UNDEFINED RULE: please us any of [ONLY/EXCEPT/ALL]"
+      end
+      return in_range
+    end
+
+    def self.permitted_controller?(selector, ctrl_name)
+      case selector.controllers.keys[0]
+      when "ALL"
+        permitted_controller = true
+      when "ONLY"
+        permitted_controller = selector.controllers.values[0].include?(ctrl_name.classify)
+      when "EXCEPT"
+        permitted_controller = !selector.controllers.values[0].include?(ctrl_name.classify)
+      else
+        raise "UNDEFINED RULE: please us any of [ONLY/EXCEPT/ALL]"
+      end
+      return permitted_controller
+    end
+
+    def self.permitted_ip?(selector, ip)
+      case selector.ips.keys[0]
+      when "EXCEPT"
+        permitted_ip = selector.ips.values[0].include?(ip)
+      when "ONLY"
+        permitted_ip = !selector.ips.values[0].empty? && !selector.ips.values[0].include?(ip)
+      when "ALL"
+        permitted_ip = true
+      else
+        raise "UNDEFINED RULE: please us any of [ONLY/EXCEPT/ALL]"
+      end
+      return permitted_ip
+    end
+
+    def self.permitted_action?(selector, ctrl_action)
+      permitted_action = true
+      case selector.actions.keys[0]
+      when "EXCEPT"
+        selector.actions.values[0].each {|action| permitted_action = false if action.downcase.to_sym == ctrl_action}
+      when "ONLY"
+        selector.actions.values[0].each {|action| permitted_action = true if action.downcase.to_sym == ctrl_action}
+      when "ALL"
+        permitted_action = true
+      else
+        raise "UNDEFINED RULE: please us any of [ONLY/EXCEPT/ALL]"
+      end
+      return permitted_action
+    end
+
+    def self.loggable?(params, status, method)
+      ctrl_name = params["controller"]
+      ctrl_action = params["action"].to_sym
+      final_response = false
+      self.configuration.selectors.each do |selector|
+        final_response = permitted_range?(selector, status)
+        return false unless final_response
+
+        final_response = final_response && permitted_controller?(selector, ctrl_name)
+        return false unless final_response
+
+        final_response = final_response && permitted_ip?(selector, Thread.current[:remote_ip])
+        return false unless final_response
+
+        return false unless permitted_action?(selector, ctrl_action)
+      end
+      final_response
+    end
+
+    #once we processed an action we can get rid of all the cached data(targets) stored in the Log
+    def self.flush
+      self.targets = []
+    end
+  end
+end

data/lib/oh_my_log/mongoid_observer.rb

@@ -0,0 +1,11 @@
+module OhMyLog
+  class MongoidObserver < ::Mongoid::Observer
+
+    #this is the callback that happens every time after we made changes to the model
+    def after_save(model)
+      #we only add this model in the target list if this model got SUCCESSFULLY changed
+      must_be_logged = model.methods.include?(:saved_changes) ? model.saved_changes.empty? : model.changes.empty?
+      Log::add_target(model) unless must_be_logged
+    end
+  end
+end

data/lib/oh_my_log/observer_factory.rb

@@ -0,0 +1,90 @@
+module OhMyLog
+  module ObserverFactory
+
+    #this will initialize the observes logic
+    def self.activate_observers
+      #should raise an error if there are no observers -> "Build the observer list using the task"
+      Rails.application.eager_load!
+
+      build_activerecord_obs if defined?(ActiveRecord)
+      build_mongoid_obs if defined?(Mongoid)
+    end
+
+    #this will be runned by the task to build the collection of observed models FILE
+    require 'fileutils'
+
+    def self.generate_collection
+      Rails.application.eager_load!
+
+      #rebuild folder if it's already there
+      FileUtils.rm_rf(Rails.root + "app/models/observers/oh_my_log") if File.directory?(Rails.root + "app/models/observers/oh_my_log")
+      FileUtils.mkdir_p(Rails.root + "app/models/observers/oh_my_log")
+      generate_collection_for(ActiveRecord) if defined?(ActiveRecord)
+      generate_collection_for(Mongoid) if defined?(Mongoid)
+    end
+
+    def self.remove_collection
+      FileUtils.rm_rf(Rails.root + "app/models/observers/oh_my_log") if File.directory?(Rails.root + "app/models/observers/oh_my_log")
+    end
+
+    private
+
+    def self.build_activerecord_obs
+      supported_models = supported_models_for(ActiveRecord)
+      supported_models.each {|class_name| ActiveRecord::Base.add_observer class_name.instance}
+    end
+
+    def self.build_mongoid_obs
+      supported_models = supported_models_for(Mongoid)
+      supported_models.each {|class_name| ::Mongoid::Document.add_observer class_name.instance}
+    end
+
+    def self.generate_collection_for(klass)
+      models = available_models_for(klass)
+      models.each do |model|
+        model_file = File.join("#{Rails.root}/app", "models", "observers", "oh_my_log", model.underscore + "_observer.rb")
+        p "Generated #{model_file}"
+        File.open(model_file, "w+") do |f|
+          f << "class #{model + "Observer"} < OhMyLog::#{klass}Observer\nend"
+        end
+      end
+    end
+
+    def self.supported_models_for(klass)
+      supported_models = []
+      models = available_models_for(klass)
+      models.each do |model|
+        if File.file?(Rails.root + "app/models/observers/oh_my_log/#{model.underscore}_observer.rb")
+          supported_models << ('::' + model + "Observer").constantize
+        else
+          p "You didn't create an observer for #{model.constantize}"
+        end
+      end
+      return supported_models
+    end
+
+    private
+
+    def self.available_models_for(klass)
+      config_rule = Log.configuration_rule
+      config_models = Log.configuration_models
+      models = []
+      if klass == ActiveRecord
+        models = ActiveRecord::Base.subclasses.collect {|type| type.name}
+        models = models + ApplicationRecord.subclasses.collect {|type| type.name} if defined?(ApplicationRecord)
+      elsif klass == Mongoid
+        models = Mongoid.models.collect {|type| type.name}
+      end
+      #reject modules
+      models = models.reject {|model| model.include?("::") || model.include?("HABTM") || model.include?("Mongoid")}
+      case config_rule
+      when "ONLY"
+        return models.select {|model| config_models.include?(model)}
+      when "ALL"
+        return models
+      when "EXCEPT"
+        return models.reject {|model| config_models.include?(model)}
+      end
+    end
+  end
+end

data/lib/oh_my_log/request.rb

@@ -0,0 +1,22 @@
+module OhMyLog
+  module Log
+#the request is what the user is trying to do
+    class Request
+      attr_reader :sender, :date, :params, :method, :status
+
+      def initialize(args)
+        @sender = args[:sender]
+        @date = args[:date]
+        @params = args[:params]
+        @method = args[:method]
+        @status = args[:status]
+      end
+
+      def to_s
+        user_info = @sender.try(:email)
+        sender = !user_info.blank? ? user_info : Thread.current["remote_ip"]
+        "#{@date}, #{sender}, #{@method}, #{@params}, #{@status}"
+      end
+    end
+  end
+end

data/lib/oh_my_log/result.rb

@@ -0,0 +1,48 @@
+# Result contains the request and all the effects that a specific request caused all over the models
+module OhMyLog
+  module Log
+    class Result
+      attr_reader :effects
+      attr_reader :request
+
+      def initialize(request)
+        @request = request
+        @effects = calculate_effects
+      end
+
+      # call this to record the current action done by the user
+      def record!
+        if OhMyLog::Log.configuration.print_log
+          p "REQUEST"
+          p @request.to_s
+          p "RESPONSE" unless @effects.empty?
+          @effects.each {|effect| p effect.to_s}
+        end
+
+        print_into_log
+
+        #we can record everything that happend (OPTIONALL)
+        if OhMyLog::Log.configuration.record_history
+          OhMyLog::Log.history << self
+        end
+        #We always save the last operation recorded
+        OhMyLog::Log.last_recorded = self
+        #save this string on file or upload it somewhere
+      end
+
+      private
+
+      def print_into_log
+        OhMyLog::Log.configuration.log_instance.info('REQUEST')
+        OhMyLog::Log.configuration.log_instance.info(@request.to_s)
+        OhMyLog::Log.configuration.log_instance.info('RESPONSE') unless @effects.empty?
+        @effects.each {|effect| OhMyLog::Log.configuration.log_instance.info(effect.to_s)}
+      end
+
+      def calculate_effects
+        return OhMyLog::Log::targets.map {|target| Effect.new(target)}
+      end
+
+    end
+  end
+end

data/lib/oh_my_log/selector.rb

@@ -0,0 +1,44 @@
+module OhMyLog
+  module Log
+#Selector is a set of rule that Log.loggable? will have to respect
+    class Selector
+      attr_reader :controllers, :actions, :status_codes, :ips
+      METHODS = ["GET", "HEAD", "POST", "PATCH", "PUT", "DELETE"].freeze
+      ACTIONS = ["ONLY", "EXCEPT", "ALL"].freeze
+      # add methods in the same style as anythingelse
+      # and it will affect the parameter method in the loggable function in LOG.rb
+      ##EXCEPT O ONLY
+      def initialize(controllers: default_hash_setting, actions: default_hash_setting, ips: default_hash_setting, status_codes: default_hash_setting)
+        @controllers = controllers
+        @actions = actions
+        @ips = ips
+        @status_codes = status_codes
+        build_attr_setters
+      end
+
+      private
+
+      def default_hash_setting
+        return {"ALL" => []}
+      end
+
+      def self.default_hash_setting
+        return {"ALL" => []}
+      end
+
+      def build_attr_setters
+        self.instance_variables.each do |attribute|
+          attribute = attribute.to_s.gsub("@", "")
+          self.define_singleton_method(:"set_#{attribute}") do |value|
+            raise "Unpermitted rule: use #{ACTIONS}" if attribute == "rule" && !ACTIONS.include?(value)
+            instance_variable_set("@#{attribute}", value)
+          end
+        end
+      end
+
+      def self.universal_for(actions: default_hash_setting, controllers: default_hash_setting)
+        return Selector.new(controllers: controllers, actions: actions)
+      end
+    end
+  end
+end

data/lib/oh_my_log/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module OhMyLog
+  VERSION = '1.0.1'
+end

data/lib/oh_my_log.rb

@@ -0,0 +1,47 @@
+require 'rails/observers/activerecord/base'
+#force LOAD the gem "rails-observers"
+module ActiveRecord
+  autoload :Observer, 'rails/observers/activerecord/observer'
+end
+
+#load the gem's lib folder
+Dir[File.dirname(__FILE__) + '/oh_my_log/*.rb'].each do |file|
+  name = File.basename(file, File.extname(file))
+  #we are gonna skip this file FOR NOW since it depends of gem loaded after the rails initializer
+  next if name == "mongoid_observer"
+  require_relative "oh_my_log/" + name
+end
+
+module OhMyLog
+  #call this after you configured the Log Module
+  def self.start
+    Railtie.start_oh_my_log
+
+    #the main loop to get callbacks from controllers
+    ActiveSupport::Notifications.subscribe "process_action.action_controller" do |*args|
+      data = args[-1]
+      if Log::loggable?(data[:params], data[:status], data[:method])
+        request = Log::Request.new(sender: Thread.current[:user], date: Time.now.utc, params: data[:params], method: data[:method], status: data[:status])
+        result = Log::Result.new(request)
+        result.record!
+      end
+      Log::flush
+    end
+  end
+
+  def self.generate_initializer
+    FileUtils.cp_r(File.expand_path(__dir__ + '/../blue_print/oh_my_log_initializer.rb'), Rails.root + "config/initializers")
+    p "Successfully created initializer!"
+  end
+
+  def self.destroy_initializer
+    path = Rails.root + "config/initializers/oh_my_log_initializer.rb"
+    File.delete(path) if File.exist?(path)
+    p "Successfully destroyed the initializer!"
+  end
+
+end
+
+#load the script to inject code to rails source and create rake task
+require_relative "railtie"
+

data/lib/railtie.rb

@@ -0,0 +1,48 @@
+#let's inject some code into rails before and after the initialization
+class Railtie < ::Rails::Railtie
+  #auto load our observers folder before rails freeze this variable
+  initializer 'activeservice.autoload', :before => :set_autoload_paths do |app|
+    if File.directory?(Rails.root + "app/models/observers/oh_my_log")
+      app.config.autoload_paths << "app/models/observers/oh_my_log"
+    else
+      p "Could not find the observers folder, did you use the task to generate them?"
+    end
+  end
+
+  #now let's start our gem(only if there is an initializer) after the rails initialize process
+  config.after_initialize do
+    load Rails.root + "app/controllers/application_controller.rb"
+    class ::ApplicationController
+      before_action :get__session__info
+
+      def get__session__info
+        user = nil
+        if defined?(current_user)
+          user = current_user
+        elsif defined?(current_admin_user)
+          user = current_admin_user
+        end
+        Thread.current[:user] = user
+        Thread.current[:remote_ip] = request.remote_ip
+      end
+    end
+  end
+
+  def self.start_oh_my_log
+    if defined?(Mongoid)
+      require 'mongoid-observers'
+      require_relative "oh_my_log/mongoid_observer"
+    end
+    begin
+      require Rails.root + "config/initializers/oh_my_log_initializer.rb"
+      ::OhMyLog::ObserverFactory.activate_observers
+    rescue
+      return "could not start the gem, did you run oh_my_log:install ?"
+    end
+  end
+
+  #time to add some tasks
+  rake_tasks do
+    load 'tasks/oh_my_log.rake'
+  end
+end

data/lib/tasks/oh_my_log.rake

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+namespace :oh_my_log do
+  desc 'Generate the observers for each ActiveRecord model'
+  # in futuro fare che puoi passare parametri e in base a quello limita gli observer da generare
+  task generate_observers: :environment do
+    raise "Cannot create observers without an initializer, did you created it with 'oh_my_log:generate_initializer'" unless File.file?(Rails.root + 'config/initializers/oh_my_log_initializer.rb')
+    OhMyLog::ObserverFactory.generate_collection
+  end
+  desc 'Generate a template initializer for OhMyLog'
+  # in futuro puoi passare direttamente qui alcune impostazioni dell' initialize
+  task generate_initializer: :environment do
+    raise 'The initializer has been already generated!' if File.file?(Rails.root + 'config/initializers/oh_my_log_initializer')
+    OhMyLog.generate_initializer
+  end
+
+  desc 'Install the gem by building initializer and observers'
+  task install: :environment do
+    OhMyLog.generate_initializer
+    p "generated initializer"
+    sleep(1)
+    require Rails.root + "config/initializers/oh_my_log_initializer.rb"
+    OhMyLog::ObserverFactory.generate_collection
+    p "generated collections"
+  end
+
+  desc 'Clean observers and initializer'
+  task clean: :environment do
+    OhMyLog.destroy_initializer
+    OhMyLog::ObserverFactory.remove_collection
+  end
+end

data/oh_my_log.gemspec

@@ -0,0 +1,36 @@
+# -*- encoding: utf-8 -*-
+# frozen_string_literal: true
+require 'rubygems'
+$LOAD_PATH.push File.expand_path('../lib', __FILE__)
+require 'oh_my_log/version'
+
+Gem::Specification.new do |s|
+  s.name = %q{oh_my_log}
+  s.authors = ["Fabrizio Spadaro"]
+  s.email = ["work.fabriziospadaro@gmail.com"]
+  s.license = "MIT"
+  s.version = OhMyLog::VERSION
+  s.platform = Gem::Platform::RUBY
+  s.date = %q{2018-11-26}
+  s.homepage = 'https://github.com/fabriziospadaro/oh_my_log'
+  s.summary = %q{A powerful auditing logging system}
+  s.files = `git ls-files`.split($\)
+  s.required_ruby_version = '>= 2.3.0' #, '<= 2.5.0'
+  s.require_paths = ["lib"]
+
+  if RUBY_VERSION >= '2.4'
+    s.add_runtime_dependency 'rails', '>= 4.2.0', '< 7.0'
+  else
+    s.add_runtime_dependency 'railties', '>= 4.2.0', '< 6.0'
+  end
+  s.add_runtime_dependency 'json'
+  s.add_runtime_dependency("rails-observers", "~> 0.1.5")
+  s.add_development_dependency 'coveralls'
+  s.add_development_dependency 'rubocop', '~> 0.59.2'
+  s.add_development_dependency 'bundler'
+  s.add_development_dependency 'appraisal'
+  s.add_development_dependency 'sqlite3', '1.3.10'
+  s.add_development_dependency 'rspec-core'
+  s.add_development_dependency 'wwtd'
+  s.add_development_dependency 'rspec-rails'
+end

data/spec/controllers/foos_controller_spec.rb

@@ -0,0 +1,116 @@
+require 'rails_helper'
+
+RSpec.describe FoosController, type: :controller do
+  let(:oml) {OhMyLog::Log}
+
+  context "#When using a custom configuration for the Logger" do
+    before(:all) do
+      Rake::Task['oh_my_log:install'].invoke
+      Foo.destroy_all
+      Doo.destroy_all
+      OhMyLog.start
+    end
+    #reset the configuration to the default state
+    before(:each) do
+      oml.reset
+      oml.configure do |config|
+        config.print_log = true
+        selector = oml::Selector.universal_for(actions: {"EXCEPT" => ["index"]})
+        config.add_selector(selector)
+      end
+    end
+
+    after(:all) do
+      Rake::Task['oh_my_log:clean'].invoke
+    end
+
+    it "Should not log anything when the response is 200 and we put 200 in the status_codes blacklist" do
+      oml.configuration.selectors[-1].set_status_codes("EXCEPT" => [(200..204)])
+      put :create, params: {name: 'foo name'}
+      expect(oml.last_recorded).to eq(nil)
+    end
+    it "Should log when the response is 200 and we put 200 in the white_list" do
+      oml.configuration.selectors[-1].set_status_codes("ONLY" => [(200..204)])
+      put :create, params: {name: 'foo name'}
+      expect(oml.last_recorded).not_to eq(nil)
+    end
+    it "Should not log when we removing the FooController from the permitted controller list" do
+      oml.configuration.selectors[-1].set_controllers({"ONLY" => ["Doo"]})
+      put :create, params: {name: 'foo name'}
+      expect(oml.last_recorded).to eq(nil)
+    end
+    it "Should log when including FooController in the permitted controller list" do
+      oml.configuration.selectors[-1].set_controllers({"ONLY" => ["Foo"]})
+      put :create, params: {name: 'foo name'}
+      expect(oml.last_recorded).not_to eq(nil)
+    end
+    it "Should not log when using the create method and using a configuration to only log the index action" do
+      oml.configuration.selectors[-1].set_actions("EXCEPT" => ["create"])
+      put :create, params: {name: 'foo name'}
+      expect(oml.last_recorded).to eq(nil)
+    end
+    it "Should log when rooting to index and using a configuration to only log the index action" do
+      oml.configuration.selectors[-1].set_actions("ONLY" => ["index"])
+      get :index
+      expect(oml.last_recorded).not_to eq(nil)
+    end
+    ##non va perchè non si riesce a fare il monkeypatch di application controller dato ceh abbiamo il rails dei poveri
+    it "Should not log when black listing the local ip" do
+      oml.configuration.selectors[-1].set_ips("EXCEPT" => ["192.168.0.1"])
+      put :create, params: {name: 'foo name'}
+      expect(oml.last_recorded).to eq(nil)
+    end
+    it "Should be able to correctly use multiple selector" do
+      selector = OhMyLog::Log::Selector.new
+      selector.set_controllers({"EXCEPT" => ["Foo"]})
+      oml.configuration.add_selector(selector)
+      put :create, params: {name: 'foo name'}
+      expect(oml.last_recorded).to eq(nil)
+    end
+  end
+
+  context "When testing the event logger for a generic Model" do
+    before(:all) do
+      Foo.destroy_all
+      Doo.destroy_all
+      @dummy = Foo.create(name: "Dummy model", value: 2)
+    end
+    before(:each) do
+      oml.reset
+      oml.configure do |config|
+        config.print_log = true
+        selector = oml::Selector.universal_for(actions: {"EXCEPT" => ["index"]})
+        config.add_selector(selector)
+      end
+    end
+    it "Should create a log in the path specified in teh configuration" do
+      expect(File.file?(Rails.root + "log/oh_my_log.log")).to eq(true)
+    end
+    it "Should write a log when creating a Model" do
+      put :create, params: {name: 'foo name'}
+      expect(oml.last_recorded).not_to eq(nil)
+    end
+    it "Should write a log when changing an Model" do
+      if Rails::VERSION::MAJOR >= 5
+        put :update, params: {name: "dummy name", value: 99, id: @dummy.id}
+      else
+        put :update, {name: "dummy name", value: 99, id: @dummy.id}
+      end
+      expect(oml.last_recorded).not_to eq(nil)
+    end
+
+    it "The log created should have a receiver if the action made any changes to the model" do
+      if Rails::VERSION::MAJOR >= 5
+        put :update, params: {name: "not dummy name", value: 99, id: @dummy.id}
+      else
+        put :update, {name: "not dummy name", value: 99, id: @dummy.id}
+      end
+      expect(oml.last_recorded.effects[0].receiver).not_to eq(nil)
+    end
+
+    it "The action indicated by the log should math the action did by the controller " do
+      put :create, params: {name: "nameless dummy"}
+      expect(oml.last_recorded.request.params["action"]).to eq("create")
+    end
+  end
+end

data/spec/dummy/Rakefile

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+require File.expand_path('config/application', __dir__)
+Rails.application.load_tasks

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+end

data/spec/dummy/app/controllers/foos_controller.rb

@@ -0,0 +1,23 @@
+class FoosController < ActionController::Base
+  protect_from_forgery
+  def index
+  end
+
+  def create
+    Foo.create(name: params["name"],value: 0)
+  end
+
+  def update
+    Foo.find(params["id"]).update(name: params["name"],value: params["value"])
+    redirect_to edit_foo_url
+  end
+
+  def edit
+  end
+
+  def two_in_one
+    Doo.create(name: "doo dummy", value: 2)
+    Foo.first.update(name: "Dummy nameee",value: 4)
+  end
+
+end