panda_cms 0.5.0

data/app/controllers/panda_cms/admin/pages_controller.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+module PandaCms
+  module Admin
+    class PagesController < ApplicationController
+      before_action :set_initial_breadcrumb, only: %i[index edit new create update]
+      before_action :set_paper_trail_whodunnit, only: %i[create update]
+      before_action :authenticate_admin_user!
+
+      # Lists all pages which can be managed by the administrator
+      # @type GET
+      # @return ActiveRecord::Collection A list of all pages
+      def index
+        homepage = PandaCms::Page.find_by(path: "/")
+        render :index, locals: {root_page: homepage}
+      end
+
+      # Loads the add page form
+      # @type GET
+      def new
+        locals = setup_new_page_form(page: PandaCms::Page.new)
+        render :new, locals: locals
+      end
+
+      # Loads the page editor
+      # @type GET
+      def edit
+        add_breadcrumb page.title, edit_admin_page_path(page)
+        render :edit, locals: {page: page, template: page.template}
+      end
+
+      # POST /admin/pages
+      def create
+        page = PandaCms::Page.new(page_params)
+        if page.save
+          page.update(path: page.parent.path + page.path) unless page.parent.path == "/"
+          redirect_to edit_admin_page_path(page), notice: "The page was successfully created."
+        else
+          flash[:error] = "There was an error creating the page."
+          locals = setup_new_page_form(page: page)
+          render :new, locals: locals, status: :unprocessable_entity
+        end
+      end
+
+      # @type PATCH/PUT
+      # @return
+      def update
+        if page.update(page_params)
+          redirect_to edit_admin_page_path(page),
+            status: :see_other,
+            flash: {success: "This page was successfully updated!"}
+        else
+          flash[:error] = "There was an error updating the page."
+          render :edit, status: :unprocessable_entity
+        end
+      end
+
+      private
+
+      # Get the page from the ID
+      # @type private
+      # @return PandaCms::Page
+      def page
+        @page ||= if params[:id]
+          PandaCms::Page.find(params[:id])
+        else
+          PandaCms::Page.new
+        end
+      end
+
+      def set_initial_breadcrumb
+        add_breadcrumb "Pages", admin_pages_path
+      end
+
+      def setup_new_page_form(page:)
+        add_breadcrumb "Add Page", new_admin_page_path
+        {page: page}
+      end
+
+      # Only allow a list of trusted parameters through.
+      # @type private
+      # @return ActionController::StrongParameters
+      def page_params
+        params.require(:page).permit(:title, :path, :panda_cms_template_id, :parent_id, :status)
+      end
+    end
+  end
+end

data/app/controllers/panda_cms/admin/posts_controller.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module PandaCms
+  module Admin
+    class PostsController < ApplicationController
+      before_action :set_initial_breadcrumb, only: %i[index]
+      # before_action :set_paper_trail_whodunnit, only: %i[create update]
+      before_action :authenticate_admin_user!
+
+      # Get all posts
+      # @type GET
+      # @return ActiveRecord::Collection A list of all posts
+      def index
+        posts = PandaCms::Post.order(:published_at)
+        render :index, locals: {posts: posts}
+      end
+
+      private
+
+      def set_initial_breadcrumb
+        add_breadcrumb "Posts", admin_posts_path
+      end
+
+      private
+
+      # Only allow a list of trusted parameters through
+      # @type private
+      # @return ActionController::StrongParameters
+      def form_params
+        params.require(:post).permit(:title, :slug, :content, :published_at)
+      end
+    end
+  end
+end

data/app/controllers/panda_cms/admin/sessions_controller.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+module PandaCms
+  module Admin
+    class SessionsController < ApplicationController
+      layout "panda_cms/public"
+
+      def new
+        @providers = PandaCms.authentication.select { |_, v| v[:enabled] && !v[:hidden] }.keys
+      end
+
+      def create
+        user_info = request.env.dig("omniauth.auth", "info")
+        provider = params[:provider].to_sym
+
+        unless PandaCms.authentication.dig(provider, :enabled)
+          Rails.logger.error "Authentication provider '#{provider}' is not enabled"
+          redirect_to admin_login_path, flash: {error: t("panda_cms.admin.sessions.create.error")}
+          return
+        end
+
+        user = PandaCms::User.find_by(email: user_info["email"])
+
+        if !user && PandaCms.authentication.dig(provider, :create_account_on_first_login)
+          create_as_admin = PandaCms.authentication.dig(provider, :create_as_admin)
+
+          # Always create the first user as admin, regardless of what our settings look like
+          # else we can't ever really login. :)
+          create_as_admin = true if !create_as_admin && PandaCms::User.count.zero?
+
+          if user_info["first_name"] && user_info["last_name"]
+            firstname = user_info["first_name"]
+            lastname = user_info["last_name"]
+          elsif user_info["name"]
+            firstname, lastname = user_info["name"].split(" ", 2)
+          end
+
+          user = User.find_or_create_by(
+            email: user_info["email"]
+          ) do |u|
+            u.firstname = firstname
+            u.lastname = lastname
+            u.admin = create_as_admin
+            u.image_url = user_info["image"]
+          end
+        end
+
+        if user.nil? || !user.admin?
+          # User can't be found with this email address or can't login
+          Rails.logger.info "User #{user.id} attempted admin login, is not admin." if user && !user.admin
+          redirect_to admin_login_path, flash: {error: t("panda_cms.admin.sessions.create.error")}
+          return
+        end
+
+        session[:user_id] = user.id
+        PandaCms::Current.user = user
+
+        redirect_path = request.env["omniauth.origin"] || admin_dashboard_path
+        redirect_to redirect_path, flash: {success: t("panda_cms.admin.sessions.create.success")}
+      rescue ::OmniAuth::Strategies::OAuth2::CallbackError => e
+        Rails.logger.error "OAuth2 login callback error: #{e.message}"
+        redirect_to admin_login_path, flash: {error: t("panda_cms.admin.sessions.create.error")}
+      rescue ::OAuth2::Error => e
+        Rails.logger.error "OAuth2 login error: #{e.message}"
+        redirect_to admin_login_path, flash: {error: t("panda_cms.admin.sessions.create.error")}
+      rescue => e
+        Rails.logger.error "Unknown login error: #{e.message}"
+        redirect_to admin_login_path, flash: {error: t("panda_cms.admin.sessions.create.error")}
+      end
+
+      def failure
+        Rails.logger.error "Login failure: #{params[:message]} from #{params[:origin]} using #{params[:strategy]}"
+        redirect_to admin_login_path, flash: {error: t("panda_cms.admin.sessions.create.error")}
+      end
+
+      def destroy
+        PandaCms::Current.user = nil
+        session[:user_id] = nil
+        redirect_to admin_login_path, flash: {success: t("panda_cms.admin.sessions.destroy.success")}
+      end
+    end
+  end
+end

data/app/controllers/panda_cms/admin/settings/bulk_editor_controller.rb

@@ -0,0 +1,35 @@
+module PandaCms
+  class Admin::Settings::BulkEditorController < ApplicationController
+    before_action :set_initial_breadcrumb, only: %i[new]
+
+    def new
+      @json_data = BulkEditor.export
+    end
+
+    def create
+      begin
+        debug_output = BulkEditor.import(params[:site_content])
+      rescue JSON::ParserError
+        redirect_to admin_settings_bulk_editor_path, flash: {error: "Error parsing content; are you sure this update is valid? Reverting..."}
+        return
+      end
+
+      # Grab the latest content back so it's all formatted properly
+      @json_data = BulkEditor.export
+
+      if debug_output[:error].empty? && debug_output[:warning].empty? && debug_output[:success].empty?
+        redirect_to admin_settings_bulk_editor_path, flash: {success: "No changes were found!"}
+      else
+        @debug = debug_output
+        render :new, flash: {warning: "Please review the output below for more information."}
+      end
+    end
+
+    private
+
+    def set_initial_breadcrumb
+      add_breadcrumb "Settings", admin_settings_path
+      add_breadcrumb "Bulk Editor", "#"
+    end
+  end
+end

data/app/controllers/panda_cms/admin/settings_controller.rb

@@ -0,0 +1,18 @@
+module PandaCms
+  class Admin::SettingsController < ApplicationController
+    before_action :set_initial_breadcrumb, only: %i[index show]
+    before_action :authenticate_admin_user!
+
+    def index
+    end
+
+    def show
+    end
+
+    private
+
+    def set_initial_breadcrumb
+      add_breadcrumb "Settings", admin_settings_path
+    end
+  end
+end

data/app/controllers/panda_cms/application_controller.rb

@@ -0,0 +1,55 @@
+module PandaCms
+  class ApplicationController < ::ActionController::Base
+    include ApplicationHelper
+    include ::ApplicationHelper
+
+    protect_from_forgery with: :exception
+
+    # Add flash types for improved alert support with Tailwind
+    add_flash_types :success, :warning, :error, :info
+
+    before_action :set_current_request_details
+
+    helper_method :breadcrumbs
+    helper_method :current_user
+    helper_method :user_signed_in?
+
+    def breadcrumbs
+      @breadcrumbs ||= []
+    end
+
+    def add_breadcrumb(name, path = nil)
+      breadcrumbs << Breadcrumb.new(name, path)
+    end
+
+    # Set the current request details
+    # @return [void]
+    def set_current_request_details
+      PandaCms::Current.request_id = request.uuid
+      PandaCms::Current.user_agent = request.user_agent
+      PandaCms::Current.ip_address = request.ip
+      PandaCms::Current.root = request.base_url
+      PandaCms::Current.page = nil
+      PandaCms::Current.user ||= User.find_by(id: session[:user_id]) if session[:user_id]
+
+      PandaCms.url ||= PandaCms::Current.root
+    end
+
+    def authenticate_user!
+      redirect_to root_path, flash: {error: "Please login to view this!"} unless user_signed_in?
+    end
+
+    def authenticate_admin_user!
+      redirect_to root_path, flash: {error: "Please login to view this!"} unless user_signed_in? && current_user.admin?
+    end
+
+    # Required for paper_trail and seems as good as convention these days
+    def current_user
+      PandaCms::Current.user
+    end
+
+    def user_signed_in?
+      !!PandaCms::Current.user
+    end
+  end
+end

data/app/controllers/panda_cms/errors_controller.rb

@@ -0,0 +1,31 @@
+module PandaCms
+  class ErrorsController < ApplicationController
+    layout "error"
+
+    def show
+      exception = request.env["action_dispatch.exception"]
+      status_code = exception.try(:status_code) || ActionDispatch::ExceptionWrapper.new(request.env, exception).status_code
+
+      render view_for_code(status_code), status: status_code
+    end
+
+    def error_503
+      render view_for_code(503), status: 503
+    end
+
+    private
+
+    def view_for_code(code)
+      supported_error_codes.fetch(code) { "404" }
+    end
+
+    def supported_error_codes
+      {
+        403 => "403",
+        404 => "404",
+        500 => "500",
+        503 => "503"
+      }
+    end
+  end
+end

data/app/controllers/panda_cms/form_submissions_controller.rb

@@ -0,0 +1,21 @@
+module PandaCms
+  class FormSubmissionsController < ApplicationController
+    def create
+      vars = params.except(:authenticity_token, :controller, :action, :id)
+
+      form = PandaCms::Form.find(params[:id])
+      form_submission = PandaCms::FormSubmission.create(form_id: params[:id], data: vars.to_unsafe_h)
+      form.update(submission_count: form.submission_count + 1)
+
+      PandaCms::FormMailer.notification_email(form: form, form_submission: form_submission).deliver_now
+
+      if (completion_path = form&.completion_path)
+        redirect_to completion_path
+      else
+        # TODO: This isn't a great fallback, we should do something nice here...
+        # Perhaps a simple JS alert when sent?
+        redirect_to "/"
+      end
+    end
+  end
+end

data/app/controllers/panda_cms/pages_controller.rb

@@ -0,0 +1,56 @@
+module PandaCms
+  class PagesController < ApplicationController
+    include ActionView::Helpers::TagHelper
+
+    def root
+      params[:path] = ""
+      show
+    end
+
+    def show
+      if PandaCms.require_login_to_view && !user_signed_in?
+        redirect_to panda_cms_maintenance_path and return
+      end
+
+      path_to_find = "/" + params[:path].to_s
+      page = Page.find_by(path: path_to_find) || Page.find_by(path: "/404")
+      PandaCms::Current.page = page
+
+      if page
+        globals = {
+          page: page,
+          title: page.title
+        }
+
+        unless ignore_visit?
+          RecordVisitJob.perform_later(
+            url: request.url,
+            user_agent: request.user_agent,
+            referrer: request.referrer,
+            ip_address: request.remote_ip,
+            page_id: page.id,
+            current_user_id: current_user&.id,
+            params: params.to_unsafe_h.except(:controller, :action, :path),
+            visited_at: Time.zone.now
+          )
+        end
+
+        render inline: "", assigns: globals, status: :ok, layout: page.template.file_path
+      else
+        # This works for now, but we may want to override in future (e.g. custom 404s)
+        render file: "#{Rails.root}/public/404.html", layout: false, status: :not_found
+      end
+    end
+
+    private
+
+    def ignore_visit?
+      # Ignore visits from bots (TODO: make this configurable)
+      # return true if request.user_agent =~ /bot/i
+      # Ignore visits from Honeybadger
+      return true if request.headers.to_h.key? "Honeybadger-Token"
+
+      false
+    end
+  end
+end

data/app/controllers/panda_cms/posts_controller.rb

@@ -0,0 +1,17 @@
+module PandaCms
+  class PostsController < ApplicationController
+    def index
+    end
+
+    def show
+      post = PandaCms::Post.find_by(slug: params[:slug])
+      # TODO: Make this much nicer in future
+      globals = {
+        post: post,
+        title: ""
+      }
+
+      render inline: "", assigns: globals, status: :ok, layout: "layouts/post"
+    end
+  end
+end

data/app/helpers/panda_cms/admin/files_helper.rb

@@ -0,0 +1,4 @@
+module PandaCms
+  module Admin::FilesHelper
+  end
+end

data/app/helpers/panda_cms/admin/pages_helper.rb

@@ -0,0 +1,4 @@
+module PandaCms
+  module Admin::PagesHelper
+  end
+end

data/app/helpers/panda_cms/application_helper.rb

@@ -0,0 +1,96 @@
+module PandaCms
+  module ApplicationHelper
+    def title_tag
+      PandaCms.title
+    end
+
+    def panda_cms_editor
+      if Current.user&.admin
+        content_tag(:a, "🐼", href: edit_admin_page_url(Current.page), class: "text-3xl inline absolute right-2 top-2")
+      end
+    end
+
+    def active_link?(path, match: :starts_with)
+      if match == :starts_with
+        return request.path.starts_with?(path)
+      elsif match == :exact
+        return (request.path == path)
+      end
+
+      false
+    end
+
+    def block_link_to(name = nil, options = nil, html_options = {}, &)
+      html_options[:class] = "block-link"
+      link_to(name, options, html_options, &)
+    end
+
+    def panda_cms_form_with(**options, &)
+      options[:builder] = PandaCms::FormBuilder
+      options[:class] ||= ""
+      form_with(**options, &)
+    end
+
+    def nav_class(mode)
+      if mode == "mobile"
+        "-mx-3 block rounded-lg px-3 py-2 font-semibold leading-6 text-white hover:text-white hover:underline focus:underline"
+      else
+        "font-semibold leading-6 text-white hover:text-white hover:underline focus:underline"
+      end
+    end
+
+    def selected_nav_highlight_colour_classes(request)
+      "bg-mid text-white relative flex transition-all py-3 px-2 mb-2 rounded-md group flex gap-x-3 rounded-md text-base leading-6 font-normal "
+    end
+
+    def nav_highlight_colour_classes(request)
+      "text-white hover:bg-mid/60 transition-all group flex gap-x-3 py-3 px-2 mb-2 rounded-md text-base leading-6 font-normal "
+    end
+
+    def table_indent(item_with_level_attribute)
+      case item_with_level_attribute.level
+      when 0
+        "ml-0"
+      when 1
+        "ml-4"
+      when 2
+        "ml-8"
+      when 3
+        "ml-12"
+      when 4
+        "ml-16"
+      when 5
+        "ml-20"
+      when 6
+        "ml-24"
+      when 7
+        "ml-28"
+      when 8
+        "ml-32"
+      when 9
+        "ml-36"
+      when 10
+        "ml-40" # We can go to 72...
+      else
+        "ml-48"
+      end
+    end
+
+    def menu_indent(item_with_level_attribute)
+      case item_with_level_attribute.level
+      when 0
+        "pl-0"
+      when 1
+        "pl-4"
+      when 2
+        "pl-8"
+      when 3
+        "pl-12"
+      when 4
+        "pl-16"
+      else
+        "pl-20"
+      end
+    end
+  end
+end

data/app/helpers/panda_cms/pages_helper.rb

@@ -0,0 +1,4 @@
+module PandaCms
+  module PagesHelper
+  end
+end

data/app/helpers/panda_cms/theme_helper.rb

@@ -0,0 +1,16 @@
+module PandaCms
+  module ThemeHelper
+    # TODO: Move these into one method?
+    def h1(text, icon: "", additional_styles: "")
+      render HeadingComponent.new(text: text, level: 1, icon: icon, additional_styles: additional_styles)
+    end
+
+    def h2(text, icon: "", additional_styles: "")
+      render HeadingComponent.new(text: text, level: 2, icon: icon, additional_styles: additional_styles)
+    end
+
+    def h3(text, icon: "", additional_styles: "")
+      render HeadingComponent.new(text: text, level: 3, icon: icon, additional_styles: additional_styles)
+    end
+  end
+end

data/app/javascript/base.js

@@ -0,0 +1,37 @@
+import { Application as PandaCmsApplication } from "@hotwired/stimulus";
+
+const panda_cms = PandaCmsApplication.start();
+
+// Configure Stimulus development experience
+panda_cms.debug = location.hostname === "localhost";
+window.pandaStimulus = panda_cms;
+
+export { panda_cms };
+
+// Eager load all controllers defined in the import map under controllers/**/*_controller
+import { eagerLoadControllersFrom } from "@hotwired/stimulus-loading";
+eagerLoadControllersFrom("panda_cms/controllers", panda_cms);
+
+import {
+  Alert,
+  Autosave,
+  ColorPreview,
+  Dropdown,
+  Modal,
+  Tabs,
+  Popover,
+  Toggle,
+  Slideover,
+} from "panda_cms/vendor/tailwindcss-stimulus-components";
+panda_cms.register("alert", Alert);
+panda_cms.register("autosave", Autosave);
+panda_cms.register("color-preview", ColorPreview);
+panda_cms.register("dropdown", Dropdown);
+panda_cms.register("modal", Modal);
+panda_cms.register("popover", Popover);
+panda_cms.register("slideover", Slideover);
+panda_cms.register("tabs", Tabs);
+panda_cms.register("toggle", Toggle);
+
+import RailsNestedForm from "panda_cms/vendor/stimulus-components-rails-nested-form";
+panda_cms.register("nested-form", RailsNestedForm);

data/app/javascript/controllers/menu_controller.js

@@ -0,0 +1,19 @@
+import { Controller as PandaCmsController } from "@hotwired/stimulus"
+
+export default class extends PandaCmsController {
+  static targets = ["pandaCmsMenu"]
+  static values = {
+    open: { type: Boolean, default: false }
+  }
+
+  toggle(event) {
+    this.openValue = !this.openValue
+    this.animate()
+  }
+
+  animate() {
+    this.toggleableTargets.forEach(target => {
+      transition(target, this.openValue)
+    })
+  }
+}