propel_api 0.1.1

data/lib/generators/propel_api/resource/resource_generator.rb

@@ -0,0 +1,433 @@
+require_relative '../core/relationship_inferrer'
+require_relative '../core/named_base'
+
+module PropelApi
+  class ResourceGenerator < PropelApi::NamedBase
+    source_root File.expand_path("../templates", __dir__)
+  
+  desc <<~DESC
+    Generate a complete API resource with model, migration, controller, and routes
+    
+    ASSOCIATION EXAMPLES:
+    
+    Standard belongs_to/has_many (automatic):
+      rails generate propel_api Article title:string user:references category:references
+      → Article belongs_to :user, :category
+      → User/Category has_many :articles, dependent: :destroy
+    
+         Polymorphic associations:
+       rails generate propel_api Comment content:text commentable:references
+       → Comment belongs_to :commentable, polymorphic: true
+       
+       rails generate propel_api Attachment name:string resource_parent:references  
+       → Attachment belongs_to :resource, polymorphic: true
+    
+         
+    
+    Skip associations entirely:
+      rails generate propel_api Article title:string user:references --skip-associations
+      → No associations generated (manual setup required)
+  DESC
+  
+  argument :attributes, type: :array, default: [], banner: "field:type field:type"
+  
+  class_option :skip_associations,
+               type: :boolean,
+               desc: "Skip automatic association generation"
+               
+  class_option :skip_tenancy,
+               type: :boolean,
+               desc: "Skip multi-tenancy foundation (organization and agency)"
+
+  def create_migration
+    initialize_propel_api_settings
+    
+    if behavior == :revoke
+      # Find the migration file
+      migration_files = Dir[File.join(destination_root, "db/migrate/*_create_#{table_name}.rb")]
+      
+      if migration_files.any?
+        migration_file = migration_files.first
+        migration_version = File.basename(migration_file).split('_').first
+        
+        # Check if migration was executed
+        if migration_was_executed?(migration_version)
+          say "\n" + "="*80, :red
+          say "⚠️  MIGRATION ALREADY EXECUTED!", :red
+          say "="*80, :red
+          say "\n📋 Migration #{migration_version} (create_#{table_name}) has been executed.", :yellow
+          say "\n🚨 Rails does not automatically rollback migrations for safety reasons.", :yellow
+          say "\n✅ To safely destroy this resource:", :green
+          say "   1. First rollback: rails db:rollback", :green
+          say "   2. Then destroy:   rails destroy propel_api #{class_name}", :green
+          say "\n💡 Alternative approaches:", :cyan
+          say "   • Check migration status: rails db:migrate:status"
+          say "   • Rollback specific:     rails db:migrate:down VERSION=#{migration_version}"
+          say "\n" + "="*80, :red
+          raise Thor::Error, "Please rollback the migration first, then re-run destroy command."
+        else
+          # Migration not executed, check if safe to delete
+          if safe_to_delete_migration?(migration_version)
+            say "Removing migration: #{File.basename(migration_file)}", :red
+            File.delete(migration_file)
+          else
+            say "\n" + "="*80, :yellow
+            say "⚠️  MIGRATION CLEANUP REQUIRED", :yellow
+            say "="*80, :yellow
+            say "\n📋 Found unexecuted migration: #{File.basename(migration_file)}", :cyan
+            say "\n🚨 Cannot auto-delete due to intervening migrations.", :yellow
+            say "💡 Please manually remove when safe:", :green
+            say "   rm #{migration_file}"
+            say "\n" + "="*80, :yellow
+          end
+        end
+      else
+        say "No migration file found for #{table_name}", :yellow
+      end
+    else
+      generate :migration, "create_#{table_name}", *migration_attributes
+      # Post-process migration to make non-organization references nullable
+      update_migration_constraints
+    end
+  end
+
+  def create_model
+    initialize_propel_api_settings
+    
+    # Initialize relationship inferrer for templates
+    @relationship_inferrer = RelationshipInferrer.new(class_name, attributes, { 
+      skip_associations: options[:skip_associations]
+    })
+    
+    # Validate attributes if not using --all_attributes and model already exists
+    if File.exist?(File.join(destination_root, "app/models/#{file_name}.rb"))
+      validate_attributes_exist
+    end
+    
+    case @adapter
+    when 'propel_facets'
+      template "scaffold/facet_model_template.rb.tt", "app/models/#{file_name}.rb"
+    when 'graphiti'
+      template "scaffold/graphiti_model_template.rb.tt", "app/models/#{file_name}.rb"
+    else
+      raise "Unknown adapter: #{@adapter}. Run 'rails generate propel_api:install' first."
+    end
+  end
+
+  def create_controller
+    # Use shared method from Base class
+    create_propel_controller
+  end
+
+  def create_routes
+    # Use shared method from Base class  
+    create_propel_routes
+  end
+
+  def create_tests
+    # Use shared method from Base class with all test types
+    create_propel_tests(test_types: [:model, :controller, :integration, :fixtures])
+  end
+
+  def create_seeds
+    if behavior == :revoke
+      # Remove seeds file when destroying
+      seeds_file_path = "db/seeds/#{table_name}_seeds.rb"
+      full_seeds_path = File.join(destination_root, seeds_file_path)
+      if File.exist?(full_seeds_path)
+        File.delete(full_seeds_path)
+        say "Removed seeds file: #{seeds_file_path}", :red
+      end
+      
+      # Remove require from main seeds file
+      seeds_file = File.join(destination_root, "db/seeds.rb")
+      seeds_require = "require_relative 'seeds/#{table_name}_seeds'"
+      
+      if File.exist?(seeds_file)
+        seeds_content = File.read(seeds_file)
+        if seeds_content.include?(seeds_require)
+          updated_content = seeds_content.dup
+          
+          # Try multiple patterns to remove the require and any associated comment
+          patterns_to_try = [
+            # Pattern 1: Comment above the require
+            /\n# #{class_name} seeds\n#{Regexp.escape(seeds_require)}\n?/,
+            # Pattern 2: Comment with different casing
+            /\n# #{class_name.downcase} seeds\n#{Regexp.escape(seeds_require)}\n?/,
+            # Pattern 3: Just the require line with newlines
+            /\n#{Regexp.escape(seeds_require)}\n/,
+            # Pattern 4: Just the require line at start of line
+            /^#{Regexp.escape(seeds_require)}\n/,
+            # Pattern 5: Just the require line without trailing newline
+            /#{Regexp.escape(seeds_require)}/
+          ]
+          
+          removed = false
+          patterns_to_try.each do |pattern|
+            if updated_content.match?(pattern)
+              updated_content = updated_content.gsub(pattern, '')
+              removed = true
+              break
+            end
+          end
+          
+          if removed
+            # Clean up any double newlines that might result
+            updated_content = updated_content.gsub(/\n\n+/, "\n\n")
+            # Remove leading/trailing whitespace
+            updated_content = updated_content.strip + "\n" if updated_content.strip.present?
+            
+          File.write(seeds_file, updated_content)
+            say "Removed require statement from db/seeds.rb", :red
+          else
+            say "Could not automatically remove require statement from db/seeds.rb", :yellow
+          end
+        end
+      end
+    else
+      initialize_propel_api_settings
+      
+      # Generate seeds file
+      template "seeds/seeds_template.rb.tt", "db/seeds/#{table_name}_seeds.rb"
+      
+      # Add require to main seeds file
+      seeds_file = File.join(destination_root, "db/seeds.rb")
+      seeds_require = "require_relative 'seeds/#{table_name}_seeds'"
+      
+      if File.exist?(seeds_file)
+        seeds_content = File.read(seeds_file)
+        unless seeds_content.include?(seeds_require)
+          append_to_file "db/seeds.rb", "\n# #{class_name} seeds\n#{seeds_require}\n"
+        end
+      else
+        create_file "db/seeds.rb", "#{seeds_require}\n"
+      end
+    end
+  end
+
+  def show_completion_message
+    # Use shared completion message framework from Base class
+    generated_files = [
+      "📄 Model: app/models/#{file_name}.rb",
+      "🎮 Controller: app/controllers/#{controller_path}/#{controller_file_name}.rb",
+      "🗄️  Migration: db/migrate/*_create_#{table_name}.rb",
+      "🌱 Seeds: db/seeds/#{table_name}_seeds.rb",
+      "🧪 Model Tests: test/models/#{file_name}_test.rb",
+      "🧪 Controller Tests: test/controllers/#{controller_path}/#{controller_file_name}_test.rb",
+      "🧪 Integration Tests: test/integration/#{file_name}_api_test.rb",
+      "📋 Test Fixtures: test/fixtures/#{table_name}.yml"
+    ]
+    
+    # Add Graphiti resource if using graphiti adapter
+    if @adapter == 'graphiti'
+      generated_files << "📊 Graphiti Resource: app/resources/#{file_name}_resource.rb"
+    end
+    
+    next_steps = [
+      "Run migration: rails db:migrate",
+      "Generate test data: rails db:seed",
+      "Run tests: rails test test/models/#{file_name}_test.rb",
+      "Run all tests: rails test",
+      "Test your API: GET #{api_route_path}"
+    ]
+    
+    if @adapter == 'propel_facets'
+      next_steps << "Customize facets in: app/models/#{file_name}.rb"
+    end
+    
+    show_propel_completion_message(
+      resource_type: "Resource",
+      generated_files: generated_files,
+      next_steps: next_steps
+    )
+  end
+
+  private
+
+  def relationship_inferrer
+    @relationship_inferrer
+  end
+
+  # Override Base class method to enable Graphiti resource generation for main generator
+  def should_generate_graphiti_resource?
+    true
+  end
+
+  def route_name
+    file_name.pluralize
+  end
+
+  def migration_attributes
+    # Always include organization (required) and agency (optional) for multi-tenancy
+    # unless --skip-tenancy flag is used
+    if options[:skip_tenancy]
+      # Only include what the developer explicitly specified
+      attributes.map { |attr| "#{attr.name}:#{attr.type}" }
+    else
+      # Include multi-tenancy foundation by default
+      standard_attributes = ["organization:references", "agency:references"]
+      
+      # Add user-specified attributes, but skip organization and agency if they're already specified
+      user_attributes = attributes.map { |attr| "#{attr.name}:#{attr.type}" }
+      user_attributes.reject! { |attr| attr.start_with?("organization:") || attr.start_with?("agency:") }
+      
+      # Combine standard and user attributes
+      standard_attributes + user_attributes
+    end
+  end
+
+  def permitted_param_names
+    if options[:skip_tenancy]
+      # Only include what the developer explicitly specified
+      attributes.map do |attr|
+        # Convert references to foreign key names for permitted params
+        # e.g., organization:references becomes organization_id
+        if attr.type == :references
+          "#{attr.name}_id"
+        else
+          attr.name
+        end
+      end
+    else
+      # Always include organization_id (required) and agency_id (optional) for multi-tenancy
+      standard_params = ["organization_id", "agency_id"]
+      
+      # Add user-specified attributes, but skip organization and agency if they're already specified
+      user_params = attributes.map do |attr|
+        # Convert references to foreign key names for permitted params
+        # e.g., organization:references becomes organization_id
+        if attr.type == :references
+          "#{attr.name}_id"
+        else
+          attr.name
+        end
+      end
+      user_params.reject! { |param| param == "organization_id" || param == "agency_id" }
+      
+      # Combine standard and user params
+      standard_params + user_params
+    end
+  end
+
+  def namespaced?
+    false
+  end
+
+  def module_namespacing(&block)
+    yield
+  end
+
+  def api_namespaced?
+    @api_namespace.present? || @api_version.present?
+  end
+
+  def route_url
+    api_route_path
+  end
+
+  def orm_class
+    @orm_class ||= begin
+      # Simple ORM class mock for template compatibility
+      Class.new do
+        def self.all(class_name)
+          class_name.constantize.all
+        end
+
+        def self.build(class_name, params_method)
+          "#{class_name}.new(#{params_method})"
+        end
+
+        def self.find(class_name, finder)
+          "#{class_name}.find(#{finder})"
+        end
+      end.new
+    end
+  end
+
+  def migration_was_executed?(migration_version)
+    return false unless defined?(ActiveRecord::Base)
+    
+    begin
+      # Ensure database connection exists
+      ActiveRecord::Base.connection
+      
+      # Check if schema_migrations table exists (might not in fresh apps)
+      return false unless ActiveRecord::Base.connection.table_exists?('schema_migrations')
+      
+      # Query for the specific migration version
+      result = ActiveRecord::Base.connection.execute(
+        "SELECT version FROM schema_migrations WHERE version = '#{migration_version}'"
+      )
+      
+      # Check if we found the migration (different adapters return different result types)
+      case result
+      when Array
+        result.any?
+      else
+        result.to_a.any?
+      end
+      
+    rescue => e
+      # If any error occurs (database not connected, etc.), assume safe to delete
+      say "Warning: Could not check migration status (#{e.message})", :yellow
+      false
+    end
+  end
+
+  def migration_timestamp
+    Time.current.utc.strftime("%Y%m%d%H%M%S")
+  end
+
+  def update_migration_constraints
+    # Find the most recent migration file for this table
+    migration_files = Dir[File.join(destination_root, "db/migrate/*_create_#{table_name}.rb")]
+    return unless migration_files.any?
+    
+    migration_file = migration_files.sort.last
+    content = File.read(migration_file)
+    
+    # Update references to be nullable except for organization
+    # organization:references should remain: null: false, foreign_key: true
+    # All other references should become: null: true, foreign_key: true
+    updated_content = content.gsub(/t\.references :(\w+), null: false, foreign_key: true/) do |match|
+      reference_name = $1
+      if reference_name == 'organization'
+        match  # Keep organization as required (null: false)
+      else
+        "t.references :#{reference_name}, null: true, foreign_key: true"
+      end
+    end
+    
+    # Write the updated migration back to file
+    File.write(migration_file, updated_content)
+  end
+
+  def safe_to_delete_migration?(migration_version)
+    # Get all migration files in the migrate directory
+    all_migrations = Dir[File.join(destination_root, "db/migrate/*.rb")]
+    
+    # Extract just the timestamp versions from all migrations
+    all_versions = all_migrations.map do |file|
+      File.basename(file).split('_').first
+    end
+    
+    # Check if any migrations have timestamps newer than our migration
+    newer_migrations = all_versions.select { |version| version > migration_version }
+    
+    if newer_migrations.any?
+      # Check if any of the newer migrations have been executed
+      newer_executed = newer_migrations.any? { |version| migration_was_executed?(version) }
+      
+      if newer_executed
+        # There are newer migrations that have been executed - unsafe to delete
+        return false
+      end
+    end
+    
+    # Safe to delete if:
+    # 1. No newer migrations exist, OR
+    # 2. Newer migrations exist but none have been executed
+    true
+  end
+  end
+end

data/lib/generators/propel_api/templates/config/propel_api.rb.tt

@@ -0,0 +1,149 @@
+# PropelApi Configuration
+# This file was generated by: rails generate propel_api:install
+# 
+# These settings control the default behavior for PropelApi generators.
+# You can override these defaults when running generators with command line options.
+
+module PropelApi
+  class Configuration
+    attr_accessor :adapter, :namespace, :version
+    attr_reader :attribute_filter
+    
+    def initialize
+      # Default configuration values
+      @adapter = 'propel_facets'    # Default serialization adapter
+      @namespace = 'api'         # Default API namespace
+      @version = 'v1'           # Default API version
+      
+      # Initialize the configurable attribute filter
+      @attribute_filter = PropelApi::AttributeFilter.new
+    end
+  end
+  
+  # Centralized, configurable attribute filtering service
+  # This is used by both templates and introspection to ensure consistency
+  class AttributeFilter
+    attr_accessor :sensitive_patterns, :excluded_patterns, :large_content_patterns
+    
+    def initialize
+      # Security-sensitive field patterns
+      @sensitive_patterns = [
+        /(password|digest|token|secret|key|salt|encrypted|confirmation|unlock|reset|api_key|access_token|refresh_token)/i,
+        /\A(ssn|social_security|credit_card|cvv|pin|tax_id)\z/i
+      ]
+      
+      # System/internal field patterns  
+      @excluded_patterns = [
+        /\A(id|created_at|updated_at|deleted_at)\z/i,
+        /\A(password_digest|reset_password_token|confirmation_token|unlock_token|remember_token)\z/i,
+        /\A.*(_blob|_data|_binary)$/i
+      ]
+      
+      # Large content field patterns (usually not suitable for permitted params)
+      @large_content_patterns = [
+        /\A(description|content|body|notes|comment|bio|about|summary|text|html|markdown)\z/i
+      ]
+    end
+    
+    # Check if an attribute should be excluded from permitted params
+    def exclude_from_permitted_params?(attribute_name, attribute_type = nil)
+      attr_str = attribute_name.to_s
+      
+      # Check all pattern categories
+      sensitive_patterns.any? { |pattern| pattern.match?(attr_str) } ||
+      excluded_patterns.any? { |pattern| pattern.match?(attr_str) } ||
+      large_content_patterns.any? { |pattern| pattern.match?(attr_str) } ||
+      (attribute_type == :binary)
+    end
+    
+    # Check if an attribute should be included in short facets (for templates)
+    def include_in_short_facet?(attribute_name, attribute_type)
+      return false if exclude_from_permitted_params?(attribute_name, attribute_type)
+      
+      attr_str = attribute_name.to_s
+      
+      # Include common identifying fields
+      identifying_fields = %w[name title label slug username email status state active published visible enabled]
+      simple_types = [:string, :integer, :boolean, :decimal, :float]
+      
+      # Must be identifying field OR (simple type AND short name)
+      identifying_fields.include?(attr_str) || 
+      (simple_types.include?(attribute_type) && attr_str.length < 20)
+    end
+    
+    # Check if an attribute should be included in details facets (for templates)  
+    def include_in_details_facet?(attribute_name, attribute_type)
+      !exclude_from_permitted_params?(attribute_name, attribute_type)
+    end
+    
+    # Helper methods for easy customization
+    def add_sensitive_pattern(pattern)
+      @sensitive_patterns << pattern
+    end
+    
+    def add_excluded_pattern(pattern)
+      @excluded_patterns << pattern
+    end
+    
+    def add_large_content_pattern(pattern)
+      @large_content_patterns << pattern
+    end
+    
+    # Get a summary of what's being filtered (for debugging/documentation)
+    def filtering_summary
+      {
+        sensitive_patterns: @sensitive_patterns.map(&:source),
+        excluded_patterns: @excluded_patterns.map(&:source),
+        large_content_patterns: @large_content_patterns.map(&:source)
+      }
+    end
+  end
+
+  # Class methods for configuration access
+  class << self
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def configure
+      yield(configuration)
+    end
+
+    def reset_configuration!
+      @configuration = Configuration.new
+    end
+    
+    # Convenience method for accessing the filter
+    def attribute_filter
+      configuration.attribute_filter
+    end
+  end
+end
+
+# Configure PropelApi with the options selected during installation
+PropelApi.configure do |config|
+  # Serialization adapter: 'propel_facets' or 'graphiti'
+  config.adapter = '<%= @adapter %>'
+  
+  # API namespace: 'api', 'admin_api', etc. or nil for no namespace
+  config.namespace = <%= @api_namespace ? "'#{@api_namespace}'" : 'nil' %>
+  
+  # API version: 'v1', 'v2', etc. or nil for no versioning
+  config.version = <%= @api_version ? "'#{@api_version}'" : 'nil' %>
+  
+  # Customize attribute filtering for your project's naming conventions
+  # Examples:
+  # 
+  # Add custom sensitive patterns:
+  # config.attribute_filter.add_sensitive_pattern(/private_.*/)
+  # config.attribute_filter.add_sensitive_pattern(/\A.*_secret\z/i)
+  # 
+  # Add custom excluded patterns:
+  # config.attribute_filter.add_excluded_pattern(/\A(audit_|legacy_).*/)
+  # 
+  # Add custom large content patterns:  
+  # config.attribute_filter.add_large_content_pattern(/\A.*_(text|html|json)\z/i)
+  #
+  # View current filtering rules:
+  # puts PropelApi.attribute_filter.filtering_summary
+end 

data/lib/generators/propel_api/templates/controllers/api_controller_graphiti.rb

@@ -0,0 +1,79 @@
+class <%= api_controller_class_name %> < ApplicationController
+  include Graphiti::Rails
+  include Graphiti::Responders
+  include PropelAuthentication
+
+  before_action :authenticate_user
+
+  # Graphiti handles CRUD operations through resources automatically
+  # Individual controllers should define their resource class like:
+  #   class UsersController < <%= api_controller_class_name %>
+  #     self.resource = UserResource
+  #   end
+  #
+  # Resources should be created using:
+  #   rails generate graphiti:resource User
+  
+  def index
+    resources = resource.all(params)
+    respond_with(resources)
+  end
+
+  def show  
+    resource_instance = resource.find(params)
+    respond_with(resource_instance)
+  end
+
+  def create
+    resource_instance = resource.build(params)
+    
+    if resource_instance.save
+      respond_with(resource_instance, status: :created)
+    else
+      respond_with(resource_instance.errors, status: :unprocessable_entity)
+    end
+  end
+
+  def update
+    resource_instance = resource.find(params)
+    
+    if resource_instance.update_attributes
+      respond_with(resource_instance)
+    else
+      respond_with(resource_instance.errors, status: :unprocessable_entity)
+    end
+  end
+
+  def destroy
+    resource_instance = resource.find(params)
+    resource_instance.destroy
+    
+    respond_with(resource_instance)
+  end
+
+  private
+
+  # Override in subclasses to specify the Graphiti resource class
+  # Example:
+  #   def resource
+  #     UserResource
+  #   end
+  def resource
+    @resource ||= infer_resource_class.new
+  end
+
+  # Auto-infer resource class from controller name
+  # e.g., UsersController -> UserResource
+  def infer_resource_class
+    resource_class_name = "#{controller_name.classify}Resource"
+    resource_class_name.constantize
+  
+    raise "#{resource_class_name} not found. Please create it using: rails generate graphiti:resource #{controller_name.classify}"
+  end
+
+  # Graphiti handles parameter filtering through resources automatically
+  # No need for manual strong parameters - resources define allowed attributes
+  # Define attributes in your resource files:
+  #   attribute :name, :string
+  #   attribute :email, :string
+end