RubyGems - proxes - Versions diffs - 0.1.0 - Mend

proxes 0.1.0

Files changed (101) hide show

checksums.yaml +7 -0
data/.codeclimate.yml +24 -0
data/.gitignore +13 -0
data/.rspec +2 -0
data/.rubocop.yml +12 -0
data/.ruby-version +1 -0
data/.travis.yml +18 -0
data/Gemfile +4 -0
data/Gemfile.ci +15 -0
data/Gemfile.dev +10 -0
data/Gemfile.dev.lock +155 -0
data/LICENSE.txt +8 -0
data/README.md +83 -0
data/Rakefile +9 -0
data/Vagrantfile +46 -0
data/bin/console +15 -0
data/bin/setup +8 -0
data/config.ru +64 -0
data/config/logger.yml +3 -0
data/gulpfile.js +80 -0
data/lib/proxes.rb +3 -0
data/lib/proxes/app.rb +48 -0
data/lib/proxes/controllers/application.rb +53 -0
data/lib/proxes/controllers/audit_logs.rb +34 -0
data/lib/proxes/controllers/auth_identity.rb +21 -0
data/lib/proxes/controllers/component.rb +108 -0
data/lib/proxes/controllers/permissions.rb +10 -0
data/lib/proxes/controllers/roles.rb +10 -0
data/lib/proxes/controllers/users.rb +119 -0
data/lib/proxes/db.rb +17 -0
data/lib/proxes/helpers/authentication.rb +45 -0
data/lib/proxes/helpers/component.rb +40 -0
data/lib/proxes/helpers/indices.rb +16 -0
data/lib/proxes/helpers/pundit.rb +39 -0
data/lib/proxes/helpers/views.rb +41 -0
data/lib/proxes/loggers/elasticsearch.rb +9 -0
data/lib/proxes/models/audit_log.rb +12 -0
data/lib/proxes/models/identity.rb +67 -0
data/lib/proxes/models/permission.rb +17 -0
data/lib/proxes/models/role.rb +14 -0
data/lib/proxes/models/user.rb +57 -0
data/lib/proxes/policies/application_policy.rb +20 -0
data/lib/proxes/policies/audit_log_policy.rb +40 -0
data/lib/proxes/policies/identity_policy.rb +24 -0
data/lib/proxes/policies/permission_policy.rb +40 -0
data/lib/proxes/policies/request/root_policy.rb +12 -0
data/lib/proxes/policies/request/search_policy.rb +15 -0
data/lib/proxes/policies/request/snapshot_policy.rb +12 -0
data/lib/proxes/policies/request/stats_policy.rb +15 -0
data/lib/proxes/policies/request_policy.rb +69 -0
data/lib/proxes/policies/role_policy.rb +40 -0
data/lib/proxes/policies/token_policy.rb +46 -0
data/lib/proxes/policies/user_policy.rb +46 -0
data/lib/proxes/rake_tasks.rb +59 -0
data/lib/proxes/request.rb +51 -0
data/lib/proxes/request/root.rb +10 -0
data/lib/proxes/request/search.rb +37 -0
data/lib/proxes/request/snapshot.rb +16 -0
data/lib/proxes/request/stats.rb +30 -0
data/lib/proxes/security.rb +59 -0
data/lib/proxes/seed.rb +10 -0
data/lib/proxes/services/logger.rb +50 -0
data/lib/proxes/version.rb +4 -0
data/migrate/001_tables.rb +47 -0
data/migrate/002_audit_log.rb +11 -0
data/package.json +34 -0
data/proxes.gemspec +44 -0
data/public/js/bundle.js +28988 -0
data/src/scripts/app.js +10 -0
data/views/404.haml +1 -0
data/views/audit_logs/index.haml +18 -0
data/views/error.haml +4 -0
data/views/getting_started.haml +16 -0
data/views/identity/login.haml +19 -0
data/views/identity/register.haml +17 -0
data/views/index.haml +3 -0
data/views/layout.haml +48 -0
data/views/partials/delete_form.haml +4 -0
data/views/partials/form_control.haml +21 -0
data/views/partials/navbar.haml +25 -0
data/views/partials/notifications.haml +24 -0
data/views/partials/pager.haml +19 -0
data/views/partials/sidebar.haml +32 -0
data/views/permissions/display.haml +24 -0
data/views/permissions/edit.haml +11 -0
data/views/permissions/form.haml +3 -0
data/views/permissions/index.haml +14 -0
data/views/permissions/new.haml +10 -0
data/views/roles/display.haml +33 -0
data/views/roles/edit.haml +11 -0
data/views/roles/form.haml +1 -0
data/views/roles/index.haml +17 -0
data/views/roles/new.haml +10 -0
data/views/users/display.haml +32 -0
data/views/users/edit.haml +11 -0
data/views/users/identity.haml +3 -0
data/views/users/index.haml +20 -0
data/views/users/new.haml +11 -0
data/views/users/profile.haml +37 -0
data/views/users/user.haml +3 -0
metadata +424 -0

data/lib/proxes/controllers/roles.rb ADDED

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+require 'proxes/controllers/component'
+require 'proxes/models/role'
+require 'proxes/policies/role_policy'
+module ProxES
+  class Roles < Component
+    set model_class: ProxES::Role
+  end
+end

data/lib/proxes/controllers/users.rb ADDED

@@ -0,0 +1,119 @@
+# frozen_string_literal: true
+require 'proxes/controllers/component'
+require 'proxes/models/user'
+require 'proxes/policies/user_policy'
+require 'proxes/models/identity'
+require 'proxes/policies/identity_policy'
+module ProxES
+  class Users < Component
+    set model_class: ProxES::User
+    # New
+    get '/new' do
+      authorize settings.model_class, :create
+      locals = {
+        title: heading(:new),
+        entity: ProxES::User.new,
+        identity: ProxES::Identity.new
+      }
+      haml :"#{view_location}/new", locals: locals, layout_opts: { locals: locals }
+    end
+    # Create
+    post '/' do
+      authorize settings.model_class, :create
+      locals = { title: heading(:new) }
+      user_params = permitted_attributes(User, :create)
+      identity_params = permitted_attributes(Identity, :create)
+      user_params['email'] = identity_params['username']
+      roles = user_params.delete('role_id')
+      user     = locals[:user]     = User.new(user_params)
+      identity = locals[:identity] = Identity.new(identity_params)
+      if identity.valid? && user.valid?
+        DB.transaction(isolation: :serializable) do
+          identity.save
+          user.save
+          user.add_identity identity
+          roles.each do |role_id|
+            user.add_role(role_id) unless user.roles.map(&:id).include? role_id.to_i
+          end if roles
+          user.check_roles
+        end
+        flash[:success] = 'User created'
+        redirect "/_proxes/users/#{user.id}"
+      else
+        flash.now[:danger] = 'Could not create the user'
+        locals[:entity] = user
+        locals[:identity] = identity
+        haml :"#{view_location}/new", locals: locals
+      end
+    end
+    # Update
+    put '/:id' do |id|
+      entity = dataset[id.to_i]
+      halt 404 unless entity
+      authorize entity, :update
+      values = permitted_attributes(settings.model_class, :update)
+      roles  = values.delete('role_id')
+      entity.set values
+      if entity.valid? && entity.save
+        entity.remove_all_roles
+        roles.each { |role_id| entity.add_role(role_id) } if roles
+        entity.check_roles
+        flash[:success] = "#{heading} Updated"
+        redirect "/_proxes/users/#{entity.id}"
+      else
+        haml :"#{view_location}/edit", locals: { entity: entity, title: heading(:edit) }
+      end
+    end
+    put '/:id/identity' do |id|
+      entity = dataset[id.to_i]
+      halt 404 unless entity
+      authorize entity, :update
+      identity = entity.identity.first
+      values = permitted_attributes(Identity, :create)
+      identity.set values
+      if identity.valid? && identity.save
+        flash[:success] = "Password Updated"
+        redirect '/_proxes/users/profile'
+      else
+        haml :"#{view_location}/profile", locals: { entity: entity, identity: identity, title: heading }
+      end
+    end
+    # Delete
+    delete '/:id' do |id|
+      entity = dataset[id.to_i]
+      halt 404 unless entity
+      authorize entity, :delete
+      entity.remove_all_identity
+      entity.remove_all_roles
+      entity.destroy
+      flash[:success] = "#{heading} Deleted"
+      redirect '/_proxes/users'
+    end
+    # Profile
+    get '/profile' do
+      entity = current_user
+      halt 404 unless entity
+      authorize entity, :read
+      haml :"#{view_location}/profile", locals: { entity: entity, identity: entity.identity.first, title: 'My Account' }
+    end
+  end
+end

data/lib/proxes/db.rb ADDED

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+require 'sequel'
+require 'proxes/services/logger'
+# Delete DATABASE_URL from the environment, so it isn't accidently
+# passed to subprocesses.  DATABASE_URL may contain passwords.
+DB = Sequel.connect(ENV['RACK_ENV'] == 'production' ? ENV.delete('DATABASE_URL') : ENV['DATABASE_URL'])
+DB.loggers <<  ProxES::Services::Logger.instance
+DB.extension(:pagination)
+Sequel::Model.plugin :auto_validations
+Sequel::Model.plugin :update_or_create
+# Sequel::Model.plugin :prepared_statements
+# Sequel::Model.plugin :prepared_statements_associations
+Sequel::Model.plugin :timestamps, update_on_create: true

data/lib/proxes/helpers/authentication.rb ADDED

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+module ProxES
+  module Helpers
+    module Authentication
+      def current_user
+        return nil unless env['rack.session'] && env['rack.session']['user_id']
+        @user ||= User[env['rack.session']['user_id']]
+      end
+      def current_user=(user)
+        env['rack.session']['user_id'] = user.id
+      end
+      def authenticate
+        authenticated?
+      end
+      def authenticated?
+        !env['rack.session']['user_id'].nil?
+      end
+      def authenticate!
+        raise NotAuthenticated unless env['rack.session']['user_id']
+        true
+      end
+      def logout
+        env['rack.session'].delete('user_id')
+      end
+      def check_basic
+        auth = Rack::Auth::Basic::Request.new(env)
+        return unless auth.provided?
+        return unless auth.basic?
+        identity = ProxES::Identity.find(username: auth.credentials[0])
+        raise NotAuthenticated unless identity
+        self.current_user = identity.user if identity.authenticate(auth.credentials[1])
+      end
+    end
+    class NotAuthenticated < StandardError
+    end
+  end
+end

data/lib/proxes/helpers/component.rb ADDED

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+require 'active_support'
+require 'active_support/inflector'
+module ProxES
+  module Helpers
+    module Component
+      def dataset
+        policy_scope(settings.model_class)
+      end
+      def list
+        params['count'] ||= 10
+        params['page'] ||= 1
+        dataset.select.paginate(params['page'].to_i, params['count'].to_i)
+      end
+      def heading(action = nil)
+        @headings ||= begin
+          heading = ActiveSupport::Inflector.demodulize settings.model_class
+          h = Hash.new(heading)
+          h[:new] = "New #{heading}"
+          h[:list] = ActiveSupport::Inflector.pluralize heading
+          h[:edit] = "Edit #{heading}"
+          h
+        end
+        @headings[action]
+      end
+      def base_path
+        settings.base_path || "/_proxes/#{heading(:list).downcase}"
+      end
+      def view_location
+        settings.view_location || heading(:list).underscore.to_s
+      end
+    end
+  end
+end

data/lib/proxes/helpers/indices.rb ADDED

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+module ProxES
+  module Helpers
+    module Indices
+      def filter(asked, against)
+        return against.map { |a| a.gsub(%r{\.\*}, '*') } if asked == ['*'] || asked == []
+        answer = []
+        against.each do |pattern|
+          answer.concat asked.select { |idx| idx =~ %r{#{pattern}} }
+        end
+        answer
+      end
+    end
+  end
+end

data/lib/proxes/helpers/pundit.rb ADDED

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+require 'pundit'
+require 'proxes/request'
+module ProxES
+  module Helpers
+    module Pundit
+      include ::Pundit
+      def authorize(record, query = nil)
+        if record.is_a?(::ProxES::Request)
+          query = record.request_method.downcase
+        elsif query.nil?
+          raise ArgumentError, 'Pundit cannot determine the query'
+        end
+        query = :"#{query}?" unless query[-1] == '?'
+        super
+      end
+      def permitted_attributes(record, action)
+        param_key = PolicyFinder.new(record).param_key
+        policy = policy(record)
+        method_name = if policy.respond_to?("permitted_attributes_for_#{action}")
+                        "permitted_attributes_for_#{action}"
+                      else
+                        'permitted_attributes'
+                      end
+        request.params.fetch(param_key, {}).select do |key, _value|
+          policy.public_send(method_name).include? key.to_sym
+        end
+      end
+      def pundit_user
+        current_user
+      end
+    end
+  end
+end

data/lib/proxes/helpers/views.rb ADDED

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+module ProxES
+  module Helpers
+    module Views
+      def form_control(name, model, opts = {})
+        label = opts.delete(:label) || name.to_s.titlecase
+        klass = opts.delete(:class) || 'form-control' unless opts[:type] == 'file'
+        group = opts.delete(:group) || model.class.to_s.demodulize.underscore
+        field = opts.delete(:field) || name
+        attributes = { type: 'text', id: name, name: "#{group}[#{name}]", class: klass }.merge(opts)
+        locals = { model: model, label: label, attributes: attributes, name: name, group: group, field: field }
+        haml :'partials/form_control', locals: locals
+      end
+      def flash_messages(key = :flash)
+        return '' if flash(key).empty?
+        id = (key == :flash ? 'flash' : "flash_#{key}")
+        messages = flash(key).collect do |message|
+          "  <div class='alert alert-#{message[0]} alert-dismissable' role='alert'>#{message[1]}</div>\n"
+        end
+        "<div id='#{id}'>\n" + messages.join + '</div>'
+      end
+      def delete_form(entity, label = 'Delete')
+        locals = { delete_label: label, entity: entity }
+        haml :'partials/delete_form', locals: locals
+      end
+      def pagination(list, base_path)
+        locals = {
+          next_link: list.last_page? ? '#' : "#{base_path}?page=#{list.next_page}&count=#{list.page_size}",
+          prev_link: list.first_page? ? '#' : "#{base_path}?page=#{list.prev_page}&count=#{list.page_size}",
+          base_path: base_path,
+          list: list
+        }
+        haml :'partials/pager', locals: locals
+      end
+    end
+  end
+end

data/lib/proxes/loggers/elasticsearch.rb ADDED

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+require 'logger'
+module ProxES
+  module Loggers
+    class Elasticsearch < ::Logger
+    end
+  end
+end

data/lib/proxes/models/audit_log.rb ADDED

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+require 'sequel'
+module ProxES
+  class AuditLog < Sequel::Model
+    many_to_one :user
+    def validate
+      validates_presence [:user_id, :action]
+    end
+  end
+end

data/lib/proxes/models/identity.rb ADDED

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+require 'sequel'
+require 'omniauth-identity'
+require 'active_support'
+require 'active_support/core_ext/object/blank'
+module ProxES
+  class Identity < Sequel::Model
+    many_to_one :user
+    attr_accessor :password, :password_confirmation
+    # OmniAuth Related
+    include OmniAuth::Identity::Model
+    def self.locate(conditions)
+      where(conditions).first
+    end
+    def authenticate(unencrypted)
+      self if ::BCrypt::Password.new(crypted_password) == unencrypted
+    end
+    def persisted?
+      !new? && @destroyed != true
+    end
+    # Return whatever we want to pass to the omniauth hash here
+    def info
+      {
+        email: username
+      }
+    end
+    # Validation
+    def validate
+      validates_presence :username
+      unless username.blank?
+        validates_unique :username
+        validates_format(/\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i, :username)
+      end
+      if password_required
+        validates_presence :password
+        validates_presence :password_confirmation
+        validates_min_length 8, :password
+      end
+      errors.add(:password_confirmation, 'must match password') if !password.blank? && password != password_confirmation
+    end
+    # Callbacks
+    def before_save
+      encrypt_password unless password == '' || password.nil?
+    end
+    private
+    def encrypt_password
+      self.crypted_password = ::BCrypt::Password.create(password)
+    end
+    def password_required
+      crypted_password.blank? || !password.blank?
+    end
+  end
+end

data/lib/proxes/models/permission.rb ADDED

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+require 'sequel'
+module ProxES
+  class Permission < Sequel::Model
+    many_to_one :role
+    def validate
+      validates_presence [:role_id, :verb, :pattern]
+      validates_includes self.class.verbs, :verb
+    end
+    def self.verbs
+      ['GET', 'POST', 'PUT', 'DELETE', 'HEAD', 'OPTIONS', 'TRACE', 'INDEX']
+    end
+  end
+end