proxes 0.1.0

data/lib/proxes/rake_tasks.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+require 'rake'
+require 'rake/tasklib'
+
+module ProxES
+  class Tasks < ::Rake::TaskLib
+    include ::Rake::DSL if defined?(::Rake::DSL)
+
+    def install_tasks
+      namespace :proxes do
+        desc 'Generate the needed tokens'
+        task :generate_tokens do
+          require 'securerandom'
+          File.write('.session_secret', SecureRandom.random_bytes(40))
+          File.write('.token_secret', SecureRandom.random_bytes(40))
+        end
+
+        desc 'Seed the database'
+        task :seed do
+          require 'proxes/seed'
+        end
+
+        desc 'Migrate ProxES database to latest version'
+        task :migrate do
+          Rake::Task['proxes:migrate:up'].invoke
+        end
+
+        namespace :migrate do
+          require_relative './db'
+          Sequel.extension :migration
+          folder = File.expand_path(File.dirname(__FILE__) + '/../../migrate')
+
+          desc 'Check if the migration is current'
+          task :check do
+            Sequel::Migrator.check_current(DB, folder)
+          end
+
+          desc 'Migrate ProxES database to latest version'
+          task :up do
+            Sequel::Migrator.apply(DB, folder)
+          end
+
+          desc 'Roll back the ProxES database'
+          task :down do
+            Sequel::Migrator.apply(DB, folder, 0)
+          end
+
+          desc 'Reset the ProxES database'
+          task :bounce do
+            Sequel::Migrator.apply(DB, folder, 0)
+            Sequel::Migrator.apply(DB, folder)
+          end
+        end
+      end
+    end
+  end
+end
+
+ProxES::Tasks.new.install_tasks

data/lib/proxes/request.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+require 'rack'
+
+module ProxES
+  class Request < Rack::Request
+    def self.from_env(env)
+      request = Rack::Request.new(env)
+      splits = request.path.split('/')
+      endpoint = if splits[1] && splits[1][0] == '_'
+                   splits[1][1..-1].titlecase
+                 else
+                   splits.count > 0 ? splits[-1][1..-1].titlecase : 'Root'
+                 end
+      begin
+        require 'proxes/request/' + endpoint.downcase
+        ProxES::Request.const_get(endpoint).new(env)
+      rescue LoadError
+        self.new(env)
+      end
+    end
+
+    def initialize(env)
+      super
+      parse
+    end
+
+    def endpoint
+      path_parts[0]
+    end
+
+    def parse
+      path_parts
+    end
+
+    def indices?
+      false
+    end
+
+    private
+
+    def path_parts
+      @path_parts ||= path[1..-1].split('/')
+    end
+
+    def check_part(val)
+      return val if val.nil?
+      return [] if [endpoint, '_all'].include? val
+      val.split(',')
+    end
+  end
+end

data/lib/proxes/request/root.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+require 'rack'
+require 'proxes/request'
+
+module ProxES
+  class Request
+    class Root < ProxES::Request
+    end
+  end
+end

data/lib/proxes/request/search.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+require 'rack'
+require 'proxes/request'
+
+module ProxES
+  class Request
+    class Search < ProxES::Request
+      attr_reader :index, :type
+      attr_reader :type
+
+      def index=(idx)
+        @index = idx
+        self.path_info = '/' + [ index, type, id, endpoint ]
+          .map { |v| v.is_a?(Array) ? v.join(',') : v }
+          .select { |v| !v.nil? && v != '' }.join('/')
+      end
+
+      def endpoint
+        '_search'
+      end
+
+      def parse
+        @index ||= check_part(path_parts[0])
+        @type  ||= check_part(path_parts[1])
+        @id    ||= check_part(path_parts[2])
+      end
+
+      def id
+        @id == [] ? nil : @id
+      end
+
+      def indices?
+        true
+      end
+    end
+  end
+end

data/lib/proxes/request/snapshot.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+require 'rack'
+require 'proxes/request'
+
+module ProxES
+  class Request
+    class Snapshot < ProxES::Request
+      attr_reader :repository
+
+      def parse
+        @repository ||= check_part(path_parts[1])
+        @repository = [] if repository.nil?
+      end
+    end
+  end
+end

data/lib/proxes/request/stats.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+require 'rack'
+require 'proxes/request'
+
+module ProxES
+  class Request
+    class Stats < ProxES::Request
+      attr_reader :index
+
+      def index=(idx)
+        @index = idx
+        self.path_info = '/' + [ index, endpoint ]
+          .map { |v| v.is_a?(Array) ? v.join(',') : v }
+          .select { |v| !v.nil? && v != '' }.join('/')
+      end
+
+      def endpoint
+        '_stats'
+      end
+
+      def parse
+        @index ||= check_part(path_parts[0])
+      end
+
+      def indices?
+        true
+      end
+    end
+  end
+end

data/lib/proxes/security.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+require 'proxes/services/logger'
+require 'rack-proxy'
+require 'proxes/request'
+require 'proxes/policies/request_policy'
+require 'proxes/helpers/pundit'
+require 'proxes/helpers/authentication'
+require 'proxes/services/logger'
+
+module ProxES
+  class Security
+    attr_reader :env, :logger
+
+    include ProxES::Helpers::Authentication
+    include ProxES::Helpers::Pundit
+
+    def initialize(app, logger = nil)
+      @app = app
+      @logger = logger || ProxES::Services::Logger.instance
+    end
+
+    def error(message, code = 500)
+      [code, { 'Content-Type' => 'application/json' }, ['{"error":"' + message + '}']]
+    end
+
+    def call(env)
+      @env = env
+
+      request = ProxES::Request.from_env(env)
+
+      logger.debug '==========================BEFORE================================================'
+      logger.debug '= ' + "Request: #{request.fullpath}".ljust(76) + ' ='
+      logger.debug '= ' + "Endpoint: #{request.endpoint}".ljust(76) + ' ='
+      logger.debug '================================================================================'
+
+      begin
+        check_basic
+        authorize request
+      rescue StandardError => e
+        logger.debug "Access denied by security layer: #{e.message}"
+        return error 'Forbidden', 403
+      end
+      request.index = policy_scope(request) if request.indices?
+
+      logger.debug '==========================AFTER================================================='
+      logger.debug '= ' + "Request: #{request.fullpath}".ljust(76) + ' ='
+      logger.debug '= ' + "Endpoint: #{request.endpoint}".ljust(76) + ' ='
+      logger.debug '================================================================================'
+
+      begin
+        @app.call request.env
+      rescue Errno::EHOSTUNREACH
+        error 'Could not reach Elasticsearch at ' + ENV['ELASTICSEARCH_URL']
+      rescue Errno::ECONNREFUSED
+        error 'Elasticsearch not listening at ' + ENV['ELASTICSEARCH_URL']
+      end
+    end
+  end
+end

data/lib/proxes/seed.rb

@@ -0,0 +1,10 @@
+require 'proxes/db'
+require 'proxes/models/role'
+require 'proxes/models/permission'
+
+ProxES::Role.find_or_create(name: 'user')
+ProxES::Role.find_or_create(name: 'admin')
+sa = ProxES::Role.find_or_create(name: 'super_admin')
+%w(GET POST PUT DELETE HEAD OPTIONS).each do |verb|
+  ProxES::Permission.find_or_create(role: sa, verb: verb, pattern: '.*')
+end

data/lib/proxes/services/logger.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+require 'logger'
+require 'yaml'
+require 'singleton'
+require 'active_support/inflector'
+require 'proxes/loggers/elasticsearch'
+
+# ProxES::Services::Logger.instance
+
+module ProxES
+  module Services
+    class Logger
+      include Singleton
+
+      CONFIG = './config/logger.yml'
+      attr_reader :loggers
+
+      def initialize
+        @loggers = []
+        config.each do |values|
+          klass = values['class'].constantize
+          opts = values['options'] || nil
+          logger = klass.new(opts)
+          if values['level']
+            logger.level = klass.const_get(values['level'].to_sym)
+          end
+          @loggers << logger
+        end
+      end
+
+      def method_missing(method, *args, &block)
+        loggers.each { |logger| logger.send(method, *args, &block) }
+      end
+
+      def respond_to_missing?(method, include_private = false)
+        loggers.any? { |logger| logger.respond_to?(method) }
+      end
+
+      private
+
+      def config
+        @config ||= File.exist?(CONFIG) ? YAML.load_file(CONFIG) : default
+      end
+
+      def default
+        [{ 'name' => 'default', 'class' => 'Logger' }]
+      end
+    end
+  end
+end

data/lib/proxes/version.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+module ProxES
+  VERSION = '0.1.0'
+end

data/migrate/001_tables.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+Sequel.migration do
+  change do
+    create_table :users do
+      primary_key :id
+      String :name
+      String :surname
+      String :email
+      DateTime :created_at
+      DateTime :updated_at
+      unique [:email]
+    end
+
+    create_table :identities do
+      primary_key :id
+      foreign_key :user_id, :users
+      String :username
+      String :crypted_password
+      DateTime :created_at
+      DateTime :updated_at
+      unique [:username]
+    end
+
+    create_table :roles do
+      primary_key :id
+      String :name
+      DateTime :created_at
+      DateTime :updated_at
+      unique [:name]
+    end
+
+    create_table :permissions do
+      primary_key :id
+      String :verb
+      String :pattern
+      DateTime :created_at
+      foreign_key :role_id, :roles
+    end
+
+    create_table :roles_users do
+      DateTime :created_at
+      foreign_key :user_id, :users
+      foreign_key :role_id, :roles
+      unique [:user_id, :role_id]
+    end
+  end
+end

data/migrate/002_audit_log.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+Sequel.migration do
+  change do
+    create_table :audit_logs do
+      primary_key :id
+      foreign_key :user_id, :users
+      String :action
+      DateTime :created_at
+    end
+  end
+end

data/package.json

@@ -0,0 +1,34 @@
+{
+  "name": "proxes",
+  "version": "0.1.0",
+  "description": "Elasticsearch Management System",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/EagerELK/proxes.git"
+  },
+  "author": "Jurgens du Toit",
+  "license": "LGPL-3.0",
+  "bugs": {
+    "url": "https://github.com/EagerELK/proxes/issues"
+  },
+  "homepage": "https://github.com/EagerELK/proxes#readme",
+  "dependencies": {
+    "body-parser": "^1.4.3",
+    "express": "^4.4.5",
+    "gulp-connect": "^5.0.0",
+    "jquery": "^3.1.0",
+    "numeral": "^1.5.3",
+    "react": "^15.2.1",
+    "react-dom": "^15.2.1",
+    "react-proxes-components": "^0.2.2"
+  },
+  "devDependencies": {
+    "babel-preset-es2015": "^6.9.0",
+    "babel-preset-react": "^6.11.1",
+    "babelify": "^7.3.0",
+    "browserify": "^13.1.0",
+    "gulp": "^3.9.1",
+    "gulp-util": "^3.0.7",
+    "vinyl-source-stream": "^1.1.0"
+  }
+}

data/proxes.gemspec

@@ -0,0 +1,44 @@
+# coding: utf-8
+# frozen_string_literal: true
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'proxes/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'proxes'
+  spec.version       = ProxES::VERSION
+  spec.authors       = ['Jurgens du Toit']
+  spec.email         = ['jrgns@jadeit.co.za']
+
+  spec.summary       = 'Rack wrapper around Elasticsearch to provide security and management features'
+  spec.description   = 'Rack wrapper around Elasticsearch to provide security and management features'
+  spec.homepage      = 'https://github.com/eagerelk/proxes'
+  spec.license       = 'LGPLv3'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler', '~> 1.12'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'racksh'
+  spec.add_development_dependency 'rack-test'
+  spec.add_development_dependency 'database_cleaner'
+  spec.add_development_dependency 'factory_girl'
+
+  spec.add_dependency 'rack-proxy'
+  spec.add_dependency 'sinatra'
+  spec.add_dependency 'sinatra-flash'
+  spec.add_dependency 'sinatra-contrib'
+  spec.add_dependency 'elasticsearch'
+  spec.add_dependency 'logger'
+  spec.add_dependency 'pundit'
+  spec.add_dependency 'sequel'
+  spec.add_dependency 'bcrypt'
+  spec.add_dependency 'omniauth'
+  spec.add_dependency 'omniauth-identity'
+  spec.add_dependency 'haml'
+  spec.add_dependency 'tilt', '>= 2'
+end