proxes 0.1.0

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/config.ru

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+#\-o 0.0.0.0 -p 9294
+libdir = File.expand_path(File.dirname(__FILE__) + '/lib')
+$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+
+raise 'Unconfigured' unless ENV['ELASTICSEARCH_URL']
+
+require 'proxes'
+require 'proxes/db'
+
+Sequel.extension :migration
+Sequel::Migrator.check_current(DB, './migrate')
+
+use Rack::Static, urls: ['/css', '/js'], root: 'public'
+use Rack::MethodOverride
+use Rack::Session::Cookie,
+    key: '_ProxES_session',
+    #:secure=>!TEST_MODE, # Uncomment if only allowing https:// access
+    secret: File.read('.session_secret')
+
+require 'omniauth'
+require 'omniauth-identity'
+require 'proxes/models/identity'
+require 'proxes/controllers/auth_identity'
+# OmniAuth.config.test_mode = true
+use OmniAuth::Builder do
+  # The identity provider is used by the App.
+  provider :identity,
+           fields: [:username],
+           callback_path: '/_proxes/auth/identity/callback',
+           model: ProxES::Identity,
+           on_login: ProxES::AuthIdentity,
+           on_registration: ProxES::AuthIdentity,
+           locate_conditions: ->(req) { { username: req['username'] } }
+end
+OmniAuth.config.on_failure = ProxES::AuthIdentity
+
+# Management App
+Dir.glob("#{libdir}/proxes/controllers/*.rb").each { |file| require file }
+
+map '/_proxes' do
+  {
+    '/users' => ProxES::Users,
+    '/roles' => ProxES::Roles,
+    '/permissions' => ProxES::Permissions,
+    '/audit-logs' => ProxES::AuditLogs,
+  }.each do |route, app|
+    map route do
+      run app
+    end
+  end
+
+  run ProxES::App
+end
+
+# Proxy all Elasticsearch requests
+require 'proxes/security'
+map '/' do
+  # Security
+  use ProxES::Security, ProxES::Services::Logger.instance
+
+  # Forward requests to ES
+  run Rack::Proxy.new(backend: ENV['ELASTICSEARCH_URL'])
+end

data/config/logger.yml

@@ -0,0 +1,3 @@
+---
+- name: default
+  class: Logger

data/gulpfile.js

@@ -0,0 +1,80 @@
+// From http://jpsierens.com/tutorial-gulp-javascript-2015-react/
+var gulp = require('gulp');
+var browserify = require('browserify');
+var source = require('vinyl-source-stream');
+var gutil = require('gulp-util');
+var babelify = require('babelify');
+var connect = require('gulp-connect');
+
+// External dependencies you do not want to rebundle while developing,
+// but include in your application deployment
+var dependencies = [
+    // 'react',
+    // 'react-dom'
+    // 'react-proxes-components'
+];
+// keep a count of the times a task refires
+var scriptsCount = 0;
+
+// Gulp tasks
+// ----------------------------------------------------------------------------
+gulp.task('scripts', function () {
+    bundleApp(false);
+});
+
+gulp.task('deploy', function (){
+    bundleApp(true);
+});
+
+gulp.task('watch', function () {
+    gulp.watch(['./src/scripts/**/*.js'], ['scripts']);
+});
+
+// When running 'gulp' on the terminal this task will fire.
+// It will start watching for changes in every .js file.
+// If there's a change, the task 'scripts' defined above will fire.
+gulp.task('default', ['scripts','watch']);
+
+// Private Functions
+// ----------------------------------------------------------------------------
+function bundleApp(isProduction) {
+    scriptsCount++;
+    // Browserify will bundle all our js files together in to one and will let
+    // us use modules in the front end.
+    var appBundler = browserify({
+        entries: './src/scripts/app.js',
+        debug: true
+    });
+
+    // If it's not for production, a separate vendors.js file will be created
+    // the first time gulp is run so that we don't have to rebundle things like
+    // react everytime there's a change in the js file
+    if (!isProduction && scriptsCount === 1){
+        // create vendors.js for dev environment.
+        browserify({
+            require: dependencies,
+            debug: true
+        })
+            .bundle()
+            .on('error', gutil.log)
+            .pipe(source('vendors.js'))
+            .pipe(gulp.dest('./public/js/'));
+    }
+    if (!isProduction){
+        // make the dependencies external so they dont get bundled by the
+        // app bundler. Dependencies are already bundled in vendor.js for
+        // development environments.
+        dependencies.forEach(function(dep){
+            appBundler.external(dep);
+        })
+    }
+
+
+    appBundler
+    // transform ES6 and JSX to ES5 with babelify
+        .transform("babelify", {presets: ["es2015", "react"]})
+        .bundle()
+        .on('error',gutil.log)
+        .pipe(source('bundle.js'))
+        .pipe(gulp.dest('./public/js/'));
+}

data/lib/proxes.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+require 'proxes/version'
+require 'proxes/app'

data/lib/proxes/app.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+require 'proxes/controllers/application'
+
+module ProxES
+  # Manage your Elasticsearch cluster, user and user sessions
+  class App < Application
+    get '/' do
+      authenticate!
+      haml :index, locals: { title: 'Dashboard' }
+    end
+
+    ['/unauthenticated', '/_proxes/unauthenticated'].each do |path|
+      get path do
+        redirect '/auth/identity'
+      end
+    end
+
+    post '/auth/identity/new' do
+      identity = Identity.new(params['identity'])
+      if identity.valid? && identity.save
+        flash[:info] = 'Successfully Registered. Please log in'
+        redirect '/auth/identity'
+      else
+        flash.now[:warning] = 'Could not complete the registration. Please try again.'
+        haml :'identity/register', locals: { identity: identity }
+      end
+    end
+
+    post '/auth/identity/callback' do
+      user = User.find_or_create(email: env['omniauth.auth']['info']['email'])
+
+      identity = Identity.find(username: user.email)
+      user.add_identity identity unless identity.user == user
+
+      self.current_user = user
+      flash[:success] = 'Logged In'
+      redirect '/_proxes'
+    end
+
+    delete '/auth/identity' do
+      logout
+
+      flash[:info] = 'Logged Out'
+
+      redirect '/_proxes'
+    end
+  end
+end

data/lib/proxes/controllers/application.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+require 'sinatra/base'
+require 'sinatra/flash'
+require 'sinatra/respond_with'
+require 'proxes/helpers/views'
+require 'proxes/helpers/pundit'
+require 'proxes/helpers/authentication'
+
+module ProxES
+  class Application < Sinatra::Base
+    set :root, ::File.expand_path(::File.dirname(__FILE__) + '/../../../')
+    register Sinatra::Flash, Sinatra::RespondWith
+    helpers ProxES::Helpers::Pundit, ProxES::Helpers::Views, ProxES::Helpers::Authentication
+
+    configure :production do
+      disable :show_exceptions
+    end
+
+    configure :development do
+      set :show_exceptions, :after_handler
+    end
+
+    configure :production, :development do
+      enable :logging
+    end
+
+    not_found do
+      haml :'404', locals: { title: '4 oh 4' }
+    end
+
+    error do
+      error = env['sinatra.error']
+      haml :error, locals: { title: 'Something went wrong', message: error }
+    end
+
+    error ::ProxES::Helpers::NotAuthenticated do
+      flash[:warning] = 'Please log in first.'
+      redirect '/auth/identity'
+    end
+
+    error ::Pundit::NotAuthorizedError do
+      flash[:warning] = 'Please log in first.'
+      redirect '/auth/identity'
+    end
+
+    before (/.*/) do
+      if request.url.match(/.json/)
+        request.accept.unshift('application/json')
+        request.path_info = request.path_info.gsub(/.json/,'')
+      end
+    end
+  end
+end

data/lib/proxes/controllers/audit_logs.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+require 'proxes/controllers/component'
+require 'proxes/models/audit_log'
+require 'proxes/policies/audit_log_policy'
+
+module ProxES
+  class AuditLogs < Component
+    set model_class: ProxES::AuditLog
+
+    get '/new' do
+      halt 404
+    end
+
+    post '/' do
+      halt 404
+    end
+
+    get '/:id' do
+      halt 404
+    end
+
+    get '/:id/edit' do
+      halt 404
+    end
+
+    put '/:id' do
+      halt 404
+    end
+
+    delete '/:id' do
+      halt 404
+    end
+  end
+end

data/lib/proxes/controllers/auth_identity.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+require 'proxes/controllers/application'
+
+module ProxES
+  class AuthIdentity < Application
+    get '/auth/identity' do
+      haml :'identity/login', locals: { title: 'Log In' }
+    end
+
+    # Failed Login
+    post '/_proxes/auth/identity/callback' do
+      flash[:warning] = 'Invalid credentials. Please try again.'
+      redirect '/auth/identity'
+    end
+
+    get '/auth/identity/register' do
+      identity = Identity.new
+      haml :'identity/register', locals: { title: 'Register', identity: identity }
+    end
+  end
+end

data/lib/proxes/controllers/component.rb

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+require 'proxes/controllers/application'
+require 'proxes/helpers/component'
+
+module ProxES
+  class Component < Application
+    helpers ProxES::Helpers::Component
+    set base_path: nil
+    set view_location: nil
+
+    # List
+    get '/', provides: [:html, :json] do
+      authorize settings.model_class, :list
+
+      actions = {}
+      actions["#{base_path}/new"] = "New #{heading}" if policy(settings.model_class).create?
+
+      respond_to do |format|
+        format.html do
+          haml :"#{view_location}/index",
+            locals: { list: list, title: heading(:list), actions: actions }
+        end
+        format.json do
+          {
+            'items' => list.map { |entity| entity.values },
+            'page' => params[:page],
+            'count' => params[:count],
+            'total' => list.to_a.size
+          }.to_json
+        end
+      end
+    end
+
+    # Create Form
+    get '/new' do
+      authorize settings.model_class, :create
+
+      entity = settings.model_class.new(permitted_attributes(settings.model_class, :create))
+      haml :"#{view_location}/new", locals: { entity: entity, title: heading(:new) }
+    end
+
+    # Create
+    post '/' do
+      authorize settings.model_class, :create
+
+      entity = settings.model_class.new(permitted_attributes(settings.model_class, :create))
+      if entity.valid? && entity.save
+        flash[:success] = "#{heading} Created"
+        redirect "#{base_path}/#{entity.id}"
+      else
+        haml :"#{view_location}/new", locals: { entity: entity, title: heading(:new) }
+      end
+    end
+
+    # Read
+    get '/:id' do |id|
+      entity = dataset[id.to_i]
+      halt 404 unless entity
+      authorize entity, :read
+
+      actions = {}
+      actions["#{base_path}/#{entity.id}/edit"] = "Edit #{heading}" if policy(entity).update?
+
+      respond_to do |format|
+        format.html do
+          haml :"#{view_location}/display",
+            locals: { entity: entity, title: heading, actions: actions }
+        end
+        format.json { entity.values.to_json }
+      end
+    end
+
+    # Update Form
+    get '/:id/edit' do |id|
+      entity = dataset[id.to_i]
+      halt 404 unless entity
+      authorize entity, :update
+
+      haml :"#{view_location}/edit", locals: { entity: entity, title: heading(:edit) }
+    end
+
+    # Update
+    put '/:id' do |id|
+      entity = dataset[id.to_i]
+      halt 404 unless entity
+      authorize entity, :update
+
+      entity.set(permitted_attributes(settings.model_class, :update))
+      if entity.valid? && entity.save
+        flash[:success] = "#{heading} Updated"
+        redirect "#{base_path}/#{entity.id}"
+      else
+        haml :"#{view_location}/edit", locals: { entity: entity, title: heading(:edit) }
+      end
+    end
+
+    delete '/:id' do |id|
+      entity = dataset[id.to_i]
+      halt 404 unless entity
+      authorize entity, :delete
+
+      entity.destroy
+
+      flash[:success] = "#{heading} Deleted"
+      redirect base_path.to_s
+    end
+  end
+end

data/lib/proxes/controllers/permissions.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+require 'proxes/controllers/component'
+require 'proxes/models/permission'
+require 'proxes/policies/permission_policy'
+
+module ProxES
+  class Permissions < Component
+    set model_class: ProxES::Permission
+  end
+end