RubyGems - proxes - Versions diffs - 0.1.0 - Mend

proxes 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (101) hide show

checksums.yaml +7 -0
data/.codeclimate.yml +24 -0
data/.gitignore +13 -0
data/.rspec +2 -0
data/.rubocop.yml +12 -0
data/.ruby-version +1 -0
data/.travis.yml +18 -0
data/Gemfile +4 -0
data/Gemfile.ci +15 -0
data/Gemfile.dev +10 -0
data/Gemfile.dev.lock +155 -0
data/LICENSE.txt +8 -0
data/README.md +83 -0
data/Rakefile +9 -0
data/Vagrantfile +46 -0
data/bin/console +15 -0
data/bin/setup +8 -0
data/config.ru +64 -0
data/config/logger.yml +3 -0
data/gulpfile.js +80 -0
data/lib/proxes.rb +3 -0
data/lib/proxes/app.rb +48 -0
data/lib/proxes/controllers/application.rb +53 -0
data/lib/proxes/controllers/audit_logs.rb +34 -0
data/lib/proxes/controllers/auth_identity.rb +21 -0
data/lib/proxes/controllers/component.rb +108 -0
data/lib/proxes/controllers/permissions.rb +10 -0
data/lib/proxes/controllers/roles.rb +10 -0
data/lib/proxes/controllers/users.rb +119 -0
data/lib/proxes/db.rb +17 -0
data/lib/proxes/helpers/authentication.rb +45 -0
data/lib/proxes/helpers/component.rb +40 -0
data/lib/proxes/helpers/indices.rb +16 -0
data/lib/proxes/helpers/pundit.rb +39 -0
data/lib/proxes/helpers/views.rb +41 -0
data/lib/proxes/loggers/elasticsearch.rb +9 -0
data/lib/proxes/models/audit_log.rb +12 -0
data/lib/proxes/models/identity.rb +67 -0
data/lib/proxes/models/permission.rb +17 -0
data/lib/proxes/models/role.rb +14 -0
data/lib/proxes/models/user.rb +57 -0
data/lib/proxes/policies/application_policy.rb +20 -0
data/lib/proxes/policies/audit_log_policy.rb +40 -0
data/lib/proxes/policies/identity_policy.rb +24 -0
data/lib/proxes/policies/permission_policy.rb +40 -0
data/lib/proxes/policies/request/root_policy.rb +12 -0
data/lib/proxes/policies/request/search_policy.rb +15 -0
data/lib/proxes/policies/request/snapshot_policy.rb +12 -0
data/lib/proxes/policies/request/stats_policy.rb +15 -0
data/lib/proxes/policies/request_policy.rb +69 -0
data/lib/proxes/policies/role_policy.rb +40 -0
data/lib/proxes/policies/token_policy.rb +46 -0
data/lib/proxes/policies/user_policy.rb +46 -0
data/lib/proxes/rake_tasks.rb +59 -0
data/lib/proxes/request.rb +51 -0
data/lib/proxes/request/root.rb +10 -0
data/lib/proxes/request/search.rb +37 -0
data/lib/proxes/request/snapshot.rb +16 -0
data/lib/proxes/request/stats.rb +30 -0
data/lib/proxes/security.rb +59 -0
data/lib/proxes/seed.rb +10 -0
data/lib/proxes/services/logger.rb +50 -0
data/lib/proxes/version.rb +4 -0
data/migrate/001_tables.rb +47 -0
data/migrate/002_audit_log.rb +11 -0
data/package.json +34 -0
data/proxes.gemspec +44 -0
data/public/js/bundle.js +28988 -0
data/src/scripts/app.js +10 -0
data/views/404.haml +1 -0
data/views/audit_logs/index.haml +18 -0
data/views/error.haml +4 -0
data/views/getting_started.haml +16 -0
data/views/identity/login.haml +19 -0
data/views/identity/register.haml +17 -0
data/views/index.haml +3 -0
data/views/layout.haml +48 -0
data/views/partials/delete_form.haml +4 -0
data/views/partials/form_control.haml +21 -0
data/views/partials/navbar.haml +25 -0
data/views/partials/notifications.haml +24 -0
data/views/partials/pager.haml +19 -0
data/views/partials/sidebar.haml +32 -0
data/views/permissions/display.haml +24 -0
data/views/permissions/edit.haml +11 -0
data/views/permissions/form.haml +3 -0
data/views/permissions/index.haml +14 -0
data/views/permissions/new.haml +10 -0
data/views/roles/display.haml +33 -0
data/views/roles/edit.haml +11 -0
data/views/roles/form.haml +1 -0
data/views/roles/index.haml +17 -0
data/views/roles/new.haml +10 -0
data/views/users/display.haml +32 -0
data/views/users/edit.haml +11 -0
data/views/users/identity.haml +3 -0
data/views/users/index.haml +20 -0
data/views/users/new.haml +11 -0
data/views/users/profile.haml +37 -0
data/views/users/user.haml +3 -0
metadata +424 -0

data/lib/proxes/controllers/roles.rb ADDED

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+require 'proxes/controllers/component'
+require 'proxes/models/role'
+require 'proxes/policies/role_policy'
+module ProxES
+  class Roles < Component
+    set model_class: ProxES::Role
+  end
+end

data/lib/proxes/controllers/users.rb ADDED

@@ -0,0 +1,119 @@
+# frozen_string_literal: true
+require 'proxes/controllers/component'
+require 'proxes/models/user'
+require 'proxes/policies/user_policy'
+require 'proxes/models/identity'
+require 'proxes/policies/identity_policy'
+module ProxES
+  class Users < Component
+    set model_class: ProxES::User
+    # New
+    get '/new' do
+      authorize settings.model_class, :create
+      locals = {
+        title: heading(:new),
+        entity: ProxES::User.new,
+        identity: ProxES::Identity.new
+      }
+      haml :"#{view_location}/new", locals: locals, layout_opts: { locals: locals }
+    end
+    # Create
+    post '/' do
+      authorize settings.model_class, :create
+      locals = { title: heading(:new) }
+      user_params = permitted_attributes(User, :create)
+      identity_params = permitted_attributes(Identity, :create)
+      user_params['email'] = identity_params['username']
+      roles = user_params.delete('role_id')
+      user     = locals[:user]     = User.new(user_params)
+      identity = locals[:identity] = Identity.new(identity_params)
+      if identity.valid? && user.valid?
+        DB.transaction(isolation: :serializable) do
+          identity.save
+          user.save
+          user.add_identity identity
+          roles.each do |role_id|
+            user.add_role(role_id) unless user.roles.map(&:id).include? role_id.to_i
+          end if roles
+          user.check_roles
+        end
+        flash[:success] = 'User created'
+        redirect "/_proxes/users/#{user.id}"
+      else
+        flash.now[:danger] = 'Could not create the user'
+        locals[:entity] = user
+        locals[:identity] = identity
+        haml :"#{view_location}/new", locals: locals
+      end
+    end
+    # Update
+    put '/:id' do |id|
+      entity = dataset[id.to_i]
+      halt 404 unless entity
+      authorize entity, :update
+      values = permitted_attributes(settings.model_class, :update)
+      roles  = values.delete('role_id')
+      entity.set values
+      if entity.valid? && entity.save
+        entity.remove_all_roles
+        roles.each { |role_id| entity.add_role(role_id) } if roles
+        entity.check_roles
+        flash[:success] = "#{heading} Updated"
+        redirect "/_proxes/users/#{entity.id}"
+      else
+        haml :"#{view_location}/edit", locals: { entity: entity, title: heading(:edit) }
+      end
+    end
+    put '/:id/identity' do |id|
+      entity = dataset[id.to_i]
+      halt 404 unless entity
+      authorize entity, :update
+      identity = entity.identity.first
+      values = permitted_attributes(Identity, :create)
+      identity.set values
+      if identity.valid? && identity.save
+        flash[:success] = "Password Updated"
+        redirect '/_proxes/users/profile'
+      else
+        haml :"#{view_location}/profile", locals: { entity: entity, identity: identity, title: heading }
+      end
+    end
+    # Delete
+    delete '/:id' do |id|
+      entity = dataset[id.to_i]
+      halt 404 unless entity
+      authorize entity, :delete
+      entity.remove_all_identity
+      entity.remove_all_roles
+      entity.destroy
+      flash[:success] = "#{heading} Deleted"
+      redirect '/_proxes/users'
+    end
+    # Profile
+    get '/profile' do
+      entity = current_user
+      halt 404 unless entity
+      authorize entity, :read
+      haml :"#{view_location}/profile", locals: { entity: entity, identity: entity.identity.first, title: 'My Account' }
+    end
+  end
+end

data/lib/proxes/db.rb ADDED

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+require 'sequel'
+require 'proxes/services/logger'
+# Delete DATABASE_URL from the environment, so it isn't accidently
+# passed to subprocesses.  DATABASE_URL may contain passwords.
+DB = Sequel.connect(ENV['RACK_ENV'] == 'production' ? ENV.delete('DATABASE_URL') : ENV['DATABASE_URL'])
+DB.loggers <<  ProxES::Services::Logger.instance
+DB.extension(:pagination)
+Sequel::Model.plugin :auto_validations
+Sequel::Model.plugin :update_or_create
+# Sequel::Model.plugin :prepared_statements
+# Sequel::Model.plugin :prepared_statements_associations
+Sequel::Model.plugin :timestamps, update_on_create: true

data/lib/proxes/helpers/authentication.rb ADDED

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+module ProxES
+  module Helpers
+    module Authentication
+      def current_user
+        return nil unless env['rack.session'] && env['rack.session']['user_id']
+        @user ||= User[env['rack.session']['user_id']]
+      end
+      def current_user=(user)
+        env['rack.session']['user_id'] = user.id
+      end
+      def authenticate
+        authenticated?
+      end
+      def authenticated?
+        !env['rack.session']['user_id'].nil?
+      end
+      def authenticate!
+        raise NotAuthenticated unless env['rack.session']['user_id']
+        true
+      end
+      def logout
+        env['rack.session'].delete('user_id')
+      end
+      def check_basic
+        auth = Rack::Auth::Basic::Request.new(env)
+        return unless auth.provided?
+        return unless auth.basic?
+        identity = ProxES::Identity.find(username: auth.credentials[0])
+        raise NotAuthenticated unless identity
+        self.current_user = identity.user if identity.authenticate(auth.credentials[1])
+      end
+    end
+    class NotAuthenticated < StandardError
+    end
+  end
+end

data/lib/proxes/helpers/component.rb ADDED

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+require 'active_support'
+require 'active_support/inflector'
+module ProxES
+  module Helpers
+    module Component
+      def dataset
+        policy_scope(settings.model_class)
+      end
+      def list
+        params['count'] ||= 10
+        params['page'] ||= 1
+        dataset.select.paginate(params['page'].to_i, params['count'].to_i)
+      end
+      def heading(action = nil)
+        @headings ||= begin
+          heading = ActiveSupport::Inflector.demodulize settings.model_class
+          h = Hash.new(heading)
+          h[:new] = "New #{heading}"
+          h[:list] = ActiveSupport::Inflector.pluralize heading
+          h[:edit] = "Edit #{heading}"
+          h
+        end
+        @headings[action]
+      end
+      def base_path
+        settings.base_path || "/_proxes/#{heading(:list).downcase}"
+      end
+      def view_location
+        settings.view_location || heading(:list).underscore.to_s
+      end
+    end
+  end
+end

data/lib/proxes/helpers/indices.rb ADDED

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+module ProxES
+  module Helpers
+    module Indices
+      def filter(asked, against)
+        return against.map { |a| a.gsub(%r{\.\*}, '*') } if asked == ['*'] || asked == []
+        answer = []
+        against.each do |pattern|
+          answer.concat asked.select { |idx| idx =~ %r{#{pattern}} }
+        end
+        answer
+      end
+    end
+  end
+end

data/lib/proxes/helpers/pundit.rb ADDED

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+require 'pundit'
+require 'proxes/request'
+module ProxES
+  module Helpers
+    module Pundit
+      include ::Pundit
+      def authorize(record, query = nil)
+        if record.is_a?(::ProxES::Request)
+          query = record.request_method.downcase
+        elsif query.nil?
+          raise ArgumentError, 'Pundit cannot determine the query'
+        end
+        query = :"#{query}?" unless query[-1] == '?'
+        super
+      end
+      def permitted_attributes(record, action)
+        param_key = PolicyFinder.new(record).param_key
+        policy = policy(record)
+        method_name = if policy.respond_to?("permitted_attributes_for_#{action}")
+                        "permitted_attributes_for_#{action}"
+                      else
+                        'permitted_attributes'
+                      end
+        request.params.fetch(param_key, {}).select do |key, _value|
+          policy.public_send(method_name).include? key.to_sym
+        end
+      end
+      def pundit_user
+        current_user
+      end
+    end
+  end
+end

data/lib/proxes/helpers/views.rb ADDED

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+module ProxES
+  module Helpers
+    module Views
+      def form_control(name, model, opts = {})
+        label = opts.delete(:label) || name.to_s.titlecase
+        klass = opts.delete(:class) || 'form-control' unless opts[:type] == 'file'
+        group = opts.delete(:group) || model.class.to_s.demodulize.underscore
+        field = opts.delete(:field) || name
+        attributes = { type: 'text', id: name, name: "#{group}[#{name}]", class: klass }.merge(opts)
+        locals = { model: model, label: label, attributes: attributes, name: name, group: group, field: field }
+        haml :'partials/form_control', locals: locals
+      end
+      def flash_messages(key = :flash)
+        return '' if flash(key).empty?
+        id = (key == :flash ? 'flash' : "flash_#{key}")
+        messages = flash(key).collect do |message|
+          "  <div class='alert alert-#{message[0]} alert-dismissable' role='alert'>#{message[1]}</div>\n"
+        end
+        "<div id='#{id}'>\n" + messages.join + '</div>'
+      end
+      def delete_form(entity, label = 'Delete')
+        locals = { delete_label: label, entity: entity }
+        haml :'partials/delete_form', locals: locals
+      end
+      def pagination(list, base_path)
+        locals = {
+          next_link: list.last_page? ? '#' : "#{base_path}?page=#{list.next_page}&count=#{list.page_size}",
+          prev_link: list.first_page? ? '#' : "#{base_path}?page=#{list.prev_page}&count=#{list.page_size}",
+          base_path: base_path,
+          list: list
+        }
+        haml :'partials/pager', locals: locals
+      end
+    end
+  end
+end

data/lib/proxes/loggers/elasticsearch.rb ADDED

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+require 'logger'
+module ProxES
+  module Loggers
+    class Elasticsearch < ::Logger
+    end
+  end
+end

data/lib/proxes/models/audit_log.rb ADDED

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+require 'sequel'
+module ProxES
+  class AuditLog < Sequel::Model
+    many_to_one :user
+    def validate
+      validates_presence [:user_id, :action]
+    end
+  end
+end

data/lib/proxes/models/identity.rb ADDED

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+require 'sequel'
+require 'omniauth-identity'
+require 'active_support'
+require 'active_support/core_ext/object/blank'
+module ProxES
+  class Identity < Sequel::Model
+    many_to_one :user
+    attr_accessor :password, :password_confirmation
+    # OmniAuth Related
+    include OmniAuth::Identity::Model
+    def self.locate(conditions)
+      where(conditions).first
+    end
+    def authenticate(unencrypted)
+      self if ::BCrypt::Password.new(crypted_password) == unencrypted
+    end
+    def persisted?
+      !new? && @destroyed != true
+    end
+    # Return whatever we want to pass to the omniauth hash here
+    def info
+      {
+        email: username
+      }
+    end
+    # Validation
+    def validate
+      validates_presence :username
+      unless username.blank?
+        validates_unique :username
+        validates_format(/\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i, :username)
+      end
+      if password_required
+        validates_presence :password
+        validates_presence :password_confirmation
+        validates_min_length 8, :password
+      end
+      errors.add(:password_confirmation, 'must match password') if !password.blank? && password != password_confirmation
+    end
+    # Callbacks
+    def before_save
+      encrypt_password unless password == '' || password.nil?
+    end
+    private
+    def encrypt_password
+      self.crypted_password = ::BCrypt::Password.create(password)
+    end
+    def password_required
+      crypted_password.blank? || !password.blank?
+    end
+  end
+end

data/lib/proxes/models/permission.rb ADDED

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+require 'sequel'
+module ProxES
+  class Permission < Sequel::Model
+    many_to_one :role
+    def validate
+      validates_presence [:role_id, :verb, :pattern]
+      validates_includes self.class.verbs, :verb
+    end
+    def self.verbs
+      ['GET', 'POST', 'PUT', 'DELETE', 'HEAD', 'OPTIONS', 'TRACE', 'INDEX']
+    end
+  end
+end