proxes 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.codeclimate.yml +24 -0
- data/.gitignore +13 -0
- data/.rspec +2 -0
- data/.rubocop.yml +12 -0
- data/.ruby-version +1 -0
- data/.travis.yml +18 -0
- data/Gemfile +4 -0
- data/Gemfile.ci +15 -0
- data/Gemfile.dev +10 -0
- data/Gemfile.dev.lock +155 -0
- data/LICENSE.txt +8 -0
- data/README.md +83 -0
- data/Rakefile +9 -0
- data/Vagrantfile +46 -0
- data/bin/console +15 -0
- data/bin/setup +8 -0
- data/config.ru +64 -0
- data/config/logger.yml +3 -0
- data/gulpfile.js +80 -0
- data/lib/proxes.rb +3 -0
- data/lib/proxes/app.rb +48 -0
- data/lib/proxes/controllers/application.rb +53 -0
- data/lib/proxes/controllers/audit_logs.rb +34 -0
- data/lib/proxes/controllers/auth_identity.rb +21 -0
- data/lib/proxes/controllers/component.rb +108 -0
- data/lib/proxes/controllers/permissions.rb +10 -0
- data/lib/proxes/controllers/roles.rb +10 -0
- data/lib/proxes/controllers/users.rb +119 -0
- data/lib/proxes/db.rb +17 -0
- data/lib/proxes/helpers/authentication.rb +45 -0
- data/lib/proxes/helpers/component.rb +40 -0
- data/lib/proxes/helpers/indices.rb +16 -0
- data/lib/proxes/helpers/pundit.rb +39 -0
- data/lib/proxes/helpers/views.rb +41 -0
- data/lib/proxes/loggers/elasticsearch.rb +9 -0
- data/lib/proxes/models/audit_log.rb +12 -0
- data/lib/proxes/models/identity.rb +67 -0
- data/lib/proxes/models/permission.rb +17 -0
- data/lib/proxes/models/role.rb +14 -0
- data/lib/proxes/models/user.rb +57 -0
- data/lib/proxes/policies/application_policy.rb +20 -0
- data/lib/proxes/policies/audit_log_policy.rb +40 -0
- data/lib/proxes/policies/identity_policy.rb +24 -0
- data/lib/proxes/policies/permission_policy.rb +40 -0
- data/lib/proxes/policies/request/root_policy.rb +12 -0
- data/lib/proxes/policies/request/search_policy.rb +15 -0
- data/lib/proxes/policies/request/snapshot_policy.rb +12 -0
- data/lib/proxes/policies/request/stats_policy.rb +15 -0
- data/lib/proxes/policies/request_policy.rb +69 -0
- data/lib/proxes/policies/role_policy.rb +40 -0
- data/lib/proxes/policies/token_policy.rb +46 -0
- data/lib/proxes/policies/user_policy.rb +46 -0
- data/lib/proxes/rake_tasks.rb +59 -0
- data/lib/proxes/request.rb +51 -0
- data/lib/proxes/request/root.rb +10 -0
- data/lib/proxes/request/search.rb +37 -0
- data/lib/proxes/request/snapshot.rb +16 -0
- data/lib/proxes/request/stats.rb +30 -0
- data/lib/proxes/security.rb +59 -0
- data/lib/proxes/seed.rb +10 -0
- data/lib/proxes/services/logger.rb +50 -0
- data/lib/proxes/version.rb +4 -0
- data/migrate/001_tables.rb +47 -0
- data/migrate/002_audit_log.rb +11 -0
- data/package.json +34 -0
- data/proxes.gemspec +44 -0
- data/public/js/bundle.js +28988 -0
- data/src/scripts/app.js +10 -0
- data/views/404.haml +1 -0
- data/views/audit_logs/index.haml +18 -0
- data/views/error.haml +4 -0
- data/views/getting_started.haml +16 -0
- data/views/identity/login.haml +19 -0
- data/views/identity/register.haml +17 -0
- data/views/index.haml +3 -0
- data/views/layout.haml +48 -0
- data/views/partials/delete_form.haml +4 -0
- data/views/partials/form_control.haml +21 -0
- data/views/partials/navbar.haml +25 -0
- data/views/partials/notifications.haml +24 -0
- data/views/partials/pager.haml +19 -0
- data/views/partials/sidebar.haml +32 -0
- data/views/permissions/display.haml +24 -0
- data/views/permissions/edit.haml +11 -0
- data/views/permissions/form.haml +3 -0
- data/views/permissions/index.haml +14 -0
- data/views/permissions/new.haml +10 -0
- data/views/roles/display.haml +33 -0
- data/views/roles/edit.haml +11 -0
- data/views/roles/form.haml +1 -0
- data/views/roles/index.haml +17 -0
- data/views/roles/new.haml +10 -0
- data/views/users/display.haml +32 -0
- data/views/users/edit.haml +11 -0
- data/views/users/identity.haml +3 -0
- data/views/users/index.haml +20 -0
- data/views/users/new.haml +11 -0
- data/views/users/profile.haml +37 -0
- data/views/users/user.haml +3 -0
- metadata +424 -0
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require 'sequel'
|
|
3
|
+
require 'bcrypt'
|
|
4
|
+
require 'digest/md5'
|
|
5
|
+
require 'active_support'
|
|
6
|
+
require 'active_support/core_ext/object/blank'
|
|
7
|
+
|
|
8
|
+
# Why not store this in Elasticsearch?
|
|
9
|
+
module ProxES
|
|
10
|
+
class User < Sequel::Model
|
|
11
|
+
one_to_many :identity
|
|
12
|
+
many_to_many :roles
|
|
13
|
+
one_to_many :audit_logs
|
|
14
|
+
|
|
15
|
+
def role?(check)
|
|
16
|
+
!roles_dataset.first(name: check).nil?
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def method_missing(method_sym, *arguments, &block)
|
|
20
|
+
if method_sym.to_s[-1] == '?'
|
|
21
|
+
role?(method_sym[0..-2])
|
|
22
|
+
else
|
|
23
|
+
super
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def respond_to_missing?(name, _include_private = false)
|
|
28
|
+
name[-1] == '?'
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def gravatar
|
|
32
|
+
hash = Digest::MD5.hexdigest(email.downcase)
|
|
33
|
+
"https://www.gravatar.com/avatar/#{hash}"
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def validate
|
|
37
|
+
validates_presence :email
|
|
38
|
+
return if email.blank?
|
|
39
|
+
validates_unique :email
|
|
40
|
+
validates_format(/\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i, :email)
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
# Add the basic roles and identity
|
|
44
|
+
def after_create
|
|
45
|
+
check_roles
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def check_roles
|
|
49
|
+
add_role Role.find_or_create(name: 'user') unless role?('user')
|
|
50
|
+
add_role Role.find_or_create(name: 'super_admin') if id == 1 && ENV['RACK_ENV'] != 'test' && !role?('super_admin')
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def index_prefix
|
|
54
|
+
email
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
module ProxES
|
|
3
|
+
class ApplicationPolicy
|
|
4
|
+
attr_reader :user, :record
|
|
5
|
+
|
|
6
|
+
def initialize(user, record)
|
|
7
|
+
@user = user
|
|
8
|
+
@record = record
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
class Scope
|
|
12
|
+
attr_reader :user, :scope
|
|
13
|
+
|
|
14
|
+
def initialize(user, scope)
|
|
15
|
+
@user = user
|
|
16
|
+
@scope = scope
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require 'proxes/policies/application_policy'
|
|
3
|
+
|
|
4
|
+
module ProxES
|
|
5
|
+
class AuditLogPolicy < ApplicationPolicy
|
|
6
|
+
def create?
|
|
7
|
+
user && user.super_admin?
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def list?
|
|
11
|
+
create?
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def read?
|
|
15
|
+
create?
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def update?
|
|
19
|
+
read?
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def delete?
|
|
23
|
+
create?
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def permitted_attributes
|
|
27
|
+
[:action]
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
class Scope < ApplicationPolicy::Scope
|
|
31
|
+
def resolve
|
|
32
|
+
if user && user.super_admin?
|
|
33
|
+
scope
|
|
34
|
+
else
|
|
35
|
+
scope.where(id: -1)
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require_relative 'application_policy'
|
|
3
|
+
|
|
4
|
+
module ProxES
|
|
5
|
+
class IdentityPolicy < ApplicationPolicy
|
|
6
|
+
def register?
|
|
7
|
+
true
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def permitted_attributes
|
|
11
|
+
[:username, :password, :password_confirmation]
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
class Scope < ApplicationPolicy::Scope
|
|
15
|
+
def resolve
|
|
16
|
+
if user.super_admin?
|
|
17
|
+
scope.all
|
|
18
|
+
else
|
|
19
|
+
[]
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require 'proxes/policies/application_policy'
|
|
3
|
+
|
|
4
|
+
module ProxES
|
|
5
|
+
class PermissionPolicy < ApplicationPolicy
|
|
6
|
+
def create?
|
|
7
|
+
user && user.super_admin?
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def list?
|
|
11
|
+
create?
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def read?
|
|
15
|
+
create?
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def update?
|
|
19
|
+
read?
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def delete?
|
|
23
|
+
create?
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def permitted_attributes
|
|
27
|
+
[:verb, :pattern, :role_id]
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
class Scope < ApplicationPolicy::Scope
|
|
31
|
+
def resolve
|
|
32
|
+
if user && user.super_admin?
|
|
33
|
+
scope
|
|
34
|
+
else
|
|
35
|
+
scope.where(id: -1)
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
module ProxES
|
|
3
|
+
class Request
|
|
4
|
+
class SearchPolicy < ProxES::RequestPolicy
|
|
5
|
+
class Scope < ProxES::RequestPolicy::Scope
|
|
6
|
+
def resolve
|
|
7
|
+
patterns = ProxES::Permission.where(verb: 'INDEX', role: user.roles).map do |permission|
|
|
8
|
+
permission.pattern.gsub(/\{user.(.*)\}/) { |match| user.send(Regexp.last_match[1].to_sym) }
|
|
9
|
+
end
|
|
10
|
+
filter scope.index, patterns
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
module ProxES
|
|
3
|
+
class Request
|
|
4
|
+
class StatsPolicy < ProxES::RequestPolicy
|
|
5
|
+
class Scope < ProxES::RequestPolicy::Scope
|
|
6
|
+
def resolve
|
|
7
|
+
patterns = ProxES::Permission.where(verb: 'INDEX', role: user.roles).map do |permission|
|
|
8
|
+
permission.pattern.gsub(/\{user.(.*)\}/) { |match| user.send(Regexp.last_match[1].to_sym) }
|
|
9
|
+
end
|
|
10
|
+
filter scope.index, patterns
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require 'proxes/db'
|
|
3
|
+
require 'proxes/models/permission'
|
|
4
|
+
require 'proxes/services/logger'
|
|
5
|
+
require 'proxes/helpers/indices'
|
|
6
|
+
|
|
7
|
+
module ProxES
|
|
8
|
+
class RequestPolicy
|
|
9
|
+
include Helpers::Indices
|
|
10
|
+
|
|
11
|
+
attr_reader :user, :record
|
|
12
|
+
|
|
13
|
+
def initialize(user, record)
|
|
14
|
+
@user = user
|
|
15
|
+
@record = record
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def method_missing(method_sym, *arguments, &block)
|
|
19
|
+
if method_sym.to_s[-1] == '?'
|
|
20
|
+
return false if user.nil?
|
|
21
|
+
require 'pry'
|
|
22
|
+
# binding.pry
|
|
23
|
+
|
|
24
|
+
if record.indices?
|
|
25
|
+
patterns = ProxES::Permission.where(verb: 'INDEX', role: user.roles).map do |permission|
|
|
26
|
+
permission.pattern.gsub(/\{user.(.*)\}/) { |match| user.send(Regexp.last_match[1].to_sym) }
|
|
27
|
+
end
|
|
28
|
+
return filter(record.index, patterns).count.positive?
|
|
29
|
+
else
|
|
30
|
+
# Give me all the user's permissions that match the verb
|
|
31
|
+
ProxES::Permission.where(verb: method_sym[0..-2].upcase, role: user.roles).each do |permission|
|
|
32
|
+
return true if record.path =~ %r{#{permission.pattern}}
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
false
|
|
36
|
+
else
|
|
37
|
+
super
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
def respond_to_missing?(name, _include_private = false)
|
|
42
|
+
name[-1] == '?'
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def logger
|
|
46
|
+
@logger ||= ProxES::Services::Logger.instance
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
class Scope
|
|
50
|
+
include Helpers::Indices
|
|
51
|
+
|
|
52
|
+
attr_reader :user, :scope
|
|
53
|
+
|
|
54
|
+
def initialize(user, scope)
|
|
55
|
+
@user = user
|
|
56
|
+
@scope = scope
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def logger
|
|
60
|
+
@logger ||= ProxES::Services::Logger.instance
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
require 'proxes/policies/request/root_policy'
|
|
67
|
+
require 'proxes/policies/request/stats_policy'
|
|
68
|
+
require 'proxes/policies/request/search_policy'
|
|
69
|
+
require 'proxes/policies/request/snapshot_policy'
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require 'proxes/policies/application_policy'
|
|
3
|
+
|
|
4
|
+
module ProxES
|
|
5
|
+
class RolePolicy < ApplicationPolicy
|
|
6
|
+
def create?
|
|
7
|
+
user && user.super_admin?
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def list?
|
|
11
|
+
create?
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def read?
|
|
15
|
+
create?
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def update?
|
|
19
|
+
read?
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def delete?
|
|
23
|
+
create?
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def permitted_attributes
|
|
27
|
+
[:name]
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
class Scope < ApplicationPolicy::Scope
|
|
31
|
+
def resolve
|
|
32
|
+
if user && user.super_admin?
|
|
33
|
+
scope
|
|
34
|
+
else
|
|
35
|
+
scope.where(id: -1)
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require_relative 'application_policy'
|
|
3
|
+
|
|
4
|
+
module ProxES
|
|
5
|
+
class TokenPolicy < ApplicationPolicy
|
|
6
|
+
def create?
|
|
7
|
+
user.super_admin?
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def list?
|
|
11
|
+
create?
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def read?
|
|
15
|
+
record.id == user.id || user.super_admin?
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def update?
|
|
19
|
+
read?
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def delete?
|
|
23
|
+
create?
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def register?
|
|
27
|
+
true
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def permitted_attributes
|
|
31
|
+
attribs = [:email, :name, :surname]
|
|
32
|
+
attribs << :role if user.super_admin?
|
|
33
|
+
attribs
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
class Scope < ApplicationPolicy::Scope
|
|
37
|
+
def resolve
|
|
38
|
+
if user.super_admin?
|
|
39
|
+
scope.all
|
|
40
|
+
else
|
|
41
|
+
[]
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require 'proxes/policies/application_policy'
|
|
3
|
+
|
|
4
|
+
module ProxES
|
|
5
|
+
class UserPolicy < ApplicationPolicy
|
|
6
|
+
def create?
|
|
7
|
+
user && user.super_admin?
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def list?
|
|
11
|
+
create?
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def read?
|
|
15
|
+
user && (record.id == user.id || user.super_admin?)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def update?
|
|
19
|
+
read?
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def delete?
|
|
23
|
+
create?
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def register?
|
|
27
|
+
true
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def permitted_attributes
|
|
31
|
+
attribs = [:email, :name, :surname]
|
|
32
|
+
attribs << :role_id if user.super_admin?
|
|
33
|
+
attribs
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
class Scope < ApplicationPolicy::Scope
|
|
37
|
+
def resolve
|
|
38
|
+
if user && user.super_admin?
|
|
39
|
+
scope
|
|
40
|
+
else
|
|
41
|
+
scope.where(id: -1)
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|