proxes 0.7.1 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: eed2284d92cc9aaca2f123158ba6b77c65d233d8
-  data.tar.gz: 06ddda4291562439c7589f8faaa096d798b343f8
+  metadata.gz: 110bfadb9580417402ed8e47ae66a39c2d2347ac
+  data.tar.gz: 48eb4c42bf8de55da0dea02bf8607ba6540c7d52
 SHA512:
-  metadata.gz: bd168ddee066078b4a76ba837bdef0dd26166ecf8024b9fbfec9fe794d2d71bedb3487c71ebdce9c88e040abeb8ee69edfbdef8f85f0dc3745fb2178c499f99f
-  data.tar.gz: 9b60352a20958278555b3a3688547187e669917bc41b1a7145368603a77d98b84d923feb4cf567fceee47d65b82e3cb9677bae4caf0963bdc7ed7b22f5749255
+  metadata.gz: 2fffacb9260796bff10b93befcb696e0e4bbd65a4759b0cbd7a69f09b0c81b7c72618cecf4ebc0fc9c11cc0981b2ce194a99e757db40fd55ffd3e6da7a2cb8ca
+  data.tar.gz: befa0e27737533a6a1d50c3a0c5070ecb85931a582c735ce41c0993ad9fed5d3a4f803b729e8a1aff39b491b6a7b4baa877623e8559a4c899c6a3c01acc38f59

data/.gitignore

@@ -1,4 +1,5 @@
 /.bundle/
+/vendor
 /.yardoc
 /Gemfile.lock
 /_yardoc/

data/.rubocop.yml

@@ -12,4 +12,4 @@ Style/LeadingCommentSpace:
     - 'config.ru'
 
 AllCops:
-  TargetRubyVersion: 1.9
+  TargetRubyVersion: 2.2

data/.travis.yml

@@ -4,9 +4,6 @@ rvm:
   - 2.4.0
   - 2.3.3
   - 2.2.6
-  - 2.1.10
-  - 2.0.0
-  - 1.9.3
 gemfile: Gemfile.ci
 env:
   - DATABASE_URL="sqlite::memory:" ELASTICSEARCH_URL="http://localhost:9200" RACK_ENV=test

data/Gemfile.ci

@@ -3,9 +3,12 @@ source 'https://rubygems.org'
 
 gemspec
 
-gem 'sqlite3'
-gem 'simplecov', '~> 0.13.0'
 gem 'codeclimate-test-reporter', '~> 1.0.0'
+gem 'dotenv'
+gem 'rspec'
+gem 'rubocop'
+gem 'simplecov', '~> 0.13.0'
+gem 'sqlite3'
 
 if RUBY_VERSION < '2.1'
   gem 'sidekiq', '3.0.0'

data/README.md

@@ -6,13 +6,6 @@
 
 ProxES provides a management interface and security layer for Elasticsearch.
 
-## Getting Started
-
-This is a full application that requires some setup. The following complete setup
-scripts are available:
-
-* [Ubuntu](https://gist.github.com/jrgns/979a6d3ea7cc94db671551227fd6469a#file-setup-ubuntu-sh)
-
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -41,12 +34,22 @@ gem install proxes
 4. Create and populate the DB and secret tokens:
 
 ```bash
+bundle exec rake proxes:prep
+bundle exec rake proxes:generate_tokens
 bundle exec rake proxes:migrate
 bundle exec rake proxes:seed
-bundle exec rake proxes:generate_tokens
+bundle exec whenever --update-crontab
+```
+
+5. Create the necessary folders:
+
+```bash
+mkdir tmp
+mkdir logs
+mkdir config
 ```
 
-5. Start up the web app: `bundle exec rackup`
+6. Start up the web app: `bundle exec rackup`
 
 ## Components
 

data/Rakefile

@@ -1,10 +1,15 @@
 # frozen_string_literal: true
 
+require 'dotenv/load'
+
 require 'rake'
-require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
-require 'proxes/rake_tasks'
+require 'proxes'
 
-RSpec::Core::RakeTask.new(:spec)
+begin
+  require 'rspec/core/rake_task'
+  RSpec::Core::RakeTask.new(:spec)
+  task default: :spec
+rescue LoadError
+end
 
-task default: :spec
+require 'ditty/rake_tasks'

data/Vagrantfile

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 
@@ -44,7 +45,3 @@ Vagrant.configure(2) do |config|
     # npm install --no-bin-links
   SHELL
 end
-
-# create user proxes with password 'somethingrandom';
-# create database proxes;
-# grant all privileges on database proxes to proxes;

data/config.ru

@@ -1,42 +1,50 @@
 # frozen_string_literal: true
+
 libdir = File.expand_path(File.dirname(__FILE__) + '/lib')
 $LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
 
-raise 'Unconfigured' unless ENV['ELASTICSEARCH_URL']
-
+require 'dotenv/load'
 require 'proxes'
-require 'proxes/omniauth'
+require 'proxes/proxes'
+require 'rack/protection'
+ProxES::Container.plugin(:proxes)
+
 use Rack::Session::Cookie,
     key: '_ProxES_session',
-    #:secure=>!TEST_MODE, # Uncomment if only allowing https:// access
+    # :secure=>!TEST_MODE, # Uncomment if only allowing https:// access
     secret: File.read('.session_secret')
+use Rack::Protection::RemoteToken
+use Rack::Protection::SessionHijacking
 
-use OmniAuth::Builder do
-  # The identity provider is used by the App.
-  provider :identity,
-           fields: [:username],
-           callback_path: '/_proxes/auth/identity/callback',
-           model: ProxES::Identity,
-           on_login: ProxES::AuthIdentity,
-           on_registration: ProxES::AuthIdentity,
-           locate_conditions: ->(req) { { username: req['username'] } }
-end
-OmniAuth.config.on_failure = ProxES::AuthIdentity
+map '/_proxes' do
+  require 'proxes/omniauth'
 
-# Management App
-require 'proxes/proxes'
-ProxES::Container.plugin(:proxes)
+  use OmniAuth::Builder do
+    configure do |config|
+      config.path_prefix = '/auth'
+      config.on_failure = ProxES::App
+    end
 
-map '/_proxes' do
-  run Rack::URLMap.new ProxES::Container.routes
+    # The identity provider is used by the App.
+    provider :identity,
+             fields: [:username],
+             callback_path: '/auth/identity/callback',
+             model: ProxES::Identity,
+             on_login: ProxES::App,
+             on_registration: ProxES::App,
+             locate_conditions: ->(req) { { username: req['username'] } }
+  end
+
+  run Rack::URLMap.new Ditty.routes
 end
 
-# Proxy all Elasticsearch requests
-require 'proxes/security'
-require 'proxes/forwarder'
 map '/' do
+  # Proxy all Elasticsearch requests
+  require 'proxes/security'
+  require 'proxes/forwarder'
+
   # Security
-  use ProxES::Security, ProxES::Services::Logger.instance
+  use ProxES::Security, Ditty::Services::Logger.instance
   use Rack::ContentLength
 
   # Forward requests to ES

data/lib/{proxes → ditty/components}/proxes.rb

@@ -1,66 +1,59 @@
 # frozen_string_literal: true
 
-module ProxES
+require 'ditty'
+
+module Ditty
   class ProxES
-    def self.migration_folder
-      File.expand_path('../../../migrate', __FILE__)
+    def self.migrations
+      File.expand_path('../../../../migrate', __FILE__)
     end
 
     def self.view_folder
-      File.expand_path('../../../views', __FILE__)
+      File.expand_path('../../../../views', __FILE__)
     end
 
     def self.public_folder
-      File.expand_path('../../../public', __FILE__)
+      File.expand_path('../../../../public', __FILE__)
     end
 
-    def self.route_mappings
-      controllers = File.expand_path('../controllers', __FILE__)
+    def self.routes
+      controllers = File.expand_path('../../../proxes/controllers', __FILE__)
       Dir.glob("#{controllers}/*.rb").each { |f| require f }
       {
-        '/' => ::ProxES::App,
-        '/users' => ::ProxES::Users,
-        '/roles' => ::ProxES::Roles,
-        '/permissions' => ::ProxES::Permissions,
-        '/audit-logs' => ::ProxES::AuditLogs
+        '/permissions' => ::ProxES::Permissions
       }
     end
 
-    def self.nav_items
-      {
-        group: 'Security',
-        order: 20,
-        icon: 'lock',
-        items: [
-          { order: 0, link: '/users/', text: 'Users', target: User, icon: 'user' },
-          { order: 1, link: '/roles/', text: 'Roles', target: Role, icon: 'group' },
-          { order: 2, link: '/permissions/', text: 'Permissions', target: Permission, icon: 'check-square' },
-          { order: 3, link: '/audit-logs/', text: 'Audit Logs', target: AuditLog, icon: 'history' }
-        ]
-      }
+    def self.navigation
+      require 'proxes/models/permission'
+
+      [
+        { order: 2, link: '/permissions/', text: 'Permissions', target: ::ProxES::Permission, icon: 'check-square' }
+      ]
     end
 
     def self.seeder
       proc do
-        require 'proxes/models/user'
-        require 'proxes/models/role'
+        require 'ditty/models/user'
+        require 'ditty/models/role'
+        require 'proxes/models/permission'
 
-        sa = ::ProxES::Role.find_or_create(name: 'super_admin')
+        sa = ::Ditty::Role.find_or_create(name: 'super_admin')
         %w[GET POST PUT DELETE HEAD OPTIONS INDEX].each do |verb|
           ::ProxES::Permission.find_or_create(role: sa, verb: verb, pattern: '.*')
         end
-        ::ProxES::Role.find_or_create(name: 'admin')
-        user_role = ::ProxES::Role.find_or_create(name: 'user')
+        ::Ditty::Role.find_or_create(name: 'admin')
+        user_role = ::Ditty::Role.find_or_create(name: 'user')
 
         # Kibana Specific
-        anon = ::ProxES::User.find_or_create(email: 'anonymous@proxes.io')
+        anon = ::Ditty::User.find_or_create(email: 'anonymous@proxes.io')
         anon.remove_role user_role
-        anon_role = ::ProxES::Role.find_or_create(name: 'anonymous')
+        anon_role = ::Ditty::Role.find_or_create(name: 'anonymous')
         anon.add_role anon_role unless anon.role?('anonymous')
         ::ProxES::Permission.find_or_create(role: anon_role, verb: 'GET', pattern: '/.kibana/config/*')
         ::ProxES::Permission.find_or_create(role: anon_role, verb: 'INDEX', pattern: '.kibana')
 
-        kibana = ::ProxES::Role.find_or_create(name: 'kibana')
+        kibana = ::Ditty::Role.find_or_create(name: 'kibana')
         ::ProxES::Permission.find_or_create(role: kibana, verb: 'INDEX', pattern: '.kibana')
         ::ProxES::Permission.find_or_create(role: kibana, verb: 'HEAD', pattern: '/')
         ::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_nodes*')
@@ -75,4 +68,4 @@ module ProxES
   end
 end
 
-ProxES::Container::Plugins.register_plugin(:proxes, ProxES::ProxES)
+Ditty::Components.register_component(:proxes, Ditty::ProxES)

data/lib/proxes/controllers/permissions.rb

@@ -1,16 +1,17 @@
 # frozen_string_literal: true
 
-require 'proxes/controllers/component'
+require 'ditty/controllers/component'
 require 'proxes/models/permission'
 require 'proxes/policies/permission_policy'
 
 module ProxES
-  class Permissions < Component
+  class Permissions < Ditty::Component
     set model_class: Permission
 
     def find_template(views, name, engine, &block)
       super(views, name, engine, &block) # Root
-      super(::ProxES::ProxES.view_folder, name, engine, &block) # Basic Plugin
+      super(::Ditty::ProxES.view_folder, name, engine, &block) # This Component
+      super(::Ditty::App.view_folder, name, engine, &block) # Ditty
     end
   end
 end

data/lib/proxes/models/permission.rb

@@ -1,13 +1,15 @@
 # frozen_string_literal: true
 
-require 'proxes/models/base'
+require 'ditty/models/base'
+require 'ditty/models/user'
+require 'ditty/models/role'
 
 module ProxES
   class Permission < Sequel::Model
-    include ::ProxES::Base
+    include ::Ditty::Base
 
-    many_to_one :role
-    many_to_one :user
+    many_to_one :role, class: ::Ditty::Role
+    many_to_one :user, class: ::Ditty::User
 
     dataset_module do
       def for_user(a_user, action)
@@ -16,7 +18,7 @@ module ProxES
     end
 
     def validate
-      validates_presence [:verb, :pattern]
+      validates_presence %i[verb pattern]
       validates_presence :role_id unless user_id
       validates_presence :user_id unless role_id
       validates_includes self.class.verbs, :verb

data/lib/proxes/policies/permission_policy.rb

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
-require 'proxes/policies/application_policy'
+require 'ditty/policies/application_policy'
 
 module ProxES
-  class PermissionPolicy < ApplicationPolicy
+  class PermissionPolicy < Ditty::ApplicationPolicy
     def create?
       user && user.super_admin?
     end
@@ -25,10 +25,10 @@ module ProxES
     end
 
     def permitted_attributes
-      [:verb, :pattern, :role_id, :user_id]
+      %i[verb pattern role_id user_id]
     end
 
-    class Scope < ApplicationPolicy::Scope
+    class Scope < Ditty::ApplicationPolicy::Scope
       def resolve
         user && user.super_admin? ? scope : scope.where(id: -1)
       end

data/lib/proxes/policies/request/index_policy.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'proxes/db'
+require 'ditty/db'
 require 'proxes/models/permission'
 require 'proxes/policies/request_policy'
 

data/lib/proxes/policies/request_policy.rb

@@ -1,9 +1,8 @@
 # frozen_string_literal: true
 
-require 'proxes/db'
 require 'proxes/models/permission'
-require 'proxes/services/logger'
 require 'proxes/helpers/indices'
+require 'ditty/services/logger'
 
 module ProxES
   class RequestPolicy
@@ -48,7 +47,7 @@ module ProxES
     end
 
     def logger
-      @logger ||= ProxES::Services::Logger.instance
+      @logger ||= Ditty::Services::Logger.instance
     end
 
     class Scope
@@ -62,7 +61,7 @@ module ProxES
       end
 
       def logger
-        @logger ||= ProxES::Services::Logger.instance
+        @logger ||= Ditty::Services::Logger.instance
       end
 
       def resolve

data/lib/proxes/policies/token_policy.rb

@@ -29,7 +29,7 @@ module ProxES
     end
 
     def permitted_attributes
-      attribs = [:email, :name, :surname]
+      attribs = %i[email name surname]
       attribs << :role if user.super_admin?
       attribs
     end

data/lib/proxes/request/cat.rb

@@ -11,8 +11,8 @@ module ProxES
       def index=(idx)
         @index = idx
         self.path_info = '/' + [endpoint, type, index].compact
-                         .map { |v| v.is_a?(Array) ? v.join(',') : v }
-                         .select { |v| !v.nil? && v != '' }.join('/')
+                                                      .map { |v| v.is_a?(Array) ? v.join(',') : v }
+                                                      .select { |v| !v.nil? && v != '' }.join('/')
       end
 
       def endpoint

data/lib/proxes/request/index.rb

@@ -11,8 +11,8 @@ module ProxES
       def index=(idx)
         @index = idx
         self.path_info = '/' + [index, type, id].compact
-                         .map { |v| v.is_a?(Array) ? v.join(',') : v }
-                         .select { |v| !v.nil? && v != '' }.join('/')
+                                                .map { |v| v.is_a?(Array) ? v.join(',') : v }
+                                                .select { |v| !v.nil? && v != '' }.join('/')
       end
 
       def parse

data/lib/proxes/request.rb

@@ -52,7 +52,7 @@ module ProxES
 
     def check_part(val)
       return val if val.nil?
-      return [] if ([endpoint, '_all'].include?(val) && !WRITE_METHODS.include?(request_method))
+      return [] if [endpoint, '_all'].include?(val) && !WRITE_METHODS.include?(request_method)
       val.split(',')
     end
   end

data/lib/proxes/security.rb

@@ -1,26 +1,24 @@
 # frozen_string_literal: true
 
-require 'proxes/models/identity'
-require 'proxes/services/logger'
 require 'proxes/request'
 require 'proxes/policies/request_policy'
-require 'proxes/helpers/pundit'
-require 'proxes/helpers/authentication'
-require 'proxes/helpers/wisper'
-require 'proxes/services/logger'
+require 'ditty/services/logger'
+require 'ditty/helpers/pundit'
+require 'ditty/helpers/authentication'
+require 'ditty/helpers/wisper'
 
 module ProxES
   class Security
     attr_reader :env, :logger
 
-    include Helpers::Authentication
-    include Helpers::Pundit
-    include Helpers::Wisper
+    include Ditty::Helpers::Authentication
+    include Ditty::Helpers::Pundit
+    include Ditty::Helpers::Wisper
     include Wisper::Publisher
 
     def initialize(app, logger = nil)
       @app = app
-      @logger = logger || Services::Logger.instance
+      @logger = logger || ::Ditty::Services::Logger.instance
     end
 
     def error(message, code = 500)
@@ -31,12 +29,12 @@ module ProxES
 
     def check(request)
       check_basic request
-      authorize request
+      authorize request, request.request_method.downcase
     rescue Pundit::NotAuthorizedError
       log_action(:es_request_denied, details: "#{request.request_method.upcase} #{request.fullpath} (#{request.class.name})")
       logger.debug "Access denied for #{current_user ? current_user.email : 'Anonymous User'} by security layer: #{request.request_method.upcase} #{request.fullpath} (#{request.class.name})"
       error 'Not Authorized', 401
-    rescue ::ProxES::Helpers::NotAuthenticated
+    rescue ::Ditty::Helpers::NotAuthenticated
       logger.warn "Access denied for unauthenticated request by security layer: #{request.request_method.upcase} #{request.fullpath} (#{request.class.name})"
       error 'Not Authenticated', 401
     rescue StandardError => e

data/lib/proxes/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ProxES
-  VERSION = '0.7.1'.freeze
+  VERSION = '0.8.0'.freeze
 end

data/lib/proxes.rb

@@ -1,6 +1,4 @@
 # frozen_string_literal: true
 
 require 'proxes/version'
-require 'proxes/container'
-require 'proxes/db' if ENV['DATABASE_URL']
-require 'proxes/listener'
+require 'ditty/components/proxes'

data/migrate/20170207_base_tables.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 Sequel.migration do
   change do
     create_table :users do
@@ -41,7 +42,7 @@ Sequel.migration do
       DateTime :created_at
       foreign_key :user_id, :users
       foreign_key :role_id, :roles
-      unique [:user_id, :role_id]
+      unique %i[user_id role_id]
     end
   end
 end

data/migrate/20170208_audit_log.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 Sequel.migration do
   change do
     create_table :audit_logs do

data/proxes.gemspec

@@ -1,5 +1,5 @@
-# coding: utf-8
 # frozen_string_literal: true
+
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'proxes/version'
@@ -13,7 +13,7 @@ Gem::Specification.new do |spec|
   spec.summary       = 'Rack wrapper around Elasticsearch to provide security and management features'
   spec.description   = 'Rack wrapper around Elasticsearch to provide security and management features'
   spec.homepage      = 'https://github.com/eagerelk/proxes'
-  spec.license       = 'LGPLv3'
+  spec.license       = 'LGPL-3.0'
 
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.bindir        = 'exe'
@@ -28,22 +28,23 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'factory_girl'
   spec.add_development_dependency 'timecop'
 
+  spec.add_dependency 'ditty', '>= 0.2'
   spec.add_dependency 'activesupport', '>= 3'
-  spec.add_dependency 'rake', '~> 10.0'
-  spec.add_dependency 'rack-contrib', '~> 1.4'
-  spec.add_dependency 'sinatra', '~> 1.0'
-  spec.add_dependency 'sinatra-flash', '~> 0.3'
-  spec.add_dependency 'sinatra-contrib', '~> 1.0'
+  spec.add_dependency 'bcrypt', '~> 3.0'
   spec.add_dependency 'elasticsearch', '>= 2'
+  spec.add_dependency 'haml', '~> 5.0'
+  spec.add_dependency 'highline', '~> 1.7'
   spec.add_dependency 'logger', '~> 1.0'
-  spec.add_dependency 'pundit', '~> 1.0'
-  spec.add_dependency 'sequel', '~> 4.0'
-  spec.add_dependency 'bcrypt', '~> 3.0'
   spec.add_dependency 'omniauth', '~> 1.0'
-  spec.add_dependency 'omniauth-identity', '~> 1.0'
   spec.add_dependency 'omniauth-http-basic', '~> 1.0'
-  spec.add_dependency 'haml', '~> 4.0'
-  spec.add_dependency 'wisper', '~> 2.0'
-  spec.add_dependency 'highline', '~> 1.7'
+  spec.add_dependency 'omniauth-identity', '~> 1.0'
+  spec.add_dependency 'pundit', '~> 1.0'
+  spec.add_dependency 'rack-contrib', '~> 1.0'
+  spec.add_dependency 'rake', '~> 12.0'
+  spec.add_dependency 'sequel', '~> 4.0'
+  spec.add_dependency 'sinatra', '~> 2.0'
+  spec.add_dependency 'sinatra-contrib', '~> 2.0'
+  spec.add_dependency 'sinatra-flash', '~> 0.3'
   spec.add_dependency 'tilt', '>= 2'
+  spec.add_dependency 'wisper', '~> 2.0'
 end