proxes 0.9.13 → 0.10.1

data/lib/proxes/request/search.rb

@@ -32,6 +32,10 @@ module ProxES
       def indices?
         type != ['scroll']
       end
+
+      def indices
+        @index || []
+      end
     end
   end
 end

data/lib/proxes/request/stats.rb

@@ -30,6 +30,10 @@ module ProxES
       def indices?
         true
       end
+
+      def indices
+        @index || []
+      end
     end
   end
 end

data/lib/proxes/services/es.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 require 'openssl'
+require 'typhoeus'
+require 'typhoeus/adapters/faraday'
 require 'elasticsearch'
 require 'ditty/services/logger'
 
@@ -16,7 +18,9 @@ module ProxES
               cert_store: ssl_store
             }
           },
-          logger: Ditty::Services::Logger.instance
+          log: ENV['APP_ENV'] == 'development',
+          logger: Ditty::Services::Logger,
+          request_timeout: (ENV['ELASTICSEARCH_REQUEST_TIMEOUT'] || 300).to_i
         )
       end
 

data/lib/proxes/services/listener.rb

@@ -3,26 +3,49 @@
 require 'wisper'
 require 'ditty/models/audit_log'
 require 'ditty/services/logger'
+require 'browser/browser'
 
 module ProxES
   class Listener
+    def user_login(details)
+      target = details[:target]
+      if target.request.session['omniauth.origin'].nil? && target.request.accept?('text/html')
+        target.request.session['omniauth.origin'] = '/_proxes'
+      end
+    end
+
     def es_request_failed(request, response)
       Ditty::AuditLog.create(
-        action: :es_request_failed,
-        user: request.user,
-        details: "#{request.detail} > #{response[0]}"
+        user_traits(request).merge(
+          action: :es_request_failed,
+          user: request.user,
+          details: "#{request.detail} > #{response[0]}"
+        )
       )
     end
 
     def es_request_denied(request, exception = nil)
       detail = request.detail
       detail = "#{detail} - #{exception.class}" if exception
+      Ditty::Services::Logger.error exception if exception
       Ditty::AuditLog.create(
-        action: :es_request_denied,
-        user: request.user,
-        details: detail
+        user_traits(request).merge(
+          action: :es_request_denied,
+          user: request.user,
+          details: detail
+        )
       )
     end
+
+    def user_traits(request)
+      browser = Browser.new(request.user_agent, accept_language: request.env['HTTP_ACCEPT_LANGUAGE'])
+      {
+        platform: browser.platform.name,
+        device: browser.device.name,
+        browser: browser.name,
+        ip_address: request.ip
+      }
+    end
   end
 end
 

data/lib/proxes/services/search.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'proxes/services/es'
 
 # TODO: This needs to be filtered.
@@ -9,7 +11,7 @@ module ProxES
         include ES
 
         def indices
-          client.indices.get_mapping(index: '_all').keys
+          client.indices.get_mapping(index: '_all', ignore: 404).keys
         end
 
         def fields(index: '_all', names_only: false)
@@ -17,6 +19,7 @@ module ProxES
           client.indices.get_mapping(index: index).each do |_idx, index_map|
             index_map['mappings'].each do |_type, type_map|
               next if type_map['properties'].nil?
+
               type_map['properties'].each do |name, details|
                 if details['type'] != 'keyword' && details['fields'] && (names_only == false)
                   keyword = details['fields'].find do |v|

data/lib/proxes/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ProxES
-  VERSION = '0.9.13'.freeze
+  VERSION = '0.10.1'
 end

data/migrate/20180908_index_specific_permissions.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+Sequel.migration do
+  change do
+    alter_table :permissions do
+      add_column :index, String, default: '*', null: false
+    end
+  end
+end

data/migrate/20190109_add_status_checks_table.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+Sequel.migration do
+  change do
+    create_table :status_checks do
+      primary_key :id
+      String :type, nullable: false
+      String :name, nullable: false
+      String :source, nullable: false
+      String :required_value, nullable: true, default: nil
+      Integer :order, nullable: false, default: 1
+      DateTime :created_at, default: Sequel::CURRENT_TIMESTAMP
+      DateTime :updated_at, default: Sequel::CURRENT_TIMESTAMP
+      unique [:name]
+    end
+  end
+end

data/views/layout.haml

@@ -6,13 +6,13 @@
     %meta{ name: 'viewport', content: 'width=device-width, initial-scale=1' }
     %meta{ name: 'theme-color', content: '#ffffff' }
     %link{ rel: 'manifest', href: '/_proxes/manifest.json' }
-    %link{ rel: 'icon', type: 'image/png', sizes: '32x32', href: '/_proxes/images/favicon-32x32.png' }
-    %link{ rel: 'icon', type: 'image/png', sizes: '16x16', href: '/_proxes/images/favicon-16x16.png' }
+    %link{ rel: 'shortcut icon', type: 'image/png', sizes: '32x32', href: '/_proxes/images/favicon-32x32.png' }
+    %link{ rel: 'shortcut icon', type: 'image/png', sizes: '16x16', href: '/_proxes/images/favicon-16x16.png' }
     %link{ rel: 'apple-touch-icon', sizes: '76x76', href: '/_proxes/images/apple-icon.png' }
     %link{ rel: 'mask-icon', href: '/_proxes/images/safari-pinned-tab.svg', color: '#5bbad5' }
 
     %title
-      ProxES
+      = config('ditty.title', 'ProxES')
       - if defined? title
         = "- #{title}"
 
@@ -24,6 +24,8 @@
     %link{ rel: 'stylesheet', href: 'https://cdnjs.cloudflare.com/ajax/libs/startbootstrap-sb-admin-2/3.3.7+1/css/sb-admin-2.min.css', media: 'screen' }
     %link{ rel: 'stylesheet', href: 'https://cdnjs.cloudflare.com/ajax/libs/metisMenu/2.5.2/metisMenu.min.css', media: 'screen' }
     %link{ rel: 'stylesheet', href: 'https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css', media: 'screen' }
+    %link{ rel: 'stylesheet', href: 'https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/css/select2.min.css', media: 'screen' }
+    %link{ rel: 'stylesheet', href: '/_proxes/css/typeahead.css', media: 'screen' }
     /[if lt IE 9] <script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js"></script>
     /[if lt IE 9] <script src="https://cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js"></script>
 
@@ -33,11 +35,17 @@
   %body
     #wrapper
       = haml :'partials/navbar', locals: { title: (defined?(title) ? title : 'ProxES') }
-      #page-wrapper{ style: 'opacity: 0.8' }
+      #page-wrapper
+        -if defined?(title) || defined?(actions)
+          .row
+            %h1.col-md-9= defined?(title) ? title : '&nbsp'
+            .col-md-3.text-right{ style: 'margin-top: 20px' }
+              = haml :'partials/actions', locals: { actions: defined?(actions) ? actions : {} }
+        -else
+          %div{ style: 'padding-top: 20px' }
+
         .row
           .col-md-12
-            -if defined? title
-              %h1.page-header= title
             = haml :'partials/notifications'
 
         = yield
@@ -52,9 +60,12 @@
     %script{ type: 'text/javascript', src: 'https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js' }
     %script{ type: 'text/javascript', src: 'https://cdnjs.cloudflare.com/ajax/libs/react/15.4.1/react.min.js' }
     %script{ type: 'text/javascript', src: 'https://cdnjs.cloudflare.com/ajax/libs/react/15.4.1/react-dom.min.js' }
+    %script{ type: 'text/javascript', src: 'https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/js/select2.min.js' }
+    %script{ type: 'text/javascript', src: '/_proxes/js/typeahead.bundle.min.js' }
     %script{ type: 'text/javascript', src: '/_proxes/js/bundle.js' }
     :javascript
         $(function() {
             $('.sidebar-nav').metisMenu();
+            $('.select2').select2();
         });
 

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: proxes
 version: !ruby/object:Gem::Version
-  version: 0.9.13
+  version: 0.10.1
 platform: ruby
 authors:
 - Jurgens du Toit
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-09-06 00:00:00.000000000 Z
+date: 2019-02-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.12'
+        version: '1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.12'
+        version: '1'
 - !ruby/object:Gem::Dependency
   name: database_cleaner
   requirement: !ruby/object:Gem::Requirement
@@ -94,6 +94,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec_sequel_matchers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.4.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.4.0
+- !ruby/object:Gem::Dependency
+  name: sequel-annotate
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
@@ -150,20 +178,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: browser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
 - !ruby/object:Gem::Dependency
   name: ditty
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.7.0
+        version: 0.8.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.7.0
+        version: 0.8.0
 - !ruby/object:Gem::Dependency
   name: elasticsearch
   requirement: !ruby/object:Gem::Requirement
@@ -234,20 +276,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
-- !ruby/object:Gem::Dependency
-  name: net-http-persistent
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
@@ -402,6 +430,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '2'
+- !ruby/object:Gem::Dependency
+  name: typhoeus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: wisper
   requirement: !ruby/object:Gem::Requirement
@@ -432,30 +474,43 @@ files:
 - lib/proxes/controllers/permissions.rb
 - lib/proxes/controllers/search.rb
 - lib/proxes/controllers/status.rb
+- lib/proxes/controllers/status_checks.rb
 - lib/proxes/forwarder.rb
-- lib/proxes/helpers/indices.rb
 - lib/proxes/loggers/elasticsearch.rb
 - lib/proxes/middleware/error_handling.rb
 - lib/proxes/middleware/metrics.rb
 - lib/proxes/middleware/security.rb
 - lib/proxes/models/permission.rb
+- lib/proxes/models/status_check.rb
+- lib/proxes/models/status_checks/cluster_health_status_check.rb
+- lib/proxes/models/status_checks/cpu_status_check.rb
+- lib/proxes/models/status_checks/file_system_status_check.rb
+- lib/proxes/models/status_checks/jvm_heap_status_check.rb
+- lib/proxes/models/status_checks/memory_status_check.rb
+- lib/proxes/models/status_checks/nodes_status_check.rb
 - lib/proxes/policies/permission_policy.rb
 - lib/proxes/policies/request/bulk_policy.rb
 - lib/proxes/policies/request/cat_policy.rb
 - lib/proxes/policies/request/create_policy.rb
 - lib/proxes/policies/request/index_policy.rb
+- lib/proxes/policies/request/mget_policy.rb
+- lib/proxes/policies/request/msearch_policy.rb
 - lib/proxes/policies/request/root_policy.rb
 - lib/proxes/policies/request/search_policy.rb
 - lib/proxes/policies/request/snapshot_policy.rb
 - lib/proxes/policies/request/stats_policy.rb
 - lib/proxes/policies/request_policy.rb
 - lib/proxes/policies/search_policy.rb
+- lib/proxes/policies/status_check_policy.rb
 - lib/proxes/policies/status_policy.rb
 - lib/proxes/request.rb
 - lib/proxes/request/bulk.rb
 - lib/proxes/request/cat.rb
 - lib/proxes/request/create.rb
 - lib/proxes/request/index.rb
+- lib/proxes/request/mget.rb
+- lib/proxes/request/msearch.rb
+- lib/proxes/request/multi.rb
 - lib/proxes/request/root.rb
 - lib/proxes/request/search.rb
 - lib/proxes/request/snapshot.rb
@@ -466,6 +521,8 @@ files:
 - lib/proxes/version.rb
 - migrate/20170209_permissions.rb
 - migrate/20170416_user_specific_permissions.rb
+- migrate/20180908_index_specific_permissions.rb
+- migrate/20190109_add_status_checks_table.rb
 - public/browserconfig.xml
 - public/manifest.json
 - views/index.haml
@@ -489,8 +546,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.0.2
 signing_key: 
 specification_version: 4
 summary: Rack wrapper around Elasticsearch to provide security and management features

data/lib/proxes/helpers/indices.rb

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-
-require 'active_support'
-require 'active_support/core_ext/object/blank'
-
-module ProxES
-  module Helpers
-    module Indices
-      def filter(asked, against)
-        return against.map { |a| a.gsub(/\.\*/, '*') } if asked == ['*'] || asked.blank?
-
-        answer = []
-        against.each do |pattern|
-          answer.concat(asked.select { |idx| idx =~ /#{pattern}/ })
-        end
-        answer
-      end
-
-      def patterns
-        current_user = user || Ditty::User.anonymous_user
-        return [] if current_user.nil?
-        patterns_for('INDEX').map do |permission|
-          return nil if permission.pattern.blank?
-          permission.pattern.gsub(/\{user.(.*)\}/) { |_match| current_user.send(Regexp.last_match[1].to_sym) }
-        end.compact
-      end
-
-      def patterns_for(action)
-        current_user = user || Ditty::User.anonymous_user
-        return [] if current_user.nil?
-        Permission.for_user(current_user, action)
-      end
-    end
-  end
-end