proxes 0.9.2 → 0.9.4

data/startup.sh

@@ -4,14 +4,15 @@ set -e
 echo "DATABASE_URL: $DATABASE_URL"
 echo "ELASTICSEARCH_URL: $ELASTICSEARCH_URL"
 echo "APP_ROOT: $APP_ROOT"
+bundle show ditty
+bundle show proxes
 
 if [ "$1" = 'web-proxes' ]
 then
-  cd /usr/src/app
+  cd $APP_ROOT
   bundle exec rake ditty:generate_tokens
   bundle exec rake ditty:migrate
   bundle exec rake ditty:seed
-  crond
   exec bundle exec pumactl start "$@"
 fi
 

data/views/index.haml

@@ -0,0 +1 @@
+#react-dashboard{ 'data-elasticsearch-url' => '..'}

data/views/layout.haml

@@ -0,0 +1,60 @@
+!!! 5
+%html{ lang: 'en' }
+  %head
+    %meta{ charset: 'utf-8' }
+    %meta{ 'http-equiv' => 'X-UA-Compatible', 'content' => 'IE=edge,chrome=1' }
+    %meta{ name: 'viewport', content: 'width=device-width, initial-scale=1' }
+    %meta{ name: 'theme-color', content: '#ffffff' }
+    %link{ rel: 'manifest', href: '/_proxes/manifest.json' }
+    %link{ rel: 'icon', type: 'image/png', sizes: '32x32', href: '/_proxes/images/favicon-32x32.png' }
+    %link{ rel: 'icon', type: 'image/png', sizes: '16x16', href: '/_proxes/images/favicon-16x16.png' }
+    %link{ rel: 'apple-touch-icon', sizes: '76x76', href: '/_proxes/images/apple-icon.png' }
+    %link{ rel: 'mask-icon', href: '/_proxes/images/safari-pinned-tab.svg', color: '#5bbad5' }
+
+    %title
+      ProxES
+      - if defined? title
+        = "- #{title}"
+
+    %meta{ name: 'description', content: '' }
+    %meta{ name: 'author', content: '' }
+
+    / Le styles
+    %link{ rel: 'stylesheet', href: 'https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css', media: 'screen' }
+    %link{ rel: 'stylesheet', href: 'https://cdnjs.cloudflare.com/ajax/libs/startbootstrap-sb-admin-2/3.3.7+1/css/sb-admin-2.min.css', media: 'screen' }
+    %link{ rel: 'stylesheet', href: 'https://cdnjs.cloudflare.com/ajax/libs/metisMenu/2.5.2/metisMenu.min.css', media: 'screen' }
+    %link{ rel: 'stylesheet', href: 'https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css', media: 'screen' }
+    /[if lt IE 9] <script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js"></script>
+    /[if lt IE 9] <script src="https://cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js"></script>
+
+    %script{ type: 'text/javascript', src: 'https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/jquery.min.js' }
+    %script{ type: 'text/javascript', src: 'https://cdnjs.cloudflare.com/ajax/libs/startbootstrap-sb-admin-2/3.3.7+1/js/sb-admin-2.min.js' }
+    %script{ type: 'text/javascript', src: 'https://cdnjs.cloudflare.com/ajax/libs/metisMenu/2.5.2/metisMenu.min.js' }
+  %body
+    #wrapper
+      = haml :'partials/navbar', locals: { title: (defined?(title) ? title : 'ProxES') }
+      #page-wrapper{ style: 'opacity: 0.8' }
+        .row
+          .col-md-12
+            -if defined? title
+              %h1.page-header= title
+            = haml :'partials/notifications'
+
+        = yield
+        %footer.footer.text-muted.text-center
+          %hr
+          .copyright
+            :plain
+              &copy; <script>document.write(new Date().getFullYear())</script>, DataTools.io
+
+
+    / Placed at the end of the document so the pages load faster
+    %script{ type: 'text/javascript', src: 'https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js' }
+    %script{ type: 'text/javascript', src: 'https://cdnjs.cloudflare.com/ajax/libs/react/15.4.1/react.min.js' }
+    %script{ type: 'text/javascript', src: 'https://cdnjs.cloudflare.com/ajax/libs/react/15.4.1/react-dom.min.js' }
+    %script{ type: 'text/javascript', src: '/_proxes/js/bundle.js' }
+    :javascript
+        $(function() {
+            $('.sidebar-nav').metisMenu();
+        });
+

data/views/partials/navbar.haml

@@ -0,0 +1,25 @@
+.navbar.navbar-default.navbar-static-top{ role: 'navigation', style: 'margin-bottom: 0' }
+  .navbar-header
+    %button.navbar-toggle.collapsed{ 'type' => 'button', 'data-toggle' => 'collapse', 'data-target' => '.navbar-collapse' }
+      %span.sr-only Toggle navigation
+      %span.icon-bar
+      %span.icon-bar
+      %span.icon-bar
+    %span.navbar-brand
+      %a{ href: "#{settings.map_path}" }
+        ProxES
+
+  -if authenticated?
+    %form.nav.navbar-top-links.navbar-form.navbar-right{ action: "#{settings.map_path}/auth/identity", method: 'post' }
+      %a.btn.btn-default{ href: "#{settings.map_path}/users/profile" } My Account
+      %input{ name: '_method', value: 'DELETE', type: 'hidden' }
+      %button.btn.btn-default{ type: 'submit' }
+        / %i.ti-panel
+        Logout
+  - else
+    %ul.nav.navbar-top-links.navbar-right
+      %li
+        %a.btn.btn-link{ href: "#{settings.map_path}/auth/identity" }
+          Log In
+  .navbar-default.sidebar{ role: 'navigation' }
+    = haml :'partials/sidebar'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: proxes
 version: !ruby/object:Gem::Version
-  version: 0.9.2
+  version: 0.9.4
 platform: ruby
 authors:
 - Jurgens du Toit
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-02-06 00:00:00.000000000 Z
+date: 2018-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -457,6 +457,9 @@ files:
 - lib/proxes/forwarder.rb
 - lib/proxes/helpers/indices.rb
 - lib/proxes/loggers/elasticsearch.rb
+- lib/proxes/middleware/error_handling.rb
+- lib/proxes/middleware/metrics.rb
+- lib/proxes/middleware/security.rb
 - lib/proxes/models/permission.rb
 - lib/proxes/policies/permission_policy.rb
 - lib/proxes/policies/request/bulk_policy.rb
@@ -478,7 +481,6 @@ files:
 - lib/proxes/request/search.rb
 - lib/proxes/request/snapshot.rb
 - lib/proxes/request/stats.rb
-- lib/proxes/security.rb
 - lib/proxes/services/es.rb
 - lib/proxes/version.rb
 - migrate/20170209_permissions.rb
@@ -499,6 +501,9 @@ files:
 - public/manifest.json
 - src/scripts/app.js
 - startup.sh
+- views/index.haml
+- views/layout.haml
+- views/partials/navbar.haml
 - views/permissions/display.haml
 - views/permissions/edit.haml
 - views/permissions/form.haml
@@ -525,7 +530,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.5
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Rack wrapper around Elasticsearch to provide security and management features

data/lib/proxes/security.rb

@@ -1,89 +0,0 @@
-# frozen_string_literal: true
-
-require 'proxes/request'
-require 'proxes/policies/request_policy'
-require 'ditty/services/logger'
-require 'ditty/helpers/pundit'
-require 'ditty/helpers/authentication'
-require 'ditty/helpers/wisper'
-
-module ProxES
-  class Security
-    attr_reader :env, :logger
-
-    include Ditty::Helpers::Authentication
-    include Ditty::Helpers::Pundit
-    include Ditty::Helpers::Wisper
-    include Wisper::Publisher
-
-    def initialize(app, logger = nil)
-      @app = app
-      @logger = logger || ::Ditty::Services::Logger.instance
-    end
-
-    def error(message, code = 500)
-      headers = { 'Content-Type' => 'application/json' }
-      headers['WWW-Authenticate'] = 'Basic realm="security"' if code == 401
-      [code, headers, ['{"error":"' + message + '"}']]
-    end
-
-    def redirect(destination, code = 302)
-      [code, { 'Location' => destination}, []]
-    end
-
-    def check(request)
-      check_basic request
-      authorize request, request.request_method.downcase
-    rescue Pundit::NotAuthorizedError
-      return redirect '/_proxes/' if request.get_header('HTTP_ACCEPT') && request.get_header('HTTP_ACCEPT').include?('text/html')
-
-      log_action(:es_request_denied, details: "#{request.request_method.upcase} #{request.fullpath} (#{request.class.name})")
-      logger.debug "Access denied for #{current_user ? current_user.email : 'Anonymous User'} by security layer: #{request.request_method.upcase} #{request.fullpath} (#{request.class.name})"
-      error 'Not Authorized', 401
-    rescue ::Ditty::Helpers::NotAuthenticated
-      logger.warn "Access denied for unauthenticated request by security layer: #{request.request_method.upcase} #{request.fullpath} (#{request.class.name})"
-      error 'Not Authenticated', 401
-    rescue StandardError => e
-      raise e if env['RACK_ENV'] != 'production'
-      logger.error "Access denied for #{current_user ? current_user.email : 'Anonymous User'} by security exception: #{request.request_method.upcase} #{request.fullpath} (#{request.class.name})"
-      logger.error e
-      error 'Forbidden', 403
-    end
-
-    def forward(request)
-      start = Time.now.to_f
-      result = @app.call request.env
-      broadcast(:call_completed, request, Time.now.to_f - start) if result[0].to_i >= 200 && result[0].to_i < 300
-      result
-    rescue Errno::EHOSTUNREACH
-      error 'Could not reach Elasticsearch at ' + ENV['ELASTICSEARCH_URL']
-    rescue Errno::ECONNREFUSED
-      error 'Elasticsearch not listening at ' + ENV['ELASTICSEARCH_URL']
-    end
-
-    def log(request, stage)
-      logger.debug '============' + stage.ljust(56) + '============'
-      logger.debug '= ' + "Request: #{request.request_method} #{request.fullpath} (#{request.class.name})".ljust(76) + ' ='
-      logger.debug '= ' + "Endpoint: #{request.endpoint}".ljust(76) + ' ='
-      logger.debug '================================================================================'
-    end
-
-    def call(env)
-      @env = env
-
-      request = Request.from_env(env)
-      broadcast(:call_started, request)
-
-      log(request, 'BEFORE')
-      unless env['PROXES_PASSTHROUGH']
-        result = check(request)
-        return result if result.is_a?(Array) # Rack Response
-
-        request.index = policy_scope(request) if request.indices?
-        log(request, 'AFTER')
-      end
-
-      forward request
-    end
-  end
-end