query_console 0.1.0

data/app/views/query_console/queries/new.html.erb

@@ -0,0 +1,565 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Query Console</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <%= csrf_meta_tags %>
+  <meta name="turbo-refresh-method" content="morph">
+  <meta name="turbo-refresh-scroll" content="preserve">
+  
+  <style>
+    * {
+      box-sizing: border-box;
+    }
+    
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
+      margin: 0;
+      padding: 20px;
+      background: #f5f5f5;
+      color: #333;
+    }
+
+    .container {
+      max-width: 1400px;
+      margin: 0 auto;
+    }
+
+    .banner {
+      background: #fff3cd;
+      border: 1px solid #ffc107;
+      border-radius: 4px;
+      padding: 15px;
+      margin-bottom: 20px;
+      color: #856404;
+      position: relative;
+      transition: all 0.3s ease;
+    }
+
+    .banner.collapsed {
+      padding: 10px 15px;
+    }
+
+    .banner.collapsed .banner-content {
+      display: none;
+    }
+
+    .banner.collapsed h2 {
+      margin: 0;
+    }
+
+    .banner h2 {
+      margin: 0 0 10px 0;
+      font-size: 18px;
+      padding-right: 30px;
+    }
+
+    .banner p {
+      margin: 5px 0;
+      font-size: 14px;
+    }
+
+    .banner-toggle {
+      position: absolute;
+      top: 15px;
+      right: 15px;
+      background: transparent;
+      border: none;
+      color: #856404;
+      font-size: 20px;
+      cursor: pointer;
+      padding: 0;
+      width: 24px;
+      height: 24px;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      transition: transform 0.3s ease;
+    }
+
+    .banner-toggle:hover {
+      transform: scale(1.2);
+    }
+
+    .banner.collapsed .banner-toggle {
+      transform: rotate(180deg);
+    }
+
+    .main-layout {
+      display: grid;
+      grid-template-columns: 1fr 300px;
+      gap: 20px;
+    }
+
+    .editor-section {
+      background: white;
+      border-radius: 8px;
+      padding: 20px;
+      box-shadow: 0 2px 4px rgba(0,0,0,0.1);
+      transition: all 0.3s ease;
+    }
+
+    .editor-section.collapsed {
+      padding: 15px 20px;
+    }
+
+    .editor-section.collapsed .editor-content {
+      display: none;
+    }
+
+    .editor-header {
+      display: flex;
+      justify-content: space-between;
+      align-items: center;
+      margin-bottom: 15px;
+      position: relative;
+    }
+
+    .editor-section.collapsed .editor-header {
+      margin-bottom: 0;
+    }
+
+    .editor-header h3 {
+      margin: 0;
+      font-size: 20px;
+      flex-grow: 1;
+    }
+
+    .section-toggle {
+      background: transparent;
+      border: none;
+      color: #6c757d;
+      font-size: 18px;
+      cursor: pointer;
+      padding: 5px 10px;
+      margin-left: 10px;
+      transition: transform 0.3s ease, color 0.2s;
+      order: 1;
+    }
+
+    .section-toggle:hover {
+      color: #007bff;
+      transform: scale(1.2);
+    }
+
+    .collapsed .section-toggle {
+      transform: rotate(180deg);
+    }
+
+    .button-group {
+      display: flex;
+      gap: 10px;
+    }
+
+    .btn-primary, .btn-secondary, .btn-danger {
+      padding: 10px 20px;
+      border: none;
+      border-radius: 4px;
+      font-size: 14px;
+      cursor: pointer;
+      transition: all 0.2s;
+    }
+
+    .btn-primary {
+      background: #007bff;
+      color: white;
+    }
+
+    .btn-primary:hover:not(:disabled) {
+      background: #0056b3;
+    }
+
+    .btn-primary:disabled {
+      background: #6c757d;
+      cursor: not-allowed;
+    }
+
+    .btn-secondary {
+      background: #6c757d;
+      color: white;
+    }
+
+    .btn-secondary:hover {
+      background: #545b62;
+    }
+
+    .btn-danger {
+      background: #dc3545;
+      color: white;
+      font-size: 12px;
+      padding: 5px 10px;
+    }
+
+    .btn-danger:hover {
+      background: #c82333;
+    }
+
+    textarea {
+      width: 100%;
+      min-height: 200px;
+      padding: 15px;
+      border: 1px solid #ddd;
+      border-radius: 4px;
+      font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
+      font-size: 14px;
+      resize: vertical;
+      margin-bottom: 15px;
+    }
+
+    textarea:focus {
+      outline: none;
+      border-color: #007bff;
+      box-shadow: 0 0 0 3px rgba(0,123,255,0.1);
+    }
+
+    .history-section {
+      background: white;
+      border-radius: 8px;
+      padding: 20px;
+      box-shadow: 0 2px 4px rgba(0,0,0,0.1);
+      max-height: 800px;
+      overflow-y: auto;
+      transition: all 0.3s ease;
+    }
+
+    .history-section.collapsed {
+      padding: 15px 20px;
+      max-height: none;
+      overflow: visible;
+    }
+
+    .history-section.collapsed .history-content {
+      display: none;
+    }
+
+    .history-header {
+      display: flex;
+      justify-content: space-between;
+      align-items: center;
+      margin-bottom: 15px;
+      position: relative;
+    }
+
+    .history-section.collapsed .history-header {
+      margin-bottom: 0;
+    }
+
+    .history-header h3 {
+      margin: 0;
+      font-size: 18px;
+      flex-grow: 1;
+    }
+
+    .history-list {
+      list-style: none;
+      padding: 0;
+      margin: 0;
+    }
+
+    .history-item {
+      margin-bottom: 10px;
+    }
+
+    .history-item-button {
+      width: 100%;
+      background: #f8f9fa;
+      border: 1px solid #dee2e6;
+      border-radius: 4px;
+      padding: 10px;
+      text-align: left;
+      cursor: pointer;
+      transition: all 0.2s;
+    }
+
+    .history-item-button:hover {
+      background: #e9ecef;
+      border-color: #007bff;
+      transform: translateX(2px);
+    }
+
+    .history-item-sql {
+      font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
+      font-size: 12px;
+      color: #495057;
+      margin-bottom: 5px;
+      white-space: nowrap;
+      overflow: hidden;
+      text-overflow: ellipsis;
+    }
+
+    .history-item-time {
+      font-size: 11px;
+      color: #6c757d;
+    }
+
+    .empty-history {
+      color: #6c757d;
+      font-style: italic;
+      text-align: center;
+      padding: 20px;
+    }
+
+    @media (max-width: 768px) {
+      .main-layout {
+        grid-template-columns: 1fr;
+      }
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <!-- Security Banner - Collapsible -->
+    <div class="banner" id="security-banner" data-controller="collapsible" data-collapsible-key-value="banner">
+      <button class="banner-toggle" data-action="click->collapsible#toggle" title="Toggle banner">▼</button>
+      <h2>🔍 Read-Only SQL Query Console</h2>
+      <div class="banner-content">
+        <p><strong>Security Notice:</strong> This console is enabled only in development by default.</p>
+        <p>All queries are logged and restricted to read-only operations (SELECT statements only).</p>
+        <p>Multiple statements and write operations are blocked for security.</p>
+      </div>
+    </div>
+
+    <div class="main-layout">
+      <!-- SQL Editor Section - Collapsible -->
+      <%= form_with url: query_console.run_path, method: :post, data: { 
+        turbo_frame: "query-results",
+        controller: "editor",
+        action: "turbo:submit-end->editor#querySuccess turbo:frame-render->editor#querySuccess submit->editor#handleSubmit"
+      } do |f| %>
+        <div class="editor-section" id="editor-section" data-controller="collapsible" data-collapsible-key-value="editor">
+          <div class="editor-header">
+            <h3>SQL Editor</h3>
+            <div class="button-group">
+              <button type="button" data-action="click->editor#clear" data-editor-target="clearButton" class="btn-secondary">Clear</button>
+              <%= f.submit "Run Query", class: "btn-primary", data: { editor_target: "runButton" } %>
+            </div>
+            <button type="button" class="section-toggle" data-action="click->collapsible#toggle" title="Toggle editor">▼</button>
+          </div>
+
+          <div class="editor-content">
+            <%= f.text_area :sql, 
+              placeholder: "Enter your SELECT query here...\n\nExample:\nSELECT * FROM users LIMIT 10;",
+              data: { editor_target: "textarea" } %>
+
+            <!-- Turbo Frame for Results -->
+            <%= turbo_frame_tag "query-results", data: { editor_target: "results" } do %>
+              <div style="color: #6c757d; text-align: center; padding: 40px;">
+                <p>Enter a query above and click "Run Query" to see results here.</p>
+              </div>
+            <% end %>
+          </div>
+        </div>
+      <% end %>
+
+      <!-- Query History Section - Collapsible -->
+      <div class="history-section" id="history-section" data-controller="history collapsible" data-collapsible-key-value="history_section">
+        <div class="history-header">
+          <h3>Query History</h3>
+          <button data-action="click->history#clear" class="btn-danger">Clear</button>
+          <button class="section-toggle" data-action="click->collapsible#toggle" title="Toggle history">▼</button>
+        </div>
+        <div class="history-content">
+          <ul class="history-list" data-history-target="list">
+            <li class="empty-history">No query history yet</li>
+          </ul>
+        </div>
+      </div>
+    </div>
+  </div>
+
+  <!-- Load Hotwire and Stimulus from CDN -->
+  <script type="importmap">
+    {
+      "imports": {
+        "@hotwired/turbo-rails": "https://cdn.jsdelivr.net/npm/@hotwired/turbo@8.0.4/dist/turbo.es2017-esm.min.js",
+        "@hotwired/stimulus": "https://cdn.jsdelivr.net/npm/@hotwired/stimulus@3.2.2/dist/stimulus.min.js"
+      }
+    }
+  </script>
+
+  <!-- Load Stimulus controllers inline -->
+  <script type="module">
+    import * as Turbo from "@hotwired/turbo-rails"
+    import { Application, Controller } from "@hotwired/stimulus"
+    
+    // Make Turbo available globally
+    window.Turbo = Turbo
+    
+    const application = Application.start()
+    window.Stimulus = application
+    
+    // Collapsible Controller
+    class CollapsibleController extends Controller {
+      static values = { key: String }
+      
+      connect() {
+        this.storageKey = `query_console.${this.keyValue}_collapsed`
+        this.loadState()
+      }
+      
+      toggle(event) {
+        event.preventDefault()
+        this.element.classList.toggle('collapsed')
+        
+        const isCollapsed = this.element.classList.contains('collapsed')
+        localStorage.setItem(this.storageKey, isCollapsed ? 'true' : 'false')
+        event.target.textContent = isCollapsed ? '▲' : '▼'
+      }
+      
+      loadState() {
+        const isCollapsed = localStorage.getItem(this.storageKey) === 'true'
+        if (isCollapsed) {
+          this.element.classList.add('collapsed')
+          const button = this.element.querySelector('.section-toggle, .banner-toggle')
+          if (button) button.textContent = '▲'
+        }
+      }
+    }
+    
+    // History Controller
+    class HistoryController extends Controller {
+      static targets = ["list"]
+      static values = {
+        storageKey: { type: String, default: "query_console.history.v1" },
+        maxItems: { type: Number, default: 20 }
+      }
+      
+      connect() {
+        this.loadHistory()
+        document.addEventListener('editor:executed', (e) => this.add(e))
+      }
+      
+      add(event) {
+        const history = this.getHistory()
+        history.unshift({
+          sql: event.detail.sql.trim(),
+          timestamp: event.detail.timestamp
+        })
+        
+        const trimmed = history.slice(0, this.maxItemsValue)
+        localStorage.setItem(this.storageKeyValue, JSON.stringify(trimmed))
+        this.renderHistory(trimmed)
+      }
+      
+      load(event) {
+        event.preventDefault()
+        const sql = event.currentTarget.dataset.sql
+        document.dispatchEvent(new CustomEvent('history:load', { detail: { sql } }))
+      }
+      
+      clear(event) {
+        event.preventDefault()
+        if (confirm("Clear all query history?")) {
+          localStorage.removeItem(this.storageKeyValue)
+          this.renderHistory([])
+        }
+      }
+      
+      loadHistory() {
+        this.renderHistory(this.getHistory())
+      }
+      
+      getHistory() {
+        const stored = localStorage.getItem(this.storageKeyValue)
+        return stored ? JSON.parse(stored) : []
+      }
+      
+      renderHistory(history) {
+        if (history.length === 0) {
+          this.listTarget.innerHTML = '<li class="empty-history">No query history yet</li>'
+          return
+        }
+        
+        this.listTarget.innerHTML = history.map(item => `
+          <li class="history-item">
+            <button type="button" class="history-item-button" 
+              data-action="click->history#load"
+              data-sql="${this.escapeHtml(item.sql)}">
+              <div class="history-item-sql">${this.escapeHtml(this.truncate(item.sql, 100))}</div>
+              <div class="history-item-time">${this.formatTime(item.timestamp)}</div>
+            </button>
+          </li>
+        `).join('')
+      }
+      
+      truncate(str, length) {
+        return str.length > length ? str.substring(0, length) + '...' : str
+      }
+      
+      formatTime(timestamp) {
+        const date = new Date(timestamp)
+        const diff = Date.now() - date
+        if (diff < 60000) return 'just now'
+        if (diff < 3600000) return `${Math.floor(diff/60000)}m ago`
+        if (diff < 86400000) return `${Math.floor(diff/3600000)}h ago`
+        return date.toLocaleDateString()
+      }
+      
+      escapeHtml(text) {
+        const div = document.createElement('div')
+        div.textContent = text
+        return div.innerHTML
+      }
+    }
+    
+    // Editor Controller
+    class EditorController extends Controller {
+      static targets = ["textarea", "runButton"]
+      
+      connect() {
+        document.addEventListener('history:load', (e) => this.loadQuery(e.detail.sql))
+      }
+      
+      loadQuery(sql) {
+        this.textareaTarget.value = sql
+        this.textareaTarget.focus()
+        this.element.scrollIntoView({ behavior: 'smooth' })
+      }
+      
+      clear(event) {
+        event.preventDefault()
+        this.textareaTarget.value = ''
+        this.textareaTarget.focus()
+      }
+      
+      handleSubmit(event) {
+        const sql = this.textareaTarget.value.trim()
+        
+        if (!sql) {
+          event.preventDefault()
+          alert('Please enter a SQL query')
+          return
+        }
+        
+        // Store SQL for after execution
+        window._lastExecutedSQL = sql
+        
+        // Show loading state
+        this.runButtonTarget.disabled = true
+        this.runButtonTarget.value = 'Running...'
+        
+        // Let form submit naturally (Turbo will intercept it)
+      }
+      
+      querySuccess() {
+        this.runButtonTarget.disabled = false
+        this.runButtonTarget.value = 'Run Query'
+        
+        if (window._lastExecutedSQL) {
+          document.dispatchEvent(new CustomEvent('editor:executed', {
+            detail: {
+              sql: window._lastExecutedSQL,
+              timestamp: new Date().toISOString()
+            }
+          }))
+          delete window._lastExecutedSQL
+        }
+      }
+    }
+    
+    application.register("collapsible", CollapsibleController)
+    application.register("history", HistoryController)
+    application.register("editor", EditorController)
+  </script>
+</body>
+</html>

data/config/importmap.rb

@@ -0,0 +1,13 @@
+# Configure JavaScript module imports for QueryConsole engine
+# This uses importmap-rails to manage JavaScript dependencies without bundling
+
+# Pin Hotwire dependencies
+pin "@hotwired/turbo-rails", to: "turbo.min.js"
+pin "@hotwired/stimulus", to: "stimulus.min.js"
+pin "@hotwired/stimulus-loading", to: "stimulus-loading.js"
+
+# Pin application and controllers
+pin "query_console/application", to: "query_console/application.js"
+pin_all_from File.expand_path("../app/javascript/controllers/query_console", __dir__), 
+             under: "controllers/query_console", 
+             to: "query_console/controllers"

data/config/routes.rb

@@ -0,0 +1,4 @@
+QueryConsole::Engine.routes.draw do
+  root to: "queries#new"
+  post "run", to: "queries#run"
+end

data/lib/generators/query_console/install/README

@@ -0,0 +1,28 @@
+===============================================================================
+
+  QueryConsole has been installed!
+
+  Next steps:
+
+  1. Configure authorization in config/initializers/query_console.rb
+     You MUST set the authorize hook or access will be denied.
+
+  2. Mount the engine in your config/routes.rb:
+
+     mount QueryConsole::Engine, at: "/query_console"
+
+  3. Start your Rails server and visit:
+     http://localhost:3000/query_console
+
+  Security Notes:
+  - By default, only enabled in development environment
+  - Requires explicit authorization hook configuration
+  - All queries are logged with actor information
+  - Only SELECT/WITH queries allowed (read-only)
+  - Multiple statements blocked
+  - Results limited to prevent resource exhaustion
+
+  For more information, see:
+  https://github.com/JohnsonGnanasekar/query_console
+
+===============================================================================

data/lib/generators/query_console/install/install_generator.rb

@@ -0,0 +1,19 @@
+require 'rails/generators'
+
+module QueryConsole
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path('templates', __dir__)
+
+      desc "Creates a QueryConsole initializer in your application."
+
+      def copy_initializer
+        template "query_console.rb", "config/initializers/query_console.rb"
+      end
+
+      def show_readme
+        readme "README" if behavior == :invoke
+      end
+    end
+  end
+end

data/lib/generators/query_console/install/templates/query_console.rb

@@ -0,0 +1,61 @@
+# QueryConsole Configuration
+#
+# This initializer configures the QueryConsole engine for your application.
+# By default, the console is ONLY enabled in development environment.
+
+QueryConsole.configure do |config|
+  # Environments where the console is enabled
+  # Default: ["development"]
+  # Uncomment to enable in additional environments (use with caution!)
+  # config.enabled_environments = %w[development staging]
+
+  # Authorization hook - REQUIRED for security
+  # This lambda/proc receives the controller and must return true to allow access
+  # Default: nil (denies all access - you MUST configure this)
+  #
+  # Example with Devise:
+  # config.authorize = ->(controller) {
+  #   controller.current_user&.admin?
+  # }
+  #
+  # Example with basic authentication:
+  # config.authorize = ->(controller) {
+  #   controller.authenticate_or_request_with_http_basic do |username, password|
+  #     username == "admin" && password == Rails.application.credentials.query_console_password
+  #   end
+  # }
+  #
+  # For development without authentication (NOT RECOMMENDED FOR PRODUCTION):
+  # config.authorize = ->(_controller) { true }
+
+  # Track who ran each query (for audit logs)
+  # Default: ->(_controller) { "unknown" }
+  #
+  # config.current_actor = ->(controller) {
+  #   controller.current_user&.email || "anonymous"
+  # }
+
+  # Maximum number of rows to return
+  # Default: 500
+  # config.max_rows = 1000
+
+  # Query timeout in milliseconds
+  # Default: 3000 (3 seconds)
+  # config.timeout_ms = 5000
+
+  # Forbidden SQL keywords (in addition to defaults)
+  # Default includes: update, delete, insert, drop, alter, create, grant, revoke, truncate, etc.
+  # config.forbidden_keywords += %w[your_custom_keyword]
+
+  # Allowed query starting keywords
+  # Default: %w[select with]
+  # config.allowed_starts_with = %w[select with explain]
+end
+
+# IMPORTANT: Mount the engine in your routes.rb:
+#
+# Rails.application.routes.draw do
+#   mount QueryConsole::Engine, at: "/query_console"
+# end
+#
+# Then visit: http://localhost:3000/query_console